CVE-2025-52373

Use of hardcoded cryptographic key in BlowFish.cpp in hMailServer 5.8.6 and 5.6.9-beta allows attacker to decrypt passwords used in database connections from hMailServer.ini config file...

CVE-2025-52374

Use of hardcoded cryptographic key in Encryption.cs in hMailServer 5.8.6 and 5.6.9-beta allows attacker to decrypt passwords to other servers from hMailAdmin.exe.config file to access other hMailServer admin consoles with configured connections...

CVE-2025-52374

Use of hardcoded cryptographic key in Encryption.cs in hMailServer 5.8.6 and 5.6.9-beta allows attacker to decrypt passwords to other servers from hMailAdmin.exe.config file to access other hMailServer admin consoles with configured connections...

CVE-2025-52374

Use of hardcoded cryptographic key in Encryption.cs in hMailServer 5.8.6 and 5.6.9-beta allows attacker to decrypt passwords to other servers from hMailAdmin.exe.config file to access other hMailServer admin consoles with configured connections...

PT-2025-30302 · Unknown · Hmailserver

Name of the Vulnerable Software and Affected Versions: hMailServer versions 5.6.9-beta through 5.8.6 Description: The software uses a hardcoded cryptographic key in the Encryption.cs file. This allows an attacker to decrypt passwords for other servers stored in the hMailAdmin.exe.config file,...

Ivanti Endpoint Manager Encryption Misuse Vulnerability (CNVD-2025-18155)

Ivanti Endpoint Manager is a comprehensive endpoint management solution developed by Ivanti to manage all endpoint devices in an enterprise network. An encryption misuse vulnerability exists in Ivanti Endpoint Manager, which can be exploited by an attacker to decrypt other users' passwords...

CVE-2025-52374

Use of hardcoded cryptographic key in Encryption.cs in hMailServer 5.8.6 and 5.6.9-beta allows attacker to decrypt passwords to other servers from hMailAdmin.exe.config file to access other hMailServer admin consoles with configured connections...

CVE-2025-52373

The CVE-2025-52373 entry describes a vulnerability in hMailServer where a hardcoded cryptographic key in BlowFish.cpp affects versions 5.8.6 and 5.6.9-beta. This enables an attacker to decrypt passwords used for database connections from hMailServer.ini. The impact is disclosure of stored DB cred...

Ivanti Endpoint Manager Encryption Misuse Vulnerability

Ivanti Endpoint Manager is a comprehensive endpoint management solution developed by Ivanti to manage all endpoint devices in an enterprise network. Ivanti Endpoint Manager suffers from a cryptographic misuse vulnerability that stems from an incorrect cryptographic implementation, which can be...

CVE-2025-6996

Improper use of encryption in the agent of Ivanti Endpoint Manager before version 2024 SU3 and 2022 SU8 Security Update 1 allows a local authenticated attacker to decrypt other users’ passwords...

CVE-2025-6995

Improper use of encryption in the agent of Ivanti Endpoint Manager before version 2024 SU3 and 2022 SU8 Security Update 1 allows a local authenticated attacker to decrypt other users’ passwords...

CVE-2025-6996

Improper use of encryption in the agent of Ivanti Endpoint Manager before version 2024 SU3 and 2022 SU8 Security Update 1 allows a local authenticated attacker to decrypt other users’ passwords...

CVE-2025-6996

Improper use of encryption in the agent of Ivanti Endpoint Manager before version 2024 SU3 and 2022 SU8 Security Update 1 allows a local authenticated attacker to decrypt other users’ passwords...

CVE-2025-6996 Improper Encryption in Ivanti Endpoint Manager

Improper use of encryption in the agent of Ivanti Endpoint Manager before version 2024 SU3 and 2022 SU8 Security Update 1 allows a local authenticated attacker to decrypt other users’ passwords...

CVE-2025-6996 Improper Encryption in Ivanti Endpoint Manager

Improper use of encryption in the agent of Ivanti Endpoint Manager before version 2024 SU3 and 2022 SU8 Security Update 1 allows a local authenticated attacker to decrypt other users’ passwords...

CVE-2025-6996

CVE-2025-6996 concerns Ivanti Endpoint Manager. The issue is an improper use of encryption in the agent that, on affected versions prior to 2024 SU3 and prior to 2022 SU8 Security Update 1, could let a local authenticated attacker decrypt other users’ passwords. The vulnerability affects Ivanti E...

CVE-2025-6995 Improper Encryption in Ivanti Endpoint Manager

Improper use of encryption in the agent of Ivanti Endpoint Manager before version 2024 SU3 and 2022 SU8 Security Update 1 allows a local authenticated attacker to decrypt other users’ passwords...

CVE-2025-6995 Improper Encryption in Ivanti Endpoint Manager

Improper use of encryption in the agent of Ivanti Endpoint Manager before version 2024 SU3 and 2022 SU8 Security Update 1 allows a local authenticated attacker to decrypt other users’ passwords...

PT-2025-28466 · Ivanti · Ivanti Endpoint Manager

Name of the Vulnerable Software and Affected Versions: Ivanti Endpoint Manager versions prior to 2024 SU3 Ivanti Endpoint Manager versions prior to 2022 SU8 Security Update 1 Description: The issue is related to the improper use of encryption in the agent of Ivanti Endpoint Manager. This allows a...

Ivanti Endpoint Manager 安全漏洞

Ivanti Endpoint Manager is a comprehensive endpoint management solution developed by Ivanti to manage all endpoint devices in an enterprise network. Ivanti Endpoint Manager suffers from a cryptographic misuse vulnerability that stems from an incorrect cryptographic implementation, which can be...