Incorrect Permission Assignment for Critical Resource
The AccuPOS Point Of Sale Application is installed with the insecure "Authenticated Users: Modify" permission for files within the installation path. This may allow local attackers to compromise the integrity of critical resource and executable files.
AccuPOS has not remediated the vulnerability.
02-27-2018 - Disclosed to Vendor 03-27-2018 - Follow up via Email 04-09-2018 - No response from vendor 06-03-2018 - Publicly disclosed at BSides ATL
Offensive Minded Security Exploit Development