Abacre Restaurant Point of Sale Insecure Storage

Abacre Restaurant Point of Sale (POS) suffers from a significant Abacre Restaurant Point of Sale (POS) suffers from a significant security vulnerability: insecure data storage. The software stores highly sensitive information, including customer credit card numbers, employee details, and administrative passwords, in easily accessible formats.

Often, this data resides in plaintext or weakly encrypted forms within its local database files (e.g., Access or SQLite databases). This lack of robust encryption and access control means that anyone with local access to the POS system, or even through certain malware, can readily extract confidential information. Such insecure storage poses a severe risk of data breaches, financial fraud, and identity theft, compromising both customer privacy and business security.

Title: Cleartext Storage of Sensitive Information in Memory in Abacre Restaurant Point of Sale

Description: All versions of Abacre Restaurant Point of Sale (POS) up to 15.0.0.1656 are vulnerable to Cleartext Storage of Sensitive Information in Memory. The application leaves valid device-bound license keys in process memory during an activation attempt. The keys can be obtained by attaching the process to a debugger and analyzing the process/memory dump, then they can be used to activate the software on the same machine without purchasing.

Source URL: https://github.com/Smarttfoxx/CVE-2025-65320

Source Name/Email: Ivan Oliveira (This email address is being protected from spambots. You need JavaScript enabled to view it.)

CVEs: CVE-2025-65320

Software URL: https://www.abacre.com/restaurantpos/