CVE-2018-18978

An issue was discovered in the Ascensia Contour NEXT ONE application for Android before 2019-01-15. It has a statically coded encryption key. Extraction of the encryption key is necessary for deciphering communications between this application and the backend server. This, in combination with...

CVE-2018-18978

CVE-2018-18978 affects the Android app for Ascensia Contour NEXT ONE (pre-2019-01-15). The issue is a statically coded encryption key, enabling extraction of the key to decipher communications with the backend. In combination with another vulnerability that can retrieve any user’s encrypted data ...

Sandbox Restrictions Bypass

The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. An out-of-bounds write flaw was found in the JPEG image format decoder in the AWT component in OpenJDK. A specially crafted JPEG image could cause a Java application to...

Linux/x86 - Rabbit Shellcode Crypter (200 bytes)

Introduction Exploit Title: Rabbit Shellcode Crypter Date: 24.4.2019 Exploit Author: Petr Javorik, www.mmquant.net Tested on: Linux ubuntu 3.13.0-32-generic, x86 Description: Crypter which encrypts, decrypts and executes given shellcode using Rabbit symmetric cipher Keep in mind before use 1. Max...

CVE-2019-5723

An issue was discovered in portier vision 4.4.4.2 and 4.4.4.6. Passwords are stored using reversible encryption rather than as a hash value, and the used Vigenere algorithm is badly outdated. Moreover, the encryption key is static and too short. Due to this, the passwords stored by the applicatio...

CVE-2019-5723

An issue was discovered in portier vision 4.4.4.2 and 4.4.4.6. Passwords are stored using reversible encryption rather than as a hash value, and the used Vigenere algorithm is badly outdated. Moreover, the encryption key is static and too short. Due to this, the passwords stored by the applicatio...

CVE-2019-5723

CVE-2019-5723 affects Portier Vision 4.4.4.2 and 4.4.4.6. The issue is cryptographic: passwords are stored with reversible encryption using an outdated Vigenère algorithm, and the encryption key is static and too short, enabling easy decryption of stored passwords. This impacts confidentiality (h...

ZOHO ManageEngine ADSelfService Plus Information Disclosure Vulnerability

ZOHO ManageEngine ADSelfService Plus is a Web-based end-user password management software from ZOHO. An information disclosure vulnerability exists in Zoho ManageEngine ADSelfService Plus 5.x =build 5704, which stems from the product's use of a fixed encryption key to protect information, and can...

Multi Gather Ubiquiti UniFi Controller Backup

On an Ubiquiti UniFi controller, reads the system.properties configuration file and downloads the backup and autobackup files. The files are then decrypted using a known encryption key, then attempted to be repaired by zip. Meterpreter must be used due to the large file sizes, which can be flaky ...

WAGO e!Cockpit authentication hard-coded encryption key vulnerability

Summary A hard-coded encryption key vulnerability exists in the authentication functionality of WAGO e!Cockpit, version 1.5.1.1. An attacker with access to communications between e!Cockpit and CoDeSyS Gateway can trivially recover the password of any user attempting to log in, in plain text. Test...

Best practices used to protect encryption key data generated by embedded micro-controllers

Problem This service bulletin is to highlight the secure engineering best practices used to protect encryption key data generated by embedded micro-controllers in management module hardware. Resolving The Problem Source RETAIN tip: H206119 Symptom This service bulletin is to highlight the secure...

CVE-2018-16889

Ceph does not properly sanitize encryption keys in debug logging for v4 auth. This results in the leaking of encryption key information in log files via plaintext. Versions up to v13.2.4 are vulnerable...

CVE-2018-16889

CVE-2018-16889 concerns Ceph's v4 authentication logging: encryption keys are not sanitized in debug/log output, potentially leaking key material. The vulnerability applies to Ceph versions up to 13.2.4 and is documented across multiple advisories (SUSE/SU-2019:2049-1, SUSE-SU-2019:2364-1, RHSA-2...

CVE-2018-16889

Ceph does not properly sanitize encryption keys in debug logging for v4 auth. This results in the leaking of encryption key information in log files via plaintext. Versions up to v13.2.4 are vulnerable...

Secret Keeper - Python Script To Encrypt & Decrypt Files With A Given Key

Secret Keeper is a file encryptor written in python which encrypt your files using Advanced Encryption Standard AES. CBC Mode is used when creating the AES cipher wherein each block is chained to the previous block in the stream. Features Secret Keeper has the ability to generate a random...

CVE-2018-12308

Encryption key disclosure in share.cgi in ASUSTOR ADM version 3.1.1 allows attackers to obtain the encryption key via the "encryptkey" URL parameter...

Code injection

Encryption key disclosure in share.cgi in ASUSTOR ADM version 3.1.1 allows attackers to obtain the encryption key via the "encryptkey" URL parameter...

CVE-2018-12308

Encryption key disclosure in share.cgi in ASUSTOR ADM version 3.1.1 allows attackers to obtain the encryption key via the "encryptkey" URL parameter...

CVE-2018-12308

Encryption key disclosure in share.cgi in ASUSTOR ADM version 3.1.1 allows attackers to obtain the encryption key via the "encryptkey" URL parameter...

CVE-2018-12308

ASUSTOR ADM 3.1.1 is affected by an information disclosure in share.cgi that allows an attacker to obtain the encryption key via the encrypt_key URL parameter. The root cause is a flaw in how share.cgi handles the key, enabling unauthorized access to the encryption key and potential compromise of...