Lucene search
K

8 matches found

SUSE CVE
SUSE CVE
added 2026/03/12 10:0 a.m.4 views

SUSE CVE-2023-43637

Due to the implementation of "deriveVaultKey", prior to version 7.10, the generated vault key would always have the last 16 bytes predetermined to be "arfoobarfoobarfo". This issue happens because "deriveVaultKey" calls "retrieveCloudKey" which will always return "foobarfoobarfoobarfoobarfoobarfo...

7.8CVSS5.8AI score0.00134EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/02/04 11:21 p.m.14 views

EVE Has Partially Predetermined Vault Key

Impact The deriveVaultKey function calls retrieveCloudKey which always returns "foobarfoobarfoobarfoobarfoobarfo". When merged with the randomly generated 32-byte key using mergeKeys 16 bytes from each, the last 16 bytes are always "arfoobarfoobarfo". This enables an attacker with physical access...

7.8CVSS7.2AI score0.00134EPSS
Exploits0References6Affected Software1
Positive Technologies
Positive Technologies
added 2026/02/04 12:0 a.m.4 views

PT-2026-6420

Impact The deriveVaultKey function calls retrieveCloudKey which always returns "foobarfoobarfoobarfoobarfoobarfo". When merged with the randomly generated 32-byte key using mergeKeys 16 bytes from each, the last 16 bytes are always "arfoobarfoobarfo". This enables an attacker with physical access...

7.8CVSS5.4AI score0.00134EPSS
Exploits0References7
OSV
OSV
added 2023/09/21 3:30 p.m.2 views

GHSA-HX74-4WMC-FWVF Duplicate Advisory: EVE Has Partially Predetermined Vault Key

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-wc42-fcjp-v8vq. This link is maintained to preserve external references. Original Description Due to the implementation of "deriveVaultKey", prior to version 7.10, the generated vault key would always have the...

7.8CVSS5.4AI score0.00134EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2023/09/21 3:30 p.m.5 views

Duplicate Advisory: EVE Has Partially Predetermined Vault Key

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-wc42-fcjp-v8vq. This link is maintained to preserve external references. Original Description Due to the implementation of "deriveVaultKey", prior to version 7.10, the generated vault key would always have the...

7.8CVSS5.4AI score0.00134EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2023/09/21 2:15 p.m.5 views

CVE-2023-43637

Due to the implementation of "deriveVaultKey", prior to version 7.10, the generated vault key would always have the last 16 bytes predetermined to be "arfoobarfoobarfo". This issue happens because "deriveVaultKey" calls "retrieveCloudKey" which will always return "foobarfoobarfoobarfoobarfoobarfo...

7.8CVSS5.8AI score0.00134EPSS
Exploits0References1
CNNVD
CNNVD
added 2023/09/21 12:0 a.m.4 views

EVE OS Trust Management Issue Vulnerability

EVE OS is a general-purpose, open Linux-based operating system for distributed edge computing open-sourced by IF Edge. A security vulnerability exists in EVE OS versions prior to 7.10, which stems from deriveVaultKey predetermining the last 16 bytes of a vault key as arfoobarfoobarfo, resulting i...

7.8CVSS6.7AI score0.00134EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2023/09/21 12:0 a.m.9 views

PT-2023-28893

Name of the Vulnerable Software and Affected Versions SoftwareX versions prior to 7.10 Description The issue arises from the implementation of deriveVaultKey, which generates a vault key with the last 16 bytes predetermined to be "arfoobarfoobarfo". This occurs because deriveVaultKey calls...

9.9CVSS7.2AI score0.27661EPSS
Exploits45References120
Rows per page
Query Builder