A saved encryption key in the Uninstaller in Digital Guardian's Agent before version 7.9.4 allows a local attacker to retrieve the uninstall key and remove the software by extracting the uninstaller key from the memory of the uninstaller file.CreditsJ. Kruchem (SEC Consult Vulnerability Lab)B. Gründling (SEC Consult Vulnerability Lab)D. Hirschberger (SEC Consult Vulnerability Lab)Referenceshttps://www.fortra.com/securityhttps://r.sec-consult.com/fortrahttp://seclists.org/fulldisclosure/2023/Nov/14http://packetstormsecurity.com/files/175956/Fortra-Digital-Guardian-Agent-Uninstaller-Cross-Site-Scripting-UninstallKey-Cached.html
