# CVE-2022-45546

## About the Application

ScreenCheck BadgeMaker is a suite of applications that allow clients to design, create and operate identity badges. The suite consists of:

* BadgeMaker Identity. Application used to authenticate into the Share Server database and manage information inside.
* BadgeMaker Design. Responsible for designing and creating badges.
* BadgeMaker Share Server. Database server responsible for holding all of the information stored in badges.

## About the Finding

BadgeMaker v2.6.2.0 and below allow unencrypted plain-text traffic to flow in the network. The design choice of transmitting information create an opportunity for internal personnel to sniff the traffic, thus allowing obtaining credentials used to authenticate into the Share Server and viewing information exchanged between Share Server database and Identity client.

## Proof of Concept

For the simplicity of vulnerability, not much is required besides basic knowledge of Wireshark. Example below will provide a look of how the traffic looks when attempting to authenticate using incorrect credentials and correct credentials. 

Some of the information has been redacted for obvious reasons.

### Incorrect Credentials

<figure><img src="/files/Uf47FeG1aviBM2SJSj9g" alt=""><figcaption><p>Attempting to authenticate using incorrect credentials</p></figcaption></figure>

<figure><img src="/files/bL2MHQSf1DJeCBYVvsvz" alt=""><figcaption><p>Snooping traffic between Share Server and Identity</p></figcaption></figure>

### Correct Credentials

<figure><img src="/files/0g84gO4V5wZlxFxR3yS7" alt=""><figcaption><p>Attempting to authenticate using correct credentials</p></figcaption></figure>

<figure><img src="/files/f4p07QafU6h8tR3VYkwD" alt=""><figcaption><p>Snooping traffic between Share Server and Identity </p></figcaption></figure>

## Conclusion

There is no reason to have plain-text unencrypted traffic flowing freely in the traffic, especially when it comes to credentials and sensitive information. Implementing encryption is a necessity. Until the security feature is implemented, isolate Share Server database and Identity clients from the rest of the network to mitigate information disclosure vulnerability.

<figure><img src="/files/WqYCUy03olWDLxCNkzwu" alt=""><figcaption></figcaption></figure>

{% embed url="<https://nvd.nist.gov/vuln/detail/CVE-2022-45546>" %}


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://lgnas.gitbook.io/findings/cve-2022-45546.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.