6 matches found
EUVD-2024-52171
Malicious code in bioql PyPI...
CVE-2024-53845
ESPTouch is a connection protocol for internet of things devices. In the ESPTouchV2 protocol, while there is an option to use a custom AES key, there is no option to set the IV Initialization Vector prior to versions 5.3.2, 5.2.4, 5.1.6, and 5.0.8. The IV is set to zero and remains constant...
CVE-2024-53845
ESPTouch is a connection protocol for internet of things devices. In the ESPTouchV2 protocol, while there is an option to use a custom AES key, there is no option to set the IV Initialization Vector prior to versions 5.3.2, 5.2.4, 5.1.6, and 5.0.8. The IV is set to zero and remains constant...
CVE-2024-53845
CVE-2024-53845 concerns ESPRESSIF ESP-IDF’s ESPTouch v2 AES/CBC encryption where the Initialization Vector (IV) was not configurable prior to versions 5.3.2, 5.2.4, 5.1.6, and 5.0.8, causing a deterministic ciphertext and potential data leakage. The fixed behavior, implemented in these versions, ...
CVE-2024-53845 AES/CBC Constant IV Vulnerability in ESPTouch v2
ESPTouch is a connection protocol for internet of things devices. In the ESPTouchV2 protocol, while there is an option to use a custom AES key, there is no option to set the IV Initialization Vector prior to versions 5.3.2, 5.2.4, 5.1.6, and 5.0.8. The IV is set to zero and remains constant...
CVE-2024-53845 AES/CBC Constant IV Vulnerability in ESPTouch v2
ESPTouch is a connection protocol for internet of things devices. In the ESPTouchV2 protocol, while there is an option to use a custom AES key, there is no option to set the IV Initialization Vector prior to versions 5.3.2, 5.2.4, 5.1.6, and 5.0.8. The IV is set to zero and remains constant...