WordPress plugin CE21 Suite 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

travels-java-api 安全漏洞

travels-java-api is an API for travel management from the individual developer Mariana Azevedo. A security vulnerability exists in travels-java-api version 5.0.1 and earlier, which stems from the use of hard-coded encryption keys in the doFilterInternal function in the JWT Secret Handler componen...

Using Volatility for advanced memory forensics

TL;DR Memory forensics enhances investigations by analysing volatile data in RAM unavailable in disk forensics. Key insights from memory include running processes , network connections , encryption keys , and user activity , vital for real-time investigations. Smaller memory images 4-32 GB offer...

Neye3C 安全漏洞

Neye3C is an application from Neye3C that connects to cloud cameras and DVRs by logging into the cloud. A security vulnerability exists in Neye3C version v4.5.2.0 that stems from the inclusion of hard-coded encryption keys in the firmware update mechanism...

CVE-2024-47122

In the goTenna Pro App, the encryption keys are stored along with a static IV on the End User Device EUD. This allows for complete decryption of keys stored on the EUD if physically compromised. This allows an attacker to decrypt all encrypted broadcast communications based on encryption keys...

CVE-2024-47122

In the goTenna Pro App, the encryption keys are stored along with a static IV on the End User Device EUD. This allows for complete decryption of keys stored on the EUD if physically compromised. This allows an attacker to decrypt all encrypted broadcast communications based on encryption keys...

CVE-2024-45374

The goTenna Pro ATAK plugin uses a weak password for sharing encryption keys via the key broadcast method. If the broadcasted encryption key is captured over RF, and password is cracked via brute force attack, it is possible to decrypt it and use it to decrypt all future and past messages sent vi...

CVE-2024-43694

In the goTenna Pro ATAK Plugin application, the encryption keys are stored along with a static IV on the device. This allows for complete decryption of keys stored on the device. This allows an attacker to decrypt all encrypted broadcast communications based on broadcast keys stored on the device...

CVE-2024-43694 goTenna Pro ATAK Plugin Insecure Storage of Sensitive Information

In the goTenna Pro ATAK Plugin application, the encryption keys are stored along with a static IV on the device. This allows for complete decryption of keys stored on the device. This allows an attacker to decrypt all encrypted broadcast communications based on broadcast keys stored on the device...

CVE-2024-43694

The CVE-2024-43694 issue affects the goTenna Pro ATAK Plugin. Insecure storage of encryption keys with a static IV on the End User Device enables full decryption of device-stored keys and thus all encrypted broadcast communications. Affected versions include goTenna Pro ATAK Plugin prior to the f...

CVE-2024-43694 goTenna Pro ATAK Plugin Insecure Storage of Sensitive Information

In the goTenna Pro ATAK Plugin application, the encryption keys are stored along with a static IV on the device. This allows for complete decryption of keys stored on the device. This allows an attacker to decrypt all encrypted broadcast communications based on broadcast keys stored on the device...

CVE-2024-47122

CVE-2024-47122 describes insecure storage of encryption keys in the goTenna Pro ecosystem: encryption keys are stored on the End User Device together with a static IV, enabling decryption of all encrypted broadcast communications if the EUD is physically compromised. Affected products include goT...

CVE-2024-45374

The CVE-2024-45374 entry concerns the goTenna Pro ATAK Plugin, where encryption keys are shared via a key broadcast method that uses weak passwords. If the broadcasted key is captured over RF and cracked, all past and future messages encrypted with that key can be decrypted. This vulnerability ap...

CVE-2024-45374 goTenna Pro ATAK Plugin Weak Password Requirements

The goTenna Pro ATAK plugin uses a weak password for sharing encryption keys via the key broadcast method. If the broadcasted encryption key is captured over RF, and password is cracked via brute force attack, it is possible to decrypt it and use it to decrypt all future and past messages sent vi...

goTenna Pro ATAK Plugin 安全特征问题漏洞

The goTenna Pro ATAK Plugin is a plugin for goTenna's device that creates networks for off-grid communications and situational awareness. A security signature issue vulnerability exists in goTenna Pro ATAK Plugin version 1.9.12 and earlier, which stems from not using SecureRandom when generating...

PT-2024-30621 · Gotenna · Gotenna Pro Atak Plugin

Name of the Vulnerable Software and Affected Versions: goTenna Pro ATAK Plugin affected versions not specified Description: The goTenna Pro ATAK Plugin application stores encryption keys along with a static IV on the device, allowing for complete decryption of keys stored on the device. This...

PT-2024-32416 · Gotenna · Gotenna Pro App +2

Name of the Vulnerable Software and Affected Versions: goTenna Pro App versions affected versions not specified goTenna Pro X goTenna Pro X2 Description: The goTenna Pro App uses a weak password for sharing encryption keys via the key broadcast method. If the broadcasted encryption key is capture...

CVE-2024-31415

The Eaton Foreseer software provides the feasibility for the user to configure external servers for multiple purposes such as network management, user management, etc. The software uses encryption to store these configurations securely on the host machine. However, the keys used for this encrypti...

CVE-2024-31415

The Eaton Foreseer software provides the feasibility for the user to configure external servers for multiple purposes such as network management, user management, etc. The software uses encryption to store these configurations securely on the host machine. However, the keys used for this encrypti...

CVE-2024-31415

The CVE-2024-31415 issue affects Eaton Foreseer EPMS software. The root cause is insecurely stored encryption keys used to protect server configuration data, allowing an attacker with local access to potentially change or remove external server configurations. Public documents describe the vulner...