EUVD-2017-15122

Malware in sbrugna...

EUVD-2017-15120

Malware in sbrugna...

R7-2017-02: Hyundai Blue Link Potential Info Disclosure (FIXED)

Summary Due to a reliance on cleartext communications and the use of a hard-coded decryption password, two outdated versions of Hyundai Blue Link application software, 3.9.4 and 3.9.5 potentially expose sensitive information about registered users and their vehicles, including application...

Hyundai Motor America Blue Link Sensitive Information Disclosure Vulnerability

Hyundai Motor America Blue Link is a remote wireless remote control device for use in automobiles. A sensitive information disclosure vulnerability exists in Hyundai Motor America Blue Link versions 3.9.5 and 3.9.4, which stems from the program's use of hard-coded passwords. An attacker could...

Hardcoded credentials

A Use of Hard-Coded Cryptographic Key issue was discovered in Hyundai Motor America Blue Link 3.9.5 and 3.9.4. The application uses a hard-coded decryption password to protect sensitive user information...

Code injection

A Man-in-the-Middle issue was discovered in Hyundai Motor America Blue Link 3.9.5 and 3.9.4. Communication channel endpoints are not verified, which may allow a remote attacker to access or influence communications between the identified endpoints...

CVE-2017-6054

A Use of Hard-Coded Cryptographic Key issue was discovered in Hyundai Motor America Blue Link 3.9.5 and 3.9.4. The application uses a hard-coded decryption password to protect sensitive user information...

CVE-2017-6052

A Man-in-the-Middle issue was discovered in Hyundai Motor America Blue Link 3.9.5 and 3.9.4. Communication channel endpoints are not verified, which may allow a remote attacker to access or influence communications between the identified endpoints...

CVE-2017-6054

A Use of Hard-Coded Cryptographic Key issue was discovered in Hyundai Motor America Blue Link 3.9.5 and 3.9.4. The application uses a hard-coded decryption password to protect sensitive user information...

CVE-2017-6052

A Man-in-the-Middle issue was discovered in Hyundai Motor America Blue Link 3.9.5 and 3.9.4. Communication channel endpoints are not verified, which may allow a remote attacker to access or influence communications between the identified endpoints...

CVE-2017-6054

CVE-2017-6054 corresponds to a Use of Hard-Coded Cryptographic Key in Hyundai Blue Link mobile app versions 3.9.4 and 3.9.5. The vulnerability arises from a hard-coded decryption password used to protect sensitive user information. Rapid7 and ICS-CERT disclosures describe a log transmission featu...

CVE-2017-6052

CVE-2017-6052 affects Hyundai Blue Link mobile apps v3.9.4 and v3.9.5, where communication endpoints are not verified, enabling a remote attacker to access or influence transmissions between endpoints (Man-in-the-Middle). The Rapid7 advisory notes the vulnerability could expose user credentials, ...

CVE-2017-6054

A Use of Hard-Coded Cryptographic Key issue was discovered in Hyundai Motor America Blue Link 3.9.5 and 3.9.4. The application uses a hard-coded decryption password to protect sensitive user information...

CVE-2017-6052

A Man-in-the-Middle issue was discovered in Hyundai Motor America Blue Link 3.9.5 and 3.9.4. Communication channel endpoints are not verified, which may allow a remote attacker to access or influence communications between the identified endpoints...

Hyundai Patches Leaky Blue Link Mobile App

Hyundai Motor America has patched a vulnerability in its Blue Link mobile application that exposed personal and vehicle information to an attacker. Updated versions of the app 3.9.6 were released to Google Play and the Apple App Store on March 8, a little more than one month after Rapid7 learned...

Hyundai Motor America Blue Link

CVSS v3 7.5 ATTENTION: Remotely exploitable Vendor: Hyundai Motor America Equipment: Blue Link Vulnerability: Man-in-the-Middle, Use of Hard-Coded Cryptographic Key AFFECTED PRODUCTS The following versions of Blue Link, a mobile application for Hyundai vehicle management, are affected: Blue Link...