Smart Lock Turns Out to be Not So Smart, or Secure

Researchers are warning a keyless smart door lock made by U-tec, called Ultraloq, could allow attackers to track down where the device is being used and easily pick the lock – either virtually or physically. Ultraloq is a Bluetooth fingerprint and touchscreen door lock sold for about $200. It...

FortiCam FCM-MB40 Code Execution / Privilege Escalation

Original posting: https://xor.cat/2019/06/19/fortinet-forticam-vulns/ Background In March of 2019 I discovered five vulnerabilities in Fortinet's FortiCam FCM-MB401 product. Part-way through disclosing this vulnerability, I discovered that the FCM-MB40 is manufactured by a company called Dynacolo...

Ubuntu 16.04 LTS : web2py vulnerabilities (USN-4030-1)

The remote Ubuntu 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4030-1 advisory. It was discovered that web2py does not properly check denied hosts before verifying passwords. An attacker could possibly use this issue to perform...

Sharing the Secrets: Pwning an industrial IoT router

I get involved in a lot of IoT and ICS pen tests and found an interesting device on one of them. I didn’t have enough time on the job to go as deep as I wanted, so got PTP to buy a couple to play with. eBay FTW! It’s an Ewon Flexy IoT Router. It’s important to note that local access / public IP...

CVE-2019-4220

IBM InfoSphere Information Server 11.7.1.0 stores a common hard coded encryption key that could be used to decrypt sensitive information. IBM X-Force ID: 159229...

PT-2019-16975 · Ibm · Ibm Infosphere Information Server

Name of the Vulnerable Software and Affected Versions: IBM InfoSphere Information Server version 11.7.1.0 Description: The issue concerns a hard-coded encryption key stored in the software, which could potentially be used to decrypt sensitive information. Recommendations: For IBM InfoSphere...

CVE-2019-12376

Use of a hard-coded encryption key in Ivanti LANDESK Management Suite LDMS, aka Endpoint Manager 10.0.1.168 Service Update 5 may lead to full managed endpoint compromise by an authenticated user with read privileges...

Hardcoded credentials

Use of a hard-coded encryption key in Ivanti LANDESK Management Suite LDMS, aka Endpoint Manager 10.0.1.168 Service Update 5 may lead to full managed endpoint compromise by an authenticated user with read privileges...

CVE-2019-12376

Use of a hard-coded encryption key in Ivanti LANDESK Management Suite LDMS, aka Endpoint Manager 10.0.1.168 Service Update 5 may lead to full managed endpoint compromise by an authenticated user with read privileges...

CVE-2019-12376

The CVE-2019-12376 entry concerns Ivanti LANDESK Management Suite (LDMS, aka Endpoint Manager) 10.0.1.168 Service Update 5, where a hard-coded encryption key is implicated. Red Hat and NVD records corroborate the description of a potential full compromise of managed endpoints by an authenticated ...

CVE-2019-8352

By default, BMC PATROL Agent through 11.3.01 uses a static encryption key for encrypting/decrypting user credentials sent over the network to managed PATROL Agent services. If an attacker were able to capture this network traffic, they could decrypt these credentials and use them to execute code ...

CVE-2019-8352

Technical details of CVE-2019-8352 are not publicly provided in the supplied connected documents. Monitor for updates from Vulners and official advisories.

CB TAU Threat Intelligence Notification: RobbinHood Ransomware Stops 181 Windows Services Before Encryption

According to source articles, RobbinHood ransomware has been discovered and it will stop 181 Windows services prior to the encryption taking place. It is thought that the ransomware might not be distributed through a typical spam campaign, but instead via other methods such as hacked remote deskt...

CVE-2019-10920

A vulnerability has been identified in LOGO! 8 BM incl. SIPLUS variants All versions V8.3. Project data stored on the device, which is accessible via port 10005/tcp, can be decrypted due to a hardcoded encryption key. The security vulnerability could be exploited by an unauthenticated attacker wi...

Hardcoded credentials

A vulnerability has been identified in LOGO! 8 BM incl. SIPLUS variants All versions V8.3. Project data stored on the device, which is accessible via port 10005/tcp, can be decrypted due to a hardcoded encryption key. The security vulnerability could be exploited by an unauthenticated attacker wi...

CVE-2019-10920

CVE-2019-10920 affects Siemens LOGO! 8 BM (and SIPLUS variants) with all versions before 8.3. The issue is a vulnerability in which project data on the device, accessible via port 10005/tcp, can be decrypted due to a hard-coded encryption key, allowing an unauthenticated remote attacker to access...

CVE-2019-10920

A vulnerability has been identified in LOGO! 8 BM incl. SIPLUS variants All versions V8.3. Project data stored on the device, which is accessible via port 10005/tcp, can be decrypted due to a hardcoded encryption key. The security vulnerability could be exploited by an unauthenticated attacker wi...

Schneider Electric Trio J-Series License Free Ethernet Radio 3.6.0 <= 3.6.3 Hardcoded Encryption Key

Binary data 720035.prm...

GE Multilink Swtiches Hardcoded Encryption Key

Binary data 720053.prm...

Design/Logic Flaw

An issue was discovered in the Ascensia Contour NEXT ONE application for Android before 2019-01-15. It has a statically coded encryption key. Extraction of the encryption key is necessary for deciphering communications between this application and the backend server. This, in combination with...