#############################################################
#
# COMPASS SECURITY ADVISORY
# https://www.compass-security.com/research/advisories/
#
#############################################################
#
# Product:  timeCard - 6.05.07 [1]
# Vendor:   Reiner SCT [2]
# CSNC ID:  CSNC-2021-012
# CVE ID:   CVE-2021-33583
# Subject:  Hardcoded Credentials
# Risk:     High
# Effect:   Remotely exploitable
# Author:   Philipp Mao <philipp.mao@compass-security.com>
# Date:     2021-9-1
#
#############################################################

Introduction:
-------------
TimeCard is a software to for time recording.
TimeCard 6.05.07 contains a hardcoded password for the SQL server, which is installed by the application.

Affected:
---------
Vulnerable:
timeCard = 6.05.07 (lower versions may also be affected)
 
Technical Description
---------------------
The password is found in the TCServer.jar file in the com.reinersct.server.dao.db.InstRepGen.PASSWORD() function.
Since the SQL servers port is exposed it is then possible to connect to the SQL server remotly as the sa user and execute shell commands.

Workaround / Fix:
-----------------
timeCard 6.05.07 is deprecated, instead timeCard 10 should be used.

Timeline:
---------
2021-05-18:     Discovery by Philipp Mao
2021-05-21:     Initial vendor notification/response 
2021-05-25: 	No fix will be released for deprecated software
2021-05-26: 	Assigned CVE-2021-33583
2021-09-01:     Public disclosure 3 months after vendor notification

References:
-----------
[1] https://www.reiner-sct.com/timecard-update
[2] https://www.reiner-sct.com/