CVE-2025-63433

Xtooltech Xtool AnyScan Android Application 4.40.40 and prior uses a hardcoded cryptographic key and IV to decrypt update metadata. The key is stored as a static value within the application's code. An attacker with the ability to intercept network traffic can use this hardcoded key to decrypt,...

EUVD-2020-20192

Malware in sbrugna...

EUVD-2021-19554

Malware in sbrugna...

EUVD-2023-12404

Malicious code in bioql PyPI...

EUVD-2023-52140

Malicious code in bioql PyPI...

EUVD-2024-40429

Malicious code in bioql PyPI...

CVE-2024-47122

In the goTenna Pro App, the encryption keys are stored along with a static IV on the End User Device EUD. This allows for complete decryption of keys stored on the EUD if physically compromised. This allows an attacker to decrypt all encrypted broadcast communications based on encryption keys...

CVE-2023-48056

PyPinkSign v0.5.1 uses a non-random or static IV for Cipher Block Chaining CBC mode in AES encryption. This vulnerability can lead to the disclosure of information and communications...

CVE-2023-0343

Akuvox E11 contains a function that encrypts messages which are then forwarded. The IV vector and the key are static, and this may allow an attacker to decrypt messages...

CVE-2024-47122

In the goTenna Pro App, the encryption keys are stored along with a static IV on the End User Device EUD. This allows for complete decryption of keys stored on the EUD if physically compromised. This allows an attacker to decrypt all encrypted broadcast communications based on encryption keys...

CVE-2024-45374

The goTenna Pro ATAK plugin uses a weak password for sharing encryption keys via the key broadcast method. If the broadcasted encryption key is captured over RF, and password is cracked via brute force attack, it is possible to decrypt it and use it to decrypt all future and past messages sent vi...

CVE-2024-43694

In the goTenna Pro ATAK Plugin application, the encryption keys are stored along with a static IV on the device. This allows for complete decryption of keys stored on the device. This allows an attacker to decrypt all encrypted broadcast communications based on broadcast keys stored on the device...

CVE-2024-43694

In the goTenna Pro ATAK Plugin application, the encryption keys are stored along with a static IV on the device. This allows for complete decryption of keys stored on the device. This allows an attacker to decrypt all encrypted broadcast communications based on broadcast keys stored on the device...

CVE-2024-43694

The CVE-2024-43694 issue affects the goTenna Pro ATAK Plugin. Insecure storage of encryption keys with a static IV on the End User Device enables full decryption of device-stored keys and thus all encrypted broadcast communications. Affected versions include goTenna Pro ATAK Plugin prior to the f...

CVE-2024-43694 goTenna Pro ATAK Plugin Insecure Storage of Sensitive Information

In the goTenna Pro ATAK Plugin application, the encryption keys are stored along with a static IV on the device. This allows for complete decryption of keys stored on the device. This allows an attacker to decrypt all encrypted broadcast communications based on broadcast keys stored on the device...

CVE-2024-43694 goTenna Pro ATAK Plugin Insecure Storage of Sensitive Information

In the goTenna Pro ATAK Plugin application, the encryption keys are stored along with a static IV on the device. This allows for complete decryption of keys stored on the device. This allows an attacker to decrypt all encrypted broadcast communications based on broadcast keys stored on the device...

CVE-2024-47122

CVE-2024-47122 describes insecure storage of encryption keys in the goTenna Pro ecosystem: encryption keys are stored on the End User Device together with a static IV, enabling decryption of all encrypted broadcast communications if the EUD is physically compromised. Affected products include goT...

CVE-2024-45374

The CVE-2024-45374 entry concerns the goTenna Pro ATAK Plugin, where encryption keys are shared via a key broadcast method that uses weak passwords. If the broadcasted key is captured over RF and cracked, all past and future messages encrypted with that key can be decrypted. This vulnerability ap...

CVE-2024-45374 goTenna Pro ATAK Plugin Weak Password Requirements

The goTenna Pro ATAK plugin uses a weak password for sharing encryption keys via the key broadcast method. If the broadcasted encryption key is captured over RF, and password is cracked via brute force attack, it is possible to decrypt it and use it to decrypt all future and past messages sent vi...

PT-2024-30621 · Gotenna · Gotenna Pro Atak Plugin

Name of the Vulnerable Software and Affected Versions: goTenna Pro ATAK Plugin affected versions not specified Description: The goTenna Pro ATAK Plugin application stores encryption keys along with a static IV on the device, allowing for complete decryption of keys stored on the device. This...