CVE-2026-23635

import socket # Proof of Concept (PoC) for checking unencrypted credential transmission # This script simulates a basic check to see if the target accepts plaintext credentials # Note: Actual exploitation requires a Man-in-the-Middle (MitM) position to capture traffic. def check_plaintext_auth(target_host, target_port=80): print(f"[*] Checking {target_host}:{target_port} for potential plaintext transmission...") # Simulate a basic HTTP POST request often used in forms # In a vulnerable scenario, this might be sent over HTTP instead of HTTPS payload = "username=testuser&password=testpass" try: # Establish a raw TCP connection to simulate lack of encryption enforcement s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) s.settimeout(5) s.connect((target_host, target_port)) # Construct a simple HTTP request request = f"POST /login HTTP/1.1\r\n" request += f"Host: {target_host}\r\n" request += "Content-Type: application/x-www-form-urlencoded\r\n" request += f"Content-Length: {len(payload)}\r\n" request += "\r\n" request += payload # Send the request s.send(request.encode()) # Receive response headers response = s.recv(1024) if response: print("[+] Connection established and data sent.") print("[!] Warning: If this port is HTTP (80) and credentials are accepted here, they are transmitted in plaintext.") print("[*] Use Wireshark/Tcpdump on the network interface to verify credential visibility.") except Exception as e: print(f"[-] Connection error: {e}") finally: s.close() if __name__ == "__main__": # Replace with the actual target IP or Hostname target = "192.168.1.10" check_plaintext_auth(target)

{"cve": {"id": "CVE-2026-23635", "sourceIdentifier": "[email protected]", "published": "2026-03-25T17:16:35.480", "lastModified": "2026-03-27T19:16:29.210", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Kiteworks is a private data network (PDN). In Kiteworks Secure Data Forms prior to version 9.2.1, a misconfiguration of the security attributes could potentially lead to Unprotected Transport of Credentials under certain circumstances. Upgrade Kiteworks to version 9.2.1 or later to receive a patch."}, {"lang": "es", "value": "Kiteworks es una red de datos privada (PDN). En Kiteworks Secure Data Forms anteriores a la versión 9.2.1, una mala configuración de los atributos de seguridad podría potencialmente conducir a un Transporte de Credenciales No Protegido bajo ciertas circunstancias. Actualice Kiteworks a la versión 9.2.1 o posterior para recibir un parche."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N", "baseScore": 6.5, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.2, "impactScore": 4.2}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N", "baseScore": 6.5, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.2, "impactScore": 4.2}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-523"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:accellion:kiteworks:*:*:*:*:*:*:*:*", "versionEndExcluding": "9.2.1", "matchCriteriaId": "30A78D6E-2376-4B2C-B4AD-499D1DF88E34"}]}]}], "references": [{"url": "https://github.com/kiteworks/security-advisories/security/advisories/GHSA-9hw2-6qp4-3v8f", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}