IBM Spectrum Control Weak Encryption Vulnerability

IBM Spectrum Control formerly known as Tivoli Storage Productivity Center is a suite of storage resource management software from International Business Machines IBM. The software provides monitoring, automation and analysis for multiple storage systems. IBM Spectrum Control version 5.4 suffers...

The vulnerability of the PRNG generator in the development environment for programming CODESYS V3 applications, related to the use of cryptographic algorithms with defects, allows a hacker to decrypt and modify the loaded code.

The vulnerability of the PRNG generator used in the development environment for CODESYS V3 applications is related to the use of cryptographic algorithms that contain vulnerabilities. Exploiting this vulnerability could allow a malicious actor, operating remotely, to decrypt and modify the loaded...

CVE-2022-20513

In decrypt12 of CryptoPlugin.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID:...

PT-2022-14726 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android versions Android-13 Description: The issue is related to a possible out of bounds read in the decrypt 1 2 function of CryptoPlugin.cpp due to a missing bounds check. This could lead to local information disclosure without requiring...

CVE-2022-2660

Delta Industrial Automation DIALink versions 1.4.0.0 and prior are vulnerable to the use of a hard-coded cryptographic key which could allow an attacker to decrypt sensitive data and compromise the machine...

CVE-2022-46142

Affected devices store the CLI user passwords encrypted in flash memory. Attackers with physical access to the device could retrieve the file and decrypt the CLI user passwords...

SICK RFU61x 加密问题漏洞

The SICK RFU61x is the smallest read/write device in the SICK UHF portfolio from SICK. It is ideally suited for IoT applications directly on workpieces or components. A security vulnerability exists in the SICK RFU61x firmware version prior to v2.25, which stems from the fact that the use of a...

PT-2022-27990 · Sick · Sick Rfu62X

Name of the Vulnerable Software and Affected Versions: SICK RFU62x firmware versions prior to 2.21 Description: The issue is related to the use of a broken or risky cryptographic algorithm, allowing a low-privileged remote attacker to decrypt encrypted data if weak cipher suites are used for...

Trojan-Dropper.Win32.Decay.dxv (CyberGate 1.00.0) MVID-2022-0664 Insecure Proprietary Password Encryption

Discovery / credits: Malvuln John Page aka hyp3rlinx c 2022 Original source: https://malvuln.com/advisory/618f28253d1268132a9f10819a6947f2.txt Contact: [email protected] Media: twitter.com/malvuln Backup media: infosec.exchange/@malvuln Threat: Trojan-Dropper.Win32.Decay.dxv CyberGate v1.00.0...

CVE-2022-34361

IBM Sterling Secure Proxy 6.0.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 230522...

PT-2022-22130 · Ibm · Ibm Cics Tx

Name of the Vulnerable Software and Affected Versions: IBM CICS TX version 11.1 Description: The issue is related to the use of weaker than expected cryptographic algorithms, which could allow an attacker to decrypt highly sensitive information. Recommendations: For IBM CICS TX version 11.1, upda...

Windows Gather Navicat Passwords

This module will find and decrypt stored Navicat passwords. Module Options msf use post/windows/gather/credentials/navicat msf postnavicat show actions ...actions... msf postnavicat set ACTION msf postnavicat show options ...show and set options... msf postnavicat run This module requires...

CVE-2022-38117

Juiker app hard-coded its AES key in the source code. A physical attacker, after getting the Android root privilege, can use the AES key to decrypt users’ ciphertext and tamper with it...

CVE-2022-38117

The CVE-2022-38117 entry describes Juiker app hard-coding an AES key in its source code. A to-the-point consequence is that a physical attacker who gains Android root privileges can use the embedded key to decrypt users’ ciphertext and tamper with it. The connected documents confirm the root-caus...

Windows Gather MobaXterm Passwords

This module will determine if MobaXterm is installed on the target system and, if it is, it will try to dump all saved session information from the target. The passwords for these saved sessions will then be decrypted where possible, using the decryption information that HyperSine reverse...

Blink1Control2 2.2.7 - Weak Password Encryption

// Exploit Title: Blink1Control2 2.2.7 - Weak Password Encryption // Date: 2022-08-12 // Exploit Author: p1ckzi // Vendor Homepage: https://thingm.com/ // Software Link: https://github.com/todbot/Blink1Control2/releases/tag/v2.2.7 // Vulnerable Version: blink1control2 !/usr/bin/env node const...

CVE-2022-30683

Adobe Experience Manager versions 6.5.13.0 and earlier is affected by a Violation of Secure Design Principles vulnerability that could lead to bypass the security feature of the encryption mechanism in the backend . An attacker could leverage this vulnerability to decrypt secrets, however, this i...

Denial Of Service (DoS)

jose is vulnerable to denial of service. The vulnerability exists in the multiple functions in decrypt.ts due to not limiting the computational expense of default PBES2 algorithm, allowing an attacker to crash the application by providing malicious input...

CVE-2022-29053

A missing cryptographic steps vulnerability CWE-325 in the functions that encrypt the keytab files in FortiOS version 7.2.0, 7.0.0 through 7.0.5 and below 7.0.0 may allow an attacker in possession of the encrypted file to decipher it...

Blue Prism Enterprise 安全漏洞

Blue Prism Enterprise is an intelligent robotic process automation RPA software from Blue Prism UK. A security vulnerability exists in Blue Prism Enterprise versions 6.0 through 7.01 that stems from the possibility that an authenticated user could reverse engineer the Blue Prism software to...