KrCERT reported an information-disclosure vulnerability in Yetisoft VestCert, software used for certificate-based login to enterprise and institutional services. Attackers could exploit the flaw to steal or delete public-certificate data from user PCs, so organizations should remove the affected component with Yetisoft's deletion tool and rely on patched installers distributed after January 2024. The source provides mitigation guidance for a Korean authentication component and does not attribute the issue to DPRK activity.