CVE-2024-45744 is a security vulnerability affecting TopQuadrant's TopBraid EDG product, specifically version 7.1.3. The vulnerability arises from the insecure storage of external credentials within the application. TopBraid EDG stores encrypted external passwords in the file edg-vault.properties; however, the encryption key or secret required to decrypt these passwords is stored in plaintext in the edg-setup.properties file. An attacker who has authenticated access and can read the file system can retrieve the secret from edg-setup.properties and then decrypt the stored passwords in edg-vault.properties. This vulnerability is classified under CWE-257 (Storing Passwords in a Recoverable Format) and CWE-312 (Cleartext Storage of Sensitive Information). Exploitation requires prior authenticated access and file system read permissions, which may be obtained through other vulnerabilities such as CVE-2024-45745. The vulnerability does not require user interaction and has a CVSS v3.1 base score of 3.0, indicating low severity. The impact is limited to confidentiality, with no direct effect on integrity or availability. Later versions of TopBraid EDG (7.3 and above) mitigate this risk by integrating with HashiCorp Vault, which avoids local storage of external passwords, and version 8.3.0 introduces warnings when plain text secrets are used. There are no known exploits in the wild at this time.

For European organizations using TopBraid EDG version 7.1.3, this vulnerability poses a risk to the confidentiality of external credentials stored by the application. If an attacker gains authenticated access and file system read permissions—potentially through chaining with other vulnerabilities—they could decrypt and misuse these credentials. This could lead to unauthorized access to connected external systems or services, potentially exposing sensitive data or enabling further lateral movement within the network. While the direct impact is limited to credential disclosure, the compromised credentials could facilitate more severe attacks depending on the privileges associated with those credentials. Given that TopBraid EDG is used for enterprise data governance and metadata management, exposure of credentials could undermine data security and compliance efforts. The low CVSS score reflects the requirement for prior authenticated access and file system permissions, limiting the attack surface. However, organizations with weak internal access controls or insufficient segmentation may face higher risks.

European organizations should upgrade TopBraid EDG to version 7.3 or later, which integrates HashiCorp Vault for secure external password management, eliminating local storage of sensitive credentials. If immediate upgrade is not feasible, organizations should restrict file system access to only trusted administrators and monitor for unauthorized access attempts. Implement strict access controls and auditing on servers running TopBraid EDG to detect suspicious activity. Additionally, organizations should review and patch any related vulnerabilities such as CVE-2024-45745 that could provide attackers with file system access. Employ network segmentation to limit exposure of critical systems and credentials. Consider rotating external credentials stored in TopBraid EDG after applying mitigations. Finally, enable logging and alerting on access to sensitive configuration files to detect potential exploitation attempts early.