1413 matches found
CVE-2018-19537
TP-Link Archer C5 devices through V2160201US allow remote command execution via shell metacharacters on the wandynhostname line of a configuration file that is encrypted with the 478DA50BF9E3D2CF key and uploaded through the web GUI by using the web admin account. The default password of admin ma...
CVE-2018-19537
TP-Link Archer C5 devices through V2160201US allow remote command execution via shell metacharacters on the wandynhostname line of a configuration file that is encrypted with the 478DA50BF9E3D2CF key and uploaded through the web GUI by using the web admin account. The default password of admin ma...
CVE-2018-12037
An issue was discovered on Samsung 840 EVO and 850 EVO devices only in "ATA high" mode, not vulnerable in "TCG" or "ATA max" mode, Samsung T3 and T5 portable drives, and Crucial MX100, MX200 and MX300 devices. Absence of a cryptographic link between the password and the Disk Encryption Key allows...
CVE-2018-12038
CVE-2018-12038 is a hardware-encryption vulnerability affecting self-encrypting drives (e.g., Samsung 840 EVO, MX100/MX200/MX300, Samsung T3/T5) where wear-leveling and weak binding between the user password and the disk-encryption key can allow an attacker with physical access to recover data. T...
PT-2018-10958 · Samsung +1 · Samsung T5 +6
Name of the Vulnerable Software and Affected Versions: Samsung 840 EVO versions affected versions not specified Samsung 850 EVO versions affected versions not specified Samsung T3 versions affected versions not specified Samsung T5 versions affected versions not specified Crucial MX100 versions...
Lenovo Chassis Management Module (CMM) Information Disclosure Vulnerability
The Lenovo Chassis Management Module CMM is a hot-swappable Lenovo Flex System module that can be used to configure and manage all installed Lenovo Flex System components. An information disclosure vulnerability exists in Lenovo CMM versions prior to 2.0.0, which stems from the program's use of a...
CVE-2018-9073
Lenovo Chassis Management Module CMM prior to version 2.0.0 utilizes a hardcoded encryption key to protect certain secrets. Possession of the key can allow an attacker that has already compromised the server to decrypt these secrets...
Hardcoded credentials
Lenovo Chassis Management Module CMM prior to version 2.0.0 utilizes a hardcoded encryption key to protect certain secrets. Possession of the key can allow an attacker that has already compromised the server to decrypt these secrets...
CVE-2018-9073 CMM Security Vulnerability
Lenovo Chassis Management Module CMM prior to version 2.0.0 utilizes a hardcoded encryption key to protect certain secrets. Possession of the key can allow an attacker that has already compromised the server to decrypt these secrets...
CMM Security Concerns - US
Lenovo Security Advisory: LEN-23806 Potential Impact: Information Disclosure; Hardcoded Encryption Key Severity: Medium Scope of Impact: Lenovo-specific CVE Identifier: CVE-2018-9071, CVE-2018-9073 Summary: In a recent internal audit, Lenovo identified potential security vulnerabilities in the...
CMM Security Concerns - Lenovo Support US
No description provided...
AES-Killer v3.0 - Burp Plugin To Decrypt AES Encrypted Traffic Of Mobile Apps On The Fly
BurpsuitePlugin to decrypt AES Encrypted traffic on the fly. Requirements Burpsuite Java Tested on Burpsuite 1.7.36 Windows 10 xubuntu 18.04 Kali Linux 2018 What it does The IProxyListener decrypt requests and encrypt responses, and an IHttpListener than encrypt requests and decrypt responses. Bu...
Hardcoded credentials
An issue was discovered in PTC ThingWorx Platform 6.5 through 8.2. There is a hardcoded encryption key...
CVE-2018-17217
An issue was discovered in PTC ThingWorx Platform 6.5 through 8.2. There is a hardcoded encryption key...
MensaMax 4.3 Hardcoded Encryption Key Disclosure
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 e2 Security GmbH Advisory 2018-01 Unencrypted transmission and usage of hardcoded encryption key Overview Advisory ID: E2SA-2018-01 Advisory Version: 1.0 Advisory Status: Public Advisory URL: https://advisories.e2security.de/2018/E2SA-2018-01.txt...
Design/Logic Flaw
In Elastic Cloud Enterprise ECE versions prior to 1.1.4 a default master encryption key is used in the process of granting ZooKeeper access to Elasticsearch clusters. Unless explicitly overwritten, this master key is predictable across all ECE deployments. If an attacker can connect to ZooKeeper...
CVE-2018-3825
In Elastic Cloud Enterprise ECE versions prior to 1.1.4 a default master encryption key is used in the process of granting ZooKeeper access to Elasticsearch clusters. Unless explicitly overwritten, this master key is predictable across all ECE deployments. If an attacker can connect to ZooKeeper...
CVE-2018-3825
In Elastic Cloud Enterprise ECE versions prior to 1.1.4 a default master encryption key is used in the process of granting ZooKeeper access to Elasticsearch clusters. Unless explicitly overwritten, this master key is predictable across all ECE deployments. If an attacker can connect to ZooKeeper...
CVE-2018-3825
The CVE-2018-3825 entry concerns Elastic Cloud Enterprise (ECE) before version 1.1.4, where a default master encryption key is used when granting ZooKeeper access to Elasticsearch clusters. The key is described as predictable across deployments unless overwritten, enabling an attacker who can con...
CVE-2017-13107
Live.me - live stream video chat, 3.7.20, 2017-11-06, Android application uses a hard-coded key for encryption. Data stored using this key can be decrypted by anyone able to access this key...