CVE-2020-10553 : Security Advisory and Response

An issue was discovered in Psyprax before 3.2.2 where the lockscreen hash file allows local users to bypass application lock.

Understanding CVE-2020-10553

This CVE identifies a vulnerability in Psyprax that enables local users to manipulate the lockscreen file, bypassing the application lock.

What is CVE-2020-10553?

The vulnerability in Psyprax before version 3.2.2 allows all local users to modify the lockscreen hash file, leading to the removal of the lockscreen and the application no longer being locked.

The Impact of CVE-2020-10553

The vulnerability poses a security risk as unauthorized users can bypass the application lock, potentially compromising sensitive information stored within the application.

Technical Details of CVE-2020-10553

This section provides detailed technical information about the vulnerability.

Vulnerability Description

The file %PROGRAMDATA%\Psyprax32\PPScreen.ini contains a hash for the lockscreen of the application. Removing this entry disables the lockscreen, allowing local users to modify the file.

Affected Systems and Versions

Product: Psyprax
Vendor: N/A
Versions affected: All versions before 3.2.2

Exploitation Mechanism

Local users can exploit the vulnerability by manipulating the lockscreen hash file, thereby bypassing the application lock.

Mitigation and Prevention

Protect your system from CVE-2020-10553 with the following steps:

Immediate Steps to Take

Update Psyprax to version 3.2.2 or later to mitigate the vulnerability.
Restrict access to the lockscreen hash file to authorized users only.

Long-Term Security Practices

Regularly monitor and audit file permissions and access controls on critical system files.
Educate users on the importance of maintaining the security of sensitive application files.

Patching and Updates

Stay informed about security updates and patches released by Psyprax to address vulnerabilities like CVE-2020-10553.