CVE-2016-10102 Hiteksoftware CVE debrief

Who should care

Organizations running Hitek Software Automize, especially administrators and operators who store SSH/SFTP credentials or encryption profile passwords in the product. Any team relying on Automize to protect automation secrets should treat this as a credential-exposure issue.

Technical summary

NVD maps the issue to CWE-326 (Inadequate Encryption Strength). The weakness is in how Automize protects stored passwords: encrypted credential material in sshProfiles.jsd and encryptionProfiles.jsd can be decrypted to recover cleartext passwords. NVD assigns CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H and a score of 8.1 (High).

Defensive priority

High. Any accessible Automize profile files should be treated as sensitive credential stores, because compromise can expose reusable SSH/SFTP and related profile passwords.

Recommended defensive actions

• Inventory all Automize installations and confirm whether they fall within the verified affected ranges: 10.x through 10.25 and 11.x through 11.14.
• Treat sshProfiles.jsd and encryptionProfiles.jsd as credential stores; restrict access, monitor for unauthorized reads, and rotate any passwords they contain.
• Upgrade or replace affected Automize versions using vendor-supported guidance if available; the supplied corpus does not include a remediation bulletin.
• Assume exposed credentials may be reusable elsewhere and reset SSH/SFTP and related profile passwords after containment.
• Review automation jobs and dependent systems for privilege impact if stored credentials were recovered.

Evidence notes

This debrief is based only on the supplied NVD CVE record and its listed references. The record explicitly describes weak encryption for SSH/SFTP and Encryption profile passwords, identifies the affected Automize version ranges, and lists CWE-326. No vendor patch note, fixed version, or remediation timeline was included in the supplied corpus.

Official resources