CVE-2020-28395

A vulnerability has been identified in SCALANCE X-200RNA switch family All versions V3.2.7, SCALANCE X-300 switch family incl. X408 and SIPLUS NET variants All versions V4.1.0. Devices do not create a new unique private key after factory reset. An attacker could leverage this situation to a...

CVE-2020-28391

Summary: CVE-2020-28391 affects Siemens SCALANCE X switches (X-200, X-200IRT, X-200RNA; incl. SIPLUS NET variants). Root cause: after factory reset, devices normally generate a new unique key, but when used with C-PLUG they ship a hardcoded private RSA key, enabling a man-in-the-middle and decryp...

PT-2021-2203 · Siemens · Scalance X-200 +2

Name of the Vulnerable Software and Affected Versions: SCALANCE X-200 versions prior to V3.2.7 SCALANCE X-200IRT versions prior to V3.2.7 SCALANCE X-300 versions prior to V4.1.0 Description: The issue is related to the reset function of industrial switches, which does not generate a new...

CVE-2017-20001

The AES encryption project 7.x and 8.x for Drupal does not sufficiently prevent attackers from decrypting data, aka SA-CONTRIB-2017-027. NOTE: This project is not covered by Drupal's security advisory policy...

Drupal Encryption Problem Vulnerability

Drupal is an open source content management system developed in the PHP language by the Drupal community. An encryption issue vulnerability exists in Drupal AES encryption project 7.x and 8.x, which stems from a vulnerability that does not adequately prevent an attacker from being able to decrypt...

Tibco ObfuscationEngine 5.11 - Fixed Key Password Decryption

Exploit Title: Tibco ObfuscationEngine 5.11 - Fixed Key Password Decryption Date: December 8th 2020 Exploit Author: Tess Sluijter Vendor Homepage: https://www.tibco.com Version: 5.11x and before Tested on: MacOS, Linux, Windows Tibco password decryption exploit Background Tibco's documentation...

Kr00k vulnerability (CVE-2019-15126) in Broadcom and Cypress Wi-Fi chips

During the RSA conference of February 26th 2020, researchers Štefan Svorencík and Robert Lipovsky disclosed a vulnerability in the implementation of the wireless egress packet processing of certain Broadcom Wi-Fi chipsets. This vulnerability is referenced as CVE-2019-15126 and could allow an...

CVE-2020-4937

IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.0.3.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 191814...

Nextcloud Server server-side encryption key underprotection vulnerability (CNVD-2020-66860)

Nextcloud is a set of client-server software for creating file hosting services and using them. A server-side insufficient encryption key protection vulnerability exists in Nextcloud Server 19.0.1. An attacker can exploit the vulnerability to replace the public key and decrypt the encryption key...

CVE-2020-27688

RVToolsPasswordEncryption.exe in RVTools 4.0.6 allows users to encrypt passwords to be used in the configuration files. This encryption used a static IV and key, and thus using the Decrypt method from VISKD.cs from the RVTools.exe executable allows for decrypting the encrypted passwords. The...

CVE-2020-27688

RVToolsPasswordEncryption.exe in RVTools 4.0.6 allows users to encrypt passwords to be used in the configuration files. This encryption used a static IV and key, and thus using the Decrypt method from VISKD.cs from the RVTools.exe executable allows for decrypting the encrypted passwords. The...

Design/Logic Flaw

RVToolsPasswordEncryption.exe in RVTools 4.0.6 allows users to encrypt passwords to be used in the configuration files. This encryption used a static IV and key, and thus using the Decrypt method from VISKD.cs from the RVTools.exe executable allows for decrypting the encrypted passwords. The...

CVE-2020-27688

RVTools 4.0.6 is affected by CVE-2020-27688: RVToolsPasswordEncryption.exe uses a static IV and key for encryption, and the Decrypt() method in VISKD.cs within RVTools.exe can decrypt the stored passwords. This creates a risk that passwords in configuration files could be recovered by anyone with...

PT-2020-16764 · Robbie Van Bommel · Rvtools

Name of the Vulnerable Software and Affected Versions: RVTools version 4.0.6 Description: The issue concerns the encryption of passwords in RVTools. Specifically, the RVToolsPasswordEncryption.exe utility in RVTools 4.0.6 uses a static initialization vector IV and key for encryption. This static...

freerdp: Out-of-bounds read in security_fips_decrypt in libfreerdp/core/security.c

An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds OOB read vulnerability has been detected in securityfipsdecrypt in libfreerdp/core/security.c due to an uninitialized value...

Hardcoded credentials

A hardcoded AES key in CipherUtils.java in the Java applet of konzept-ix publiXone before 2020.015 allows attackers to craft password-reset tokens or decrypt server-side configuration files...

CVE-2020-27181

A hardcoded AES key in CipherUtils.java in the Java applet of konzept-ix publiXone before 2020.015 allows attackers to craft password-reset tokens or decrypt server-side configuration files...

CVE-2020-3549

A vulnerability in the sftunnel functionality of Cisco Firepower Management Center FMC Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to obtain the device registration hash. The vulnerability is due to insufficient sftunnel negotiation...

CVE-2020-1688

On Juniper Networks SRX Series and NFX Series, a local authenticated user with access to the shell may obtain the Web API service private key that is used to provide encrypted communication between the Juniper device and the authenticator services. Exploitation of this vulnerability may allow an...

CVE-2020-26511

The wpo365-login plugin before v11.7 for WordPress allows use of a symmetric algorithm to decrypt a JWT token. This leads to authentication bypass...