CVE-2022-48228
Description
An issue was discovered in Acuant AsureID Sentinel before 5.2.149. It uses the root of the C: drive for the i-Dentify and Sentinel Installer log files, aka CORE-7362.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Acuant AsureID Sentinel before 5.2.149 uses the C: drive root for installer and i-Dentify log files, allowing unauthorized access.
Vulnerability
Acuant AsureID Sentinel versions prior to 5.2.149 store the i-Dentify and Sentinel Installer log files in the root of the C: drive (C:\), rather than in a secure, restricted directory. This misconfiguration exposes log data to any user or process with read access to the file system root [1].
Exploitation
An attacker with local access to the system, such as a low-privileged user or malware running under a limited account, can navigate to C:\ and read the log files. No additional authentication or special privileges are required beyond local file system access [1].
Impact
Successfully reading the log files can lead to disclosure of sensitive information, such as internal system paths, user names, or other operational data recorded during installation or normal operation of the i-Dentify service. This information disclosure may aid further attacks against the system [1].
Mitigation
Acuant AsureID Sentinel version 5.2.149 and later fix this issue by storing log files in a secure location. Users should upgrade to the latest version. No workaround is documented in the available references [1].
AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Acuant/AsureID Sentineldescription
- Range: <5.2.149
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2News mentions
0No linked articles in our index yet.