The remote CodeMeter runtime server uses a predictable encryption key for secure communication. An unauthenticated, remote attacker, can exploit this, to communicate with the CodeMeter API.
Note that this plugin requires the system time on the scanner to be synchronized with the remote host. If the system times on the scanner and the remote host are off too much, the plugin may fail to detect the vulnerability.
Binary data codemeter_cve-2020-14517.nbin
Vendor | Product | Version | CPE |
---|---|---|---|
wibu | codemeter_runtime | cpe:/a:wibu:codemeter_runtime |