LS ELECTRIC PLC and XG5000 (Update A)

1. EXECUTIVE SUMMARY CVSS v3 6.5 ATTENTION: Exploitable remotely/low attack complexity Vendor : LS ELECTRIC, LS Industrial Systems LSIS Co. Ltd Equipment: LS ELEC PLC and XG5000 Vulnerability: Inadequate Encryption Strength 2. UPDATE This updated advisory is a follow-up to the original advisory...

CLSA-2022-1660238929 Fixed CVE-2022-2097 in openssl

CVE-2022-2097: Fix AES OCB encrypt/decrypt for x86 AES-NI...

CVE-2021-22640 Ovarro TBox Insufficiently Protected Credentials

An attacker can decrypt the Ovarro TBox login password by communication capture and brute force attacks...

CVE-2021-22640

CVE-2021-22640 affects Ovarro TBox RTUs (LT2, MS-CPU32, MS-CPU32-S2, RM2, TG2) and pre-12.4/TWinSoft firmware ≤ 1.46. It discloses credentials: login passwords can be decrypted via network traffic capture and brute force attempts. ICS Advisory ICSA-21-054-04 confirms remote/exploit potential and ...

PT-2022-9257 · Ovarro · Ovarro Tbox

Name of the Vulnerable Software and Affected Versions: Ovarro TBox affected versions not specified Description: An attacker can decrypt the Ovarro TBox login password by capturing communication and using brute force attacks. Recommendations: At the moment, there is no information about a newer...

CVE-2022-22453

IBM Security Verify Identity Manager 10.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 224919...

CVE-2022-2393

A flaw was found in pki-core, which could allow a user to get a certificate for another user identity when directory-based authentication is enabled. This flaw allows an authenticated attacker on the adjacent network to impersonate another user within the scope of the domain, but they would not b...

UBUNTU-CVE-2022-2393

A flaw was found in pki-core, which could allow a user to get a certificate for another user identity when directory-based authentication is enabled. This flaw allows an authenticated attacker on the adjacent network to impersonate another user within the scope of the domain, but they would not b...

Exploit for Use of a Broken or Risky Cryptographic Algorithm in Blink1 Blink1Control2

blink1-pass-decrypt ⭐ poc and simple script designed for rever...

CVE-2022-25806

An issue was discovered in the IGEL Universal Management Suite UMS 6.07.100. A hardcoded DES key in the PrefDBCredentials class allows an attacker, who has discovered encrypted superuser credentials, to decrypt those credentials using a static 8-byte DES key...

CVE-2022-25806

An issue was discovered in the IGEL Universal Management Suite UMS 6.07.100. A hardcoded DES key in the PrefDBCredentials class allows an attacker, who has discovered encrypted superuser credentials, to decrypt those credentials using a static 8-byte DES key...

JavaEZ 加密问题漏洞

JavaEZ is a library. New functions have been added to make Java easier. A security vulnerability exists in JavaEZ version 1.6, which can be exploited by an unauthorized attacker to forcibly decrypt locked text...

GHSA-CWXX-GWWJ-PQJQ Jenkins Perforce Plugin uses ineffective credentials encryption

An exposure of sensitive information vulnerability exists in Jenkins Perforce Plugin version 1.3.36 and older in PerforcePasswordEncryptor.java that allows attackers with local file system access to obtain encrypted Perforce passwords and decrypt them...

CVE-2022-28164

Brocade SANnav before SANnav 2.2.0 application uses the Blowfish symmetric encryption algorithm for the storage of passwords. This could allow an authenticated attacker to decrypt stored account passwords...

CVE-2022-28164

Brocade SANnav before SANnav 2.2.0 application uses the Blowfish symmetric encryption algorithm for the storage of passwords. This could allow an authenticated attacker to decrypt stored account passwords...

GHSA-GQ26-CPQ6-W85R SaltStack RSA Key Generation allows remote users to decrypt communications

SaltStack RSA Key Generation allows remote users to decrypt communications...

CVE-2022-22368

IBM Spectrum Scale 5.1.0 through 5.1.3.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 221012...

Hardcoded credentials

A hardcoded cryptographic key in Automation360 22 allows an attacker to decrypt exported RPA packages...

CVE-2022-29856

A hardcoded cryptographic key in Automation360 22 allows an attacker to decrypt exported RPA packages...

Automation 360 信任管理问题漏洞

Automation 360 is a cloud-native end-to-end intelligent automation platform. A security vulnerability exists in Automation 360 version 22 that stems from a hard-coded encryption key that can decrypt exported RPA packages...