CVE-2024-45744 LOW

CVE-2024-45744: TopQuadrant TopBraid EDG password manager stores external credentials insecurely

Vendor Topquadrant
Product TopBraid EDG
Weakness CWE-257
Published September 27, 2024
Last update October 2, 2025

CVSS base score

3.0/10
Attack vector Network
Attack complexity High
Privileges required High
User interaction None
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N

What the vulnerability does

01Description

TopQuadrant TopBraid EDG stores external credentials insecurely. An authenticated attacker with file system access can read edg-setup.properites and obtain the secret to decrypt external passwords stored in edg-vault.properties. An authenticated attacker could gain file system access using a separate vulnerability such as CVE-2024-45745. At least version 7.1.3 is affected. Version 7.3 adds HashiCorp Vault integration that does not store external passwords locally. Version 8.3.0 warns when using plain text secrets.

Key dates

02Disclosure timeline

September 27, 2024 CVE published
October 2, 2025 Record updated