CVE-2021-34571

Multiple Wireless M-Bus devices by Enbra use Hard-coded Credentials in Security mode 5 without an option to change the encryption key. An adversary can learn all information that is available in Enbra EWM...

Hardcoded credentials

Multiple Wireless M-Bus devices by Enbra use Hard-coded Credentials in Security mode 5 without an option to change the encryption key. An adversary can learn all information that is available in Enbra EWM...

CVE-2021-34571

The CVE-2021-34571 entry concerns Enbra EWM, a universal Enbra Wireless M-Bus reading device. Concrete details across connected records show a trust/credential management issue in which several wireless M-Bus devices use hard-coded credentials in secure mode 5, with no option to change the encryp...

CVE-2021-34571 Hard-coded Credentials in Enbra Wireless M-Bus devices

Multiple Wireless M-Bus devices by Enbra use Hard-coded Credentials in Security mode 5 without an option to change the encryption key. An adversary can learn all information that is available in Enbra EWM...

WhatsApp to Finally Let Users Encrypt Their Chat Backups in the Cloud

WhatsApp on Friday announced it will roll out support for end-to-end encrypted chat backups on the cloud for Android and iOS users, paving the way for storing information such as chat messages and photos in Apple iCloud or Google Drive in a cryptographically secure manner. The optional feature,...

CyberArk Credential File Insufficient Effective Key Space

Vulnerability Details Affected Vendor: CyberArk Affected Product: Application Access Manager/Credential Provider Affected Version: Prior to 12.1 Platform: Linux/Windows/zOS CWE Classification: CWE-326: Inadequate Encryption Strength CVE ID: CVE-2021-31796 2. Vulnerability Description CyberArk...

The vulnerability of the microprogrammed logic controllers from Schneider Electric, such as Modicon M221, M100, and M200, stems from insufficiently secure data encryption. This allows attackers to obtain the encryption key.

The vulnerability of the microprogrammed logic controllers from Schneider Electric, such as Modicon M221, M100, and M200, is related to insufficiently secure data encryption. Exploiting this vulnerability could allow a malicious actor to obtain the encryption key remotely...

CVE-2021-38599

WAL-G before 1.1, when a non-libsodium build e.g., one of the official binary releases published as GitHub Releases is used, silently ignores the libsodium encryption key and uploads cleartext backups. This is arguably a Principle of Least Surprise violation because "the user likely wanted to...

Code injection

WAL-G before 1.1, when a non-libsodium build e.g., one of the official binary releases published as GitHub Releases is used, silently ignores the libsodium encryption key and uploads cleartext backups. This is arguably a Principle of Least Surprise violation because "the user likely wanted to...

CVE-2021-38599

WAL-G before 1.1, when a non-libsodium build e.g., one of the official binary releases published as GitHub Releases is used, silently ignores the libsodium encryption key and uploads cleartext backups. This is arguably a Principle of Least Surprise violation because "the user likely wanted to...

CVE-2021-20505

The PowerVM Logical Partition MobilityLPM PowerVM Hypervisor FW920, FW930, FW940, and FW950 encryption key exchange protocol can be compromised. If an attacker has the ability to capture encrypted LPM network traffic and is able to gain service access to the FSP they can use this information to...

CVE-2021-20505

The CVE-2021-20505 entry concerns IBM PowerVM Logical Partition Mobility (LPM) encryption key exchange protocol weaknesses. According to NVD/NVD-derived data, if an attacker can capture encrypted LPM traffic and gains service access to the Flexible Service Processor (FSP), they can perform PowerV...

IBM Power System 安全漏洞

IBM Power System is a Power processor-based server computer from IBM in the United States. A security vulnerability exists in the IBM Power System that could compromise the PowerVM Logical Partition Migration LPM encryption key exchange protocol. If an attacker could exploit the vulnerability to ...

Unspecified Vulnerability in QSAN Storage Manager

QSAN Storage Manager is a NAS operating system from Quantium Technologies Incorporated QSAN. A security vulnerability exists in QSAN Storage Manager that stems from the use of a hard-coded encryption key vulnerability that could be exploited by an attacker to gain access to user credentials and...

GHSA-PHJ8-4CQ3-794G Unencrypted storage of client side sessions

Impact The default configuration of client side sessions results in unencrypted, but signed, data being set as cookie values. This means that if something sensitive goes into the session, it could be read by something with access to the cookies. Note: the documentation does point this out and...

Unencrypted storage of client side sessions

Impact The default configuration of client side sessions results in unencrypted, but signed, data being set as cookie values. This means that if something sensitive goes into the session, it could be read by something with access to the cookies. Note: the documentation does point this out and...

Design/Logic Flaw

Ratpack is a toolkit for creating web applications. In versions prior to 1.9.0, the default configuration of client side sessions results in unencrypted, but signed, data being set as cookie values. This means that if something sensitive goes into the session, it could be read by something with...

CVE-2021-29481 Client side sessions should not allow unencrypted storage

Ratpack is a toolkit for creating web applications. In versions prior to 1.9.0, the default configuration of client side sessions results in unencrypted, but signed, data being set as cookie values. This means that if something sensitive goes into the session, it could be read by something with...

The vulnerability of the str_rot_pass function in the PHP-Proxy web proxy script allows attackers to disclose sensitive information that should be protected.

The vulnerability of the strrotpass function in the PHP-Proxy web proxy script relates to the ability to read encryption keys without authentication. Exploiting this vulnerability could allow a malicious actor to disclose the protected information...

CVE-2021-27481

ZOLL Defibrillator Dashboard, v prior to 2.2, The affected products utilize an encryption key in the data exchange process, which is hardcoded. This could allow an attacker to gain access to sensitive information...