PT-2025-28467 · Ivanti · Ivanti Endpoint Manager

Name of the Vulnerable Software and Affected Versions: Ivanti Endpoint Manager versions prior to 2024 SU3 Ivanti Endpoint Manager versions prior to 2022 SU8 Security Update 1 Description: The issue is related to the improper use of encryption in the agent of Ivanti Endpoint Manager. This allows a...

📄 McAfee Agent 5.7.6 Insecure Storage

This script demonstrates the vulnerability in McAfee's Trellix Agent Database where attackers can retrieve and decrypt credentials from the ma.db database file. Version 5.7.6 is affected. Exploit Title: McAfee Agent 5.7.6 - Insecure Storage of Sensitive Information Date: 24 June 2025 Exploit...

CVE-2025-22463

A hardcoded key in Ivanti Workspace Control before version 10.19.10.0 allows a local authenticated attacker to decrypt the stored environment password...

CVE-2024-29146

User passwords are decrypted and stored on memory before any user logged in. Those decrypted passwords can be retrieved from the coredump file. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under...

CVE-2024-3543

Use of reversible password encryption algorithm allows attackers to decrypt passwords. Sensitive information can be easily unencrypted by the attacker, stolen credentials can be used for arbitrary actions to corrupt the system...

CVE-2023-0353

Akuvox E11 uses a weak encryption algorithm for stored passwords and uses a hard-coded password for decryption which could allow the encrypted passwords to be decrypted from the configuration file...

CVE-2021-45458

Apache Kylin provides encryption classes PasswordPlaceholderConfigurer to help users encrypt their passwords. In the encryption algorithm used by this encryption class, the cipher is initialized with a hardcoded key and IV. If users use class PasswordPlaceholderConfigurer to encrypt their passwor...

CVE-2005-4860

Spectrum Cash Receipting System before 6.504 uses weak cryptography static substitution in the PASSFILE password file, which makes it easier for local users to gain privileges by decrypting a password...

CVE-2024-48353

Yealink Meeting Server before V26.0.0.67 allows attackers to obtain static key information from a front-end JS file and decrypt the plaintext passwords based on the obtained key information...

CVE-2024-54089

A vulnerability has been identified in APOGEE PXC Series BACnet All versions, APOGEE PXC Series P2 Ethernet All versions, TALON TC Series BACnet All versions. Affected devices contain a weak encryption mechanism based on a hard-coded key. This could allow an attacker to guess or decrypt the...

Siemens APOGEE Series 加密问题漏洞

Siemens APOGEE Series is a family of building automation and control systems from Siemens, Germany. The Siemens APOGEE Series suffers from a cryptographic vulnerability that arises from the fact that the affected devices contain a weak encryption mechanism based on hard-coded keys. This could all...

Siemens Apogee PXC100 Devices

SUMMARY Apogee PXC and Talon TC contain a vulnerability that could allow an attacker to perform a denial of service using a out-of-bounds read forcing the device to enter a cold state and a vulnerability that would allow an attacker to decrypt the passwords of the device. Siemens recommends...

CVE-2024-52884

An issue was discovered in AudioCodes Mediant Session Border Controller SBC before 7.40A.501.841. Due to the use of weak password obfuscation/encryption, an attacker with access to configuration exports INI is able to decrypt the passwords...

AudioCodes Mediant Session Border Controller 安全漏洞

AudioCodes Mediant Session Border Controller AudioCodes Mediant SBC is a session border controller from AudioCodes, Inc. A security vulnerability exists in AudioCodes Mediant Session Border Controller SBC versions prior to 7.40A.501.841, which stems from the use of weak password obfuscation, wher...

PT-2024-35953 · Rpgp · Rpgp

Name of the Vulnerable Software and Affected Versions: rPGP versions prior to 0.14.1 Description: The issue allows an attacker to trigger crashes in rPGP by providing crafted data. This can occur in various scenarios, including parsing OpenPGP messages, decrypting messages via decrypt with...

PT-2024-22764 · Sharp +1 · Multiple Mfps

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue involves user passwords being decrypted and stored in memory before any user logs in. These decrypted passwords can be retrieved from the...

CVE-2024-48353

Yealink Meeting Server before V26.0.0.67 allows attackers to obtain static key information from a front-end JS file and decrypt the plaintext passwords based on the obtained key information...

The vulnerability of the SCKU Dome software lies in the use of a weak encryption algorithm, which allows attackers to decrypt user passwords.

The vulnerability of the SCKU Dome software is related to the use of a weak encryption algorithm. Allowing unauthorized users to decrypt user passwords...

TopQuadrant TopBraid EDG 安全漏洞

TopQuadrant TopBraid EDG is a knowledge graph creation and management tool from TopQuadrant. A security vulnerability exists in TopQuadrant TopBraid EDG version 7.1.3, which originates when an authenticated attacker with file system access can obtain the key to decrypt an external password stored...

CVE-2024-3543

Use of reversible password encryption algorithm allows attackers to decrypt passwords. Sensitive information can be easily unencrypted by the attacker, stolen credentials can be used for arbitrary actions to corrupt the system...