1413 matches found
GHSA-4JH3-6JHV-2MGP react-native-mmkv Insertion of Sensitive Information into Log File vulnerability
Summary Before version v2.11.0, the react-native-mmkv logged the optional encryption key for the MMKV database into the Android system log. The key can be obtained by anyone with access to the Android Debugging Bridge ADB if it is enabled in the phone settings. This bug is not present on iOS...
CVE-2024-21668
react-native-mmkv is a library that allows easy use of MMKV inside React Native applications. Before version 2.11.0, the react-native-mmkv logged the optional encryption key for the MMKV database into the Android system log. The key can be obtained by anyone with access to the Android Debugging...
Design/Logic Flaw
react-native-mmkv is a library that allows easy use of MMKV inside React Native applications. Before version 2.11.0, the react-native-mmkv logged the optional encryption key for the MMKV database into the Android system log. The key can be obtained by anyone with access to the Android Debugging...
CVE-2024-21668 Insertion of Sensitive Information into Log File in react-native-mmkv
react-native-mmkv is a library that allows easy use of MMKV inside React Native applications. Before version 2.11.0, the react-native-mmkv logged the optional encryption key for the MMKV database into the Android system log. The key can be obtained by anyone with access to the Android Debugging...
CVE-2024-21668
The CVE-2024-21668 entry concerns react-native-mmkv, a React Native library for MMKV. Before version 2.11.0, it logged the database encryption key to Android system logs, enabling potential retrieval via ADB and compromising confidentiality; iOS is not affected. The issue is mitigated by upgradin...
CVE-2024-21668 Insertion of Sensitive Information into Log File in react-native-mmkv
react-native-mmkv is a library that allows easy use of MMKV inside React Native applications. Before version 2.11.0, the react-native-mmkv logged the optional encryption key for the MMKV database into the Android system log. The key can be obtained by anyone with access to the Android Debugging...
Allocation of Resources Without Limits or Throttling
Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling by processing JSON Web Encryption JWE tokens with a high compression ratio. An attacker can cause excessive memory allocation and processing time during decompression, leading to a...
PT-2024-19010 · Unknown · React-Native-Mmkv
Name of the Vulnerable Software and Affected Versions: react-native-mmkv versions prior to 2.11.0 Description: The react-native-mmkv library logged the optional encryption key for the MMKV database into the Android system log before version 2.11.0. This allowed anyone with access to the Android...
PT-2024-1246 · Microsoft +6 · Identity +6
Name of the Vulnerable Software and Affected Versions: Microsoft Identity versions prior to 5.7.0 Microsoft Identity versions prior to 6.34.0 Microsoft Identity versions prior to 7.1.2 Description: The issue is related to incorrect clearing or release of resources in the Microsoft Identity librar...
RAID Technology and the importance of disk encryption in data security
Introduction Recently we were engaged by a client experiencing a potential data leak incident. Amidst their expansion, they were constructing a new data centre. Due to pressing business needs, they accelerated the setup of part of their infrastructure. This urgency led to them setting up a Domain...
CVE-2023-46919
Phlox com.phlox.simpleserver aka Simple HTTP Server 1.8 and com.phlox.simpleserver.plus aka Simple HTTP Server PLUS 1.8.1-plus have a hardcoded aKySWb2jjrr4dzkYXczKRt7K AES encryption key. An attacker with physical access to the application's source code or binary can extract this key & use it...
Hardcoded credentials
Phlox com.phlox.simpleserver aka Simple HTTP Server 1.8 and com.phlox.simpleserver.plus aka Simple HTTP Server PLUS 1.8.1-plus have a hardcoded aKySWb2jjrr4dzkYXczKRt7K encryption key. The threat is from a man-in-the-middle attacker who can intercept and potentially modify data during transmissio...
CVE-2023-46919
Phlox com.phlox.simpleserver aka Simple HTTP Server 1.8 and com.phlox.simpleserver.plus aka Simple HTTP Server PLUS 1.8.1-plus have a hardcoded aKySWb2jjrr4dzkYXczKRt7K AES encryption key. An attacker with physical access to the application's source code or binary can extract this key & use it...
Fedir Tsapana Simple HTTP Server PLUS Security Vulnerability
Fedir Tsapana Simple HTTP Server PLUS is an application from Fedir Tsapana that allows you to run small local HTTP servers with static content. A security vulnerability exists in Fedir Tsapana Simple HTTP Server PLUS 1.8.1-plus and earlier versions, which arises from the application containing a...
CVE-2023-46919
CVE-2023-46919 affects Phlox com.phlox.simpleserver (Simple HTTP Server) 1.8 and com.phlox.simpleserver.plus (Simple HTTP Server PLUS) 1.8.1-plus. The root cause is a hardcoded AES encryption key, aKySWb2jjrr4dzkYXczKRt7K , that can be extracted from the application or its binary, enabling an att...
CVE-2023-46919
Phlox com.phlox.simpleserver aka Simple HTTP Server 1.8 and com.phlox.simpleserver.plus aka Simple HTTP Server PLUS 1.8.1-plus have a hardcoded aKySWb2jjrr4dzkYXczKRt7K AES encryption key. An attacker with physical access to the application's source code or binary can extract this key & use it...
CVE-2023-24023
A flaw was found in Bluetooth BR/EDR devices with Secure Simple Pairing and Secure Connections pairing in Bluetooth Core Specification 4.2 through 5.4. This issue may allow certain man-in-the-middle attacks that force a short key length and might lead to discovery of the encryption key and live...
CVE-2023-48392
Kaifa Technology WebITR is an online attendance system, it has a vulnerability in using hard-coded encryption key. An unauthenticated remote attacker can generate valid token parameter and exploit this vulnerability to access system with arbitrary user account, including administrator’s account, ...
Design/Logic Flaw
Kaifa Technology WebITR is an online attendance system, it has a vulnerability in using hard-coded encryption key. An unauthenticated remote attacker can generate valid token parameter and exploit this vulnerability to access system with arbitrary user account, including administrator’s account, ...
CVE-2023-48392
CVE-2023-48392 affects Kaifa Technology WebITR, an online attendance system. The root cause is use of a hard-coded encryption key that allows an unauthenticated remote attacker to generate valid token parameters, enabling login as an arbitrary user (including administrator) and access to the syst...