CVE-2021-33484

An issue was discovered in CommentsService.ashx in OnyakTech Comments Pro 3.8. An attacker can download a copy of the installer, decompile it, and discover a hardcoded IV used to encrypt the username and userid in the comment POST request. Additionally, the attacker can decrypt the encrypted...

Hardcoded credentials

An issue was discovered in CommentsService.ashx in OnyakTech Comments Pro 3.8. An attacker can download a copy of the installer, decompile it, and discover a hardcoded IV used to encrypt the username and userid in the comment POST request. Additionally, the attacker can decrypt the encrypted...

CVE-2021-36234

Use of a hard-coded cryptographic key in MIK.starlight 7.9.5.24363 allows local users to decrypt credentials via unspecified vectors...

CVE-2021-36234

Use of a hard-coded cryptographic key in MIK.starlight 7.9.5.24363 allows local users to decrypt credentials via unspecified vectors...

Hardcoded credentials

Use of a hard-coded cryptographic key in MIK.starlight 7.9.5.24363 allows local users to decrypt credentials via unspecified vectors...

CVE-2021-36234

CVE-2021-36234 affects the MIK.starlight 7.9.5.24363 release. The root cause is a hard-coded cryptographic key , which could allow local attackers to decrypt credentials via unspecified vectors. The impact described across sources indicates a confidential data exposure risk (credentials decrypted...

MIK.starlight 信任管理问题漏洞

MIK.starlight is the departmental access and creation dashboard, reporting and planning environment. A security vulnerability exists in MIK.starlight version 7.9.5.24363, which stems from the use of hard-coded keys in the software, which allows an attacker to decrypt credentials via an unspecifie...

CVE-2021-29723

IBM Sterling Secure Proxy 6.0.1, 6.0.2, 2.4.3.2, and 3.4.3.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-ForceID: 201100...

Code injection

IBM Sterling Secure Proxy 6.0.1, 6.0.2, 2.4.3.2, and 3.4.3.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 201095...

PT-2021-18432 · Ibm · Ibm Sterling Secure Proxy

Name of the Vulnerable Software and Affected Versions: IBM Sterling Secure Proxy versions 2.4.3.2, 3.4.3.2, 6.0.1, and 6.0.2 Description: The issue is related to the use of weaker than expected cryptographic algorithms, which could allow an attacker to decrypt highly sensitive information...

DEBIAN-CVE-2021-3711

In order to decrypt SM2 encrypted data an application is expected to call the API function EVPPKEYdecrypt. Typically an application will call this function twice. The first time, on entry, the "out" parameter can be NULL and, on exit, the "outlen" parameter is populated with the buffer size...

Argo Server TLS requests could be forged by attacker with network access

Impact We are not aware of any exploits. This is a pro-active fix. Impacted: You are running Argo Server = v3.0 with --secure unspecified note - running in secure mode is recommended regardless. The attacker is within your network. If you expose Argo Server to the Internet then "your network" is...

CVE-2021-29704

IBM Security SOAR uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information...

Argo Server TLS requests could be forged by attacker with network access

Impact We are not aware of any exploits. This is a pro-active fix. Impacted: You are running Argo Server = v3.0 with --secure unspecified note - running in secure mode is recommended regardless. The attacker is within your network. If you expose Argo Server to the Internet then "your network" is...

IBM Security SOAR 加密问题漏洞

IBM Security SOAR, formerly Resilient, is an IBM product designed to help your security team confidently address cyber threats, automate through intelligence and collaborate through consistency.IBM Security SOAR is vulnerable to an information disclosure vulnerability that stems from the...

CVE-2021-32596

A use of one-way hash with a predictable salt vulnerability in the password storing mechanism of FortiPortal 6.0.0 through 6.04 may allow an attacker already in possession of the password store to decrypt the passwords by means of precomputed tables...

CVE-2021-32596

A use of one-way hash with a predictable salt vulnerability in the password storing mechanism of FortiPortal 6.0.0 through 6.04 may allow an attacker already in possession of the password store to decrypt the passwords by means of precomputed tables...

Design/Logic Flaw

In Charm 0.43, any single user can decrypt DAC-MACS or MA-ABE-YJ14 data...

Exploit for Use of Hard-coded Credentials in Glpi-Project Glpi

CVE-2020-5248 POC 환경 구성 및 테스트 입니다. 테스트 방법 - 환경 구성 v...

Charm 加密问题漏洞

Charm is Charm is a framework for rapidly prototyping advanced cryptosystems. Charm version 0.43 is vulnerable to a cryptographic issue. Exploiting this vulnerability source any two users can conspire to gain the ability to decrypt YCT14 data...