CVE-2025-59102

The CVE-2025-59102 entry concerns the Access Manager web server’s backup-download functionality, which can expose the device’s entire configuration including unencrypted PINs and MIFARE keys. Connected Red Hat CVEs clarify the adjacent issues: CVE-2025-59101 allows an attacker to bypass session m...

EUVD-2025-206369

The web server of the Access Manager offers a functionality to download a backup of the local database stored on the device. This database contains the whole configuration. This includes encrypted MIFARE keys, card data, user PINs and much more. The PINs are even stored unencrypted. Combined with...

CVE-2025-59102 Secrets Stored in Plaintext in Database in dormakaba access manager

The web server of the Access Manager offers a functionality to download a backup of the local database stored on the device. This database contains the whole configuration. This includes encrypted MIFARE keys, card data, user PINs and much more. The PINs are even stored unencrypted. Combined with...

PT-2026-4752

The web server of the Access Manager offers a functionality to download a backup of the local database stored on the device. This database contains the whole configuration. This includes encrypted MIFARE keys, card data, user PINs and much more. The PINs are even stored unencrypted. Combined with...

Dormakaba Access Manager security vulnerabilities

Dormakaba Access Manager is a smart hardware controller developed by the American company Dormakaba. There is a security vulnerability in Dormakaba Access Manager. This vulnerability arises from the fact that the exported databases are sometimes not deleted, and the paths can be accessed without...