Neowise CarbonFTP 1.4 - Insecure Proprietary Password Encryption

Title: Neowise CarbonFTP 1.4 - Insecure Proprietary Password Encryption Date: 2020-04-20 Author: hyp3rlinx Vendor: CVE: CVE-2020-6857 import time, string, sys, argparse, os, codecs Fixed: updated for Python 3, the hex decode function was not working in Python 3 version. This should be compatible...

Neowise CarbonFTP 1.4 - Insecure Proprietary Password Encryption Exploit

Title: Neowise CarbonFTP 1.4 - Insecure Proprietary Password Encryption Author: hyp3rlinx Vendor: CVE: CVE-2020-6857 import time, string, sys, argparse, os, codecs Fixed: updated for Python 3, the hex decode function was not working in Python 3 version. This should be compatible for Python 2 and ...

PT-2020-12650 · Microsoft +1 · Office 365 +2

Name of the Vulnerable Software and Affected Versions: Zoom Client for Meetings versions 4.6.9 and earlier Microsoft Office 365 affected versions not specified Description: The issue concerns the use of the ECB mode of AES for encryption, which can reveal structural information about encrypted...

Kiali Trust Management Issues Vulnerabilities

Kiali is an open source, visual management tool for the Istio microservices architecture. A trust management issue vulnerability exists in the default configuration file in versions of Kiali prior to 1.15.1. The vulnerability stems from the fact that the file comes with a hard-coded encryption ke...

CVE-2020-10884

This vulnerability allows network-adjacent attackers execute arbitrary code on affected installations of TP-Link Archer A7 Firmware Ver: 190726 AC1750 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the tdpServer service, which listens on UDP...

Hardcoded credentials

This vulnerability allows network-adjacent attackers execute arbitrary code on affected installations of TP-Link Archer A7 Firmware Ver: 190726 AC1750 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the tdpServer service, which listens on UDP...

CVE-2020-10884

This CVE concerns TP-Link Archer A7 AC1750 routers running firmware 190726. Affected component is the tdpServer daemon, which listens on UDP port 20002; the issue stems from a hard-coded encryption key, enabling network-adjacent attackers to execute arbitrary code with root privileges in vulnerab...

CVE-2020-10884

This vulnerability allows network-adjacent attackers execute arbitrary code on affected installations of TP-Link Archer A7 Firmware Ver: 190726 AC1750 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the tdpServer service, which listens on UDP...

VISAM VBASE Information Disclosure Vulnerability

VISAM VBASE is a data acquisition and monitoring system from VISAM Germany, VBASE Editor is one of the editors, VBASE Web-Remote Module is one of the web-based remote modules. A security vulnerability exists in VISAM VBASE Editor version 11.5.0.2 and VBASE Web-Remote Module. The vulnerability can...

(Pwn2Own) TP-Link Archer A7 tdpServer Use of Hard-coded Cryptographic Key Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers execute arbitrary code on affected installations of TP-Link Archer A7 AC1750 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the tdpServer service, which listens on UDP port 20002 by defaul...

CVE-2019-15075

An issue was discovered in iNextrix ASTPP before 4.0.1. webinterface/astpp/application/config/config.php does not have strong random keys, as demonstrated by use of the 8YSDaBtDHAB3EQkxPAyTz2I5DttzA9uR private key and the rfddEw232f encryption key...

CVE-2019-5106

A hard-coded encryption key vulnerability exists in the authentication functionality of WAGO e!Cockpit version 1.5.1.1. An attacker with access to communications between e!Cockpit and CoDeSyS Gateway can trivially recover the password of any user attempting to log in, in plain text...

CVE-2019-5106

A hard-coded encryption key vulnerability exists in the authentication functionality of WAGO e!Cockpit version 1.5.1.1. An attacker with access to communications between e!Cockpit and CoDeSyS Gateway can trivially recover the password of any user attempting to log in, in plain text...

CVE-2019-5106

WAGO e!Cockpit 1.5.1.1 authentication has a hard-coded 32-byte key used for XOR-based protection in the login protocol. Talos details show an attacker with access to the communications between e!Cockpit and CoDeSyS Gateway can recover plaintext passwords from captured authentication packets due t...

Microsoft Exchange Server Static Key Defect Causes Remote Code Execution Analysis(CVE-2020-0688)-Vulnerability Warning-Black Bar Safety Net

In the latest Microsoft Monthly patch released in February 2020, Microsoft released an important patch to fix a remote code execution vulnerability in Microsoft Exchange servers.The vulnerability, reported to us by an anonymous researcher, affects all supported versions of Microsoft Exchange...

Open-Xchange: SSRF - Guard - Unchecked HKP servers

Description When encrypting an email, one of strategies to lookup recipient's encryption key is to contact a HKP keyserver specified in DNS records of recipient's domain. Specifically it is DNS SRV records for hkps.tcp. and hkp.tcp., which specify hostname and port of the keyserver. In source cod...

CVE-2020-2099

A flaw was found in Jenkins. Encryption key parameters are improperly reused in the Inbound TCP Agent Protocol/3 allowing unauthorized attackers with knowledge of agent names to obtain the connection secrets for those agents. The highest threat from this vulnerability is to data confidentiality...

CVE-2013-1352

Verax NMS prior to 2.1.0 uses an encryption key that is hardcoded in a JAR archive...

Hardcoded credentials

Verax NMS prior to 2.1.0 uses an encryption key that is hardcoded in a JAR archive...

CVE-2013-1352

Verax NMS prior to 2.1.0 uses an encryption key that is hardcoded in a JAR archive...