CVE-2005-0809

2005-03-2005:00:00

mitre

www.cve.org

AI Score

6.6

Confidence

Low

EPSS

0.011

Percentile

84.3%

JSON

NotifyLink, when configured for client key retrieval, allows remote attackers to obtain AES keys via a direct request to /hwp/get.asp, then uses a weak encryption scheme (fixed byte reordering) to protect the key, which allows remote attackers to obtain the key via a brute force attack.

References

secunia.com/advisories/14617

www.kb.cert.org/vuls/id/581068

www.securityfocus.com/bid/12843