8 matches found
SUSE CVE-2023-43637
Due to the implementation of "deriveVaultKey", prior to version 7.10, the generated vault key would always have the last 16 bytes predetermined to be "arfoobarfoobarfo". This issue happens because "deriveVaultKey" calls "retrieveCloudKey" which will always return "foobarfoobarfoobarfoobarfoobarfo...
EVE Has Partially Predetermined Vault Key
Impact The deriveVaultKey function calls retrieveCloudKey which always returns "foobarfoobarfoobarfoobarfoobarfo". When merged with the randomly generated 32-byte key using mergeKeys 16 bytes from each, the last 16 bytes are always "arfoobarfoobarfo". This enables an attacker with physical access...
PT-2026-6420
Impact The deriveVaultKey function calls retrieveCloudKey which always returns "foobarfoobarfoobarfoobarfoobarfo". When merged with the randomly generated 32-byte key using mergeKeys 16 bytes from each, the last 16 bytes are always "arfoobarfoobarfo". This enables an attacker with physical access...
GHSA-HX74-4WMC-FWVF Duplicate Advisory: EVE Has Partially Predetermined Vault Key
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-wc42-fcjp-v8vq. This link is maintained to preserve external references. Original Description Due to the implementation of "deriveVaultKey", prior to version 7.10, the generated vault key would always have the...
Duplicate Advisory: EVE Has Partially Predetermined Vault Key
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-wc42-fcjp-v8vq. This link is maintained to preserve external references. Original Description Due to the implementation of "deriveVaultKey", prior to version 7.10, the generated vault key would always have the...
CVE-2023-43637
Due to the implementation of "deriveVaultKey", prior to version 7.10, the generated vault key would always have the last 16 bytes predetermined to be "arfoobarfoobarfo". This issue happens because "deriveVaultKey" calls "retrieveCloudKey" which will always return "foobarfoobarfoobarfoobarfoobarfo...
EVE OS Trust Management Issue Vulnerability
EVE OS is a general-purpose, open Linux-based operating system for distributed edge computing open-sourced by IF Edge. A security vulnerability exists in EVE OS versions prior to 7.10, which stems from deriveVaultKey predetermining the last 16 bytes of a vault key as arfoobarfoobarfo, resulting i...
PT-2023-28893
Name of the Vulnerable Software and Affected Versions SoftwareX versions prior to 7.10 Description The issue arises from the implementation of deriveVaultKey, which generates a vault key with the last 16 bytes predetermined to be "arfoobarfoobarfo". This occurs because deriveVaultKey calls...