Product: NTFS Tool

Affected Version: 3.5.1

Severity: Medium

Vulnerability Details Description: A vulnerability has been identified in NTFS Tool version 3.5.1 due to the insecure storage of sensitive information (CWE-922). The application’s password is not securely stored, allowing an attacker to gain access to it.

Impact: Exploiting this vulnerability could allow an attacker with access to the system to retrieve the application password, potentially leading to unauthorized access and actions.

Steps to Reproduce:

1. Install NTFS Tool version 3.5.1.

2. Locate the configuration file at the specified path.

3. Access the file to retrieve the password.

4. Use the password to gain unauthorized access or control. Reference:

• Insecure storage of sensitive information in ntfs-tool - INCIBE

• CVE-2025-2489

• INCIBE-2025-0143