Default credentials

RunAsSpc 4.0 uses a universal and recoverable encryption key. In possession of a file encrypted by RunAsSpc, an attacker can recover the credentials that were used...

CVE-2022-26660

CVE-2022-26660 affects RunAsSpc 4.0. The root cause is a universal and recoverable encryption key used to protect credentials, enabling the recovery of credentials from a file encrypted by RunAsSpc. Impact stated: an attacker who gains access to an encrypted RunAsSpc file can recover the credenti...

CVE-2022-26660

RunAsSpc 4.0 uses a universal and recoverable encryption key. In possession of a file encrypted by RunAsSpc, an attacker can recover the credentials that were used...

Authentication flaw

Apache Spark supports end-to-end encryption of RPC connections via "spark.authenticate" and "spark.network.crypto.enabled". In versions 3.1.2 and earlier, it uses a bespoke mutual authentication protocol that allows for full encryption key recovery. After an initial interactive attack, this would...

Authentication flaw

Fresenius Kabi Vigilant Software Suite Mastermed Dashboard version 2.0.1.3 issues authentication tokens to authenticated users that are signed with a symmetric encryption key. An attacker in possession of the key can issue valid JWTs and impersonate arbitrary users...

CVE-2021-33846

CVE-2021-33846 affects Fresenius Kabi Vigilant Software Suite MasterMed Dashboard (v2.0.1.3). The vulnerability arises because authentication tokens issued to authenticated users are signed with a symmetric encryption key, enabling an attacker possessing the key to issue valid JWTs and impersonat...

CVE-2021-33846 Fresenius Kabi Agilia Connect Infusion System use of a broken or risky cryptographic algorithm

Fresenius Kabi Vigilant Software Suite Mastermed Dashboard version 2.0.1.3 issues authentication tokens to authenticated users that are signed with a symmetric encryption key. An attacker in possession of the key can issue valid JWTs and impersonate arbitrary users...

Dell PowerPath Management Appliance安全漏洞

The DELL Dell PowerPath Management Appliance is a PowerPath host management application from Dell USA that offers two models: a virtual machine-based appliance and a Docker containerized appliance. A security vulnerability exists in the Dell PowerPath Management Appliance, which can be exploited ...

The vulnerability of the “Remember Me” function implementation in the Apache Shiro framework allows a hacker to execute arbitrary code or bypass security restrictions.

The vulnerability of the “Remember Me” function implementation in the Apache Shiro framework is related to the use of the default encryption key. Exploiting this vulnerability allows a malicious actor to execute arbitrary code or bypass security restrictions remotely...

Dell EMC CloudLink 安全漏洞

Dell EMC CloudLink is a flexible data encryption and key management solution for data encryption in public, private, and hybrid cloud environments.Dell EMC CloudLink 7.1 and earlier versions contain an arbitrary file creation vulnerability that can be exploited by remote unauthenticated attackers...

Information disclosure

An information disclosure vulnerability was reported in some Motorola-branded Binatone Hubble Cameras that could allow an attacker with physical access to obtain the encryption key used to decrypt firmware update packages...

CVE-2021-3789

An information disclosure vulnerability was reported in some Motorola-branded Binatone Hubble Cameras that could allow an attacker with physical access to obtain the encryption key used to decrypt firmware update packages...

CVE-2021-3789

CVE-2021-3789 affects some Motorola‑branded Binatone Hubble Cameras. The root cause is an information disclosure that could allow a physically proximate attacker to obtain the encryption key used to decrypt firmware update packages. The vulnerability enables access to confidential keys, enabling ...

Cisco Business 220 Series Smart Switches 信任管理问题漏洞

Cisco Business 220 Series Smart Switches is a series of smart switches from Cisco, Inc. It is used to build reliable enterprise networks on a limited budget. A trust management issue vulnerability exists in the Cisco Business 220 Series Smart Switches firmware, which stems from the use of a stati...

The vulnerability of the repository for Trusted Platform Module tpm2-tools, related to the disclosure of information, allows a perpetrator to gain access to confidential data.

The vulnerability of the repository for Trusted Platform Module tpm2-tools is related to the use of a fixed AES key for internal encryption. Exploiting this vulnerability could allow an attacker, operating remotely, to gain access to confidential data...

CVE-2021-41829

Zoho ManageEngine Remote Access Plus before 10.1.2121.1 relies on the application's build number to calculate a certain encryption key...

Code injection

Zoho ManageEngine Remote Access Plus before 10.1.2121.1 relies on the application's build number to calculate a certain encryption key...

CVE-2021-41829

CVE-2021-41829 affects Zoho ManageEngine Remote Access Plus prior to 10.1.2121.1, where an encryption key is derived from the application’s build number. The Red Hat and NVD entries corroborate the same description. No exploit details are provided in the connected documents. Mitigation is to upgr...

Cachet 2.4: Code Execution via Laravel Configuration Injection

Status pages are now an essential service offered by all Software-as-a-Service companies we do it too!. To help their adoption, startups quickly conceived status pages as-a-service, and open-source self-hosted alternatives were made available. Cachet, also sometimes referred to as CachetHQ, is a...

Enbra Ewm Trust Management Issue Vulnerability

Enbra Ewm is a universal reading device from the Czech company Enbra. It uses radios to read water meters, heating cost indicators and heat meters. Enbra EWM is vulnerable to a trust management issue, which stems from multiple wireless M-Bus devices from Enbra using hard-coded credentials in secu...