4 matches found
Siemens SIMATIC S7-1500 Insufficient Verification of Data Authenticity (CVE-2021-4122)
It was found that a specially crafted LUKS header could trick cryptsetup into disabling encryption during the recovery of the device. An attacker with physical access to the medium, such as a flash disk, could use this flaw to force a user into permanently disabling the encryption layer of that...
CVE-2023-30757
A vulnerability has been identified in Totally Integrated Automation Portal TIA Portal V14 All versions, Totally Integrated Automation Portal TIA Portal V15 All versions, Totally Integrated Automation Portal TIA Portal V15.1 All versions, Totally Integrated Automation Portal TIA Portal V16 All...
CVE-2020-12801 Crash-recovered MSOffice encrypted documents defaulted to not to using encryption on next save
If LibreOffice has an encrypted document open and crashes, that document is auto-saved encrypted. On restart, LibreOffice offers to restore the document and prompts for the password to decrypt it. If the recovery is successful, and if the file format of the recovered document was not LibreOffice'...
Legal Robot: Account profile shows encryption recovery box for all users
A security researcher discovered that the encryption recovery section on the Legal Robot account profile page was shown to all users, even those that were not using the feature. There was no security impact from any user seeing or using the feature - quite the opposite, in fact. However, when...