Use of Hard-coded Credentials

Overview Affected versions of this package are vulnerable to Use of Hard-coded Credentials via the deriveVaultKey function. An attacker can recover a significant portion of the cryptographic key by brute-forcing the remaining unpredictable bytes if they have physical access to the device...

Use of Hard-coded Credentials

Overview Affected versions of this package are vulnerable to Use of Hard-coded Credentials via the deriveVaultKey function. An attacker can recover a significant portion of the cryptographic key by brute-forcing the remaining unpredictable bytes if they have physical access to the device...

EUVD-2023-48037

Malicious code in bioql PyPI...

CVE-2023-43637

Due to the implementation of "deriveVaultKey", prior to version 7.10, the generated vault key would always have the last 16 bytes predetermined to be "arfoobarfoobarfo". This issue happens because "deriveVaultKey" calls "retrieveCloudKey" which will always return "foobarfoobarfoobarfoobarfoobarfo...

Information disclosure

Due to the implementation of "deriveVaultKey", prior to version 7.10, the generated vault key would always have the last 16 bytes predetermined to be "arfoobarfoobarfo". This issue happens because "deriveVaultKey" calls "retrieveCloudKey" which will always return "foobarfoobarfoobarfoobarfoobarfo...

CVE-2023-43637 Vault Key Partially Predetermined

Due to the implementation of "deriveVaultKey", prior to version 7.10, the generated vault key would always have the last 16 bytes predetermined to be "arfoobarfoobarfo". This issue happens because "deriveVaultKey" calls "retrieveCloudKey" which will always return "foobarfoobarfoobarfoobarfoobarfo...