Product: ntfstool
Affected Version: 3.5.1
Severity: High

Vulnerability Details

Description: A critical security vulnerability has been identified in ntfstool version 3.5.1. The vulnerability arises from the presence of a hardcoded password in the application’s configuration file. Specifically, the file /Users/user/Library/Application Support/ntfs-tool/config.json contains the field "sudoPwd": "toor", which stores the sudo password in plaintext. This allows potential attackers with access to the configuration file to gain unauthorized elevated privileges.