PatchSiren cyber security CVE debrief
CVE-2016-10101 Hiteksoftware CVE debrief
CVE-2016-10101 is an information disclosure issue in Hitek Software Automize 10.x and 11.x. According to the CVE description, a user with the Read attribute on passManager.jsd may be able to recover the encrypted password used to access the Password Manager. NVD assigns the issue a CVSS 3.0 score of 8.1 (High) and lists multiple affected Automize 10.x and 11.x builds.
- Vendor
- Hiteksoftware
- Product
- CVE-2016-10101
- CVSS
- HIGH 8.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2017-01-23
- Original CVE updated
- 2026-05-13
- Advisory published
- 2017-01-23
- Advisory updated
- 2026-05-13
Who should care
Administrators and operators of Hitek Software Automize installations, especially environments that store sensitive credentials in the Password Manager or where file-read permissions on passManager.jsd may be broader than intended.
Technical summary
The vulnerable component is passManager.jsd in Automize. The disclosed condition is an information disclosure flaw: if an attacker has Read access to the file, they may be able to recover the encrypted password used by the Password Manager. NVD’s affected CPE list covers Automize 10.x and 11.x builds, including the specific versions enumerated in the record. The available source material does not state a vendor fix or patched version.
Defensive priority
High. The issue can expose credentials used by the Password Manager, which can lead to unauthorized access if the stored password is recovered. Prioritize inventory, permission review, and credential rotation for any impacted deployments.
Recommended defensive actions
- Inventory Hitek Software Automize deployments and confirm whether any instance matches the affected 10.x or 11.x versions listed in NVD.
- Review access controls on passManager.jsd and related Automize files to ensure only intended administrators can read them.
- If exposure is possible, rotate any Password Manager credentials that may be stored in or derived from the affected file.
- Investigate whether sensitive credentials were stored in the Password Manager on affected systems and assess downstream impact.
- Track the official CVE/NVD record and vendor guidance for any remediation updates or version-specific fixes.
Evidence notes
This debrief is based only on the supplied CVE/NVD corpus and the referenced CVE record and third-party advisory links. The key evidence is the CVE description stating that users with Read access can recover the encrypted Password Manager password from passManager.jsd, plus NVD’s affected-version listing for Automize 10.x and 11.x. No exploit steps, vendor fix details, or unprovided assumptions are included. The NVD record is marked Modified, but the CVE publication date remains 2017-01-23 per the supplied timeline.
Official resources
-
CVE-2016-10101 CVE record
CVE.org
-
CVE-2016-10101 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
-
Mitigation or vendor reference
[email protected] - Third Party Advisory
Publicly disclosed on 2017-01-23. The supplied NVD source was last modified on 2026-05-13, which should not be treated as the original issue date.