June 15, 2021

CollabNet ScrumWorks Basic Server transmits credential information in plaintext

The communication between the CollabNet ScrumWorks Basic Server and CollabNet ScrumWorks Desktop Client is transmitting credential information in plaintext.

With reference to US-CERT vulnerability note (VU#547167), The CollabNet ScrumWorks Basic Server communicates with the CollabNet ScrumWorks Desktop Client using unencrypted java objects. These unencrypted java objects contain the username and password of the active user or (by calling specific functions) all users on the CollabNet ScrumWorks Basic Server.

An additional vulnerability exists in CollabNet ScrumWorks where the ScrumWorks Basic Server stores unencrypted client username and passwords in its internal database.

The vulnerability has been reported by David Elze from Daimler TSS Technical Security.