2 matches found
SSL / TLS Certificate Known Hard Coded Private Keys
The remote host is running a service that is using a publicly known SSL / TLS private key. An attacker may use this key to decrypt intercepted traffic between users and the device. A remote attacker can also perform a man-in-the-middle attack in order to gain access to the system or modify data i...
CVE-2015-7255
CVE-2015-7255 concerns multiple ZTE devices (e.g., OX-330P, ZXHN H108N, MF28G, HG110, and others) that use non-unique X.509 certificates and SSH host keys. The underlying issue is the reuse of cryptographic material across devices, which can enable a remote attacker to impersonate a device or per...