432 matches found
PT-2025-6799 · Mobaxterm · Mobaxterm
Name of the Vulnerable Software and Affected Versions: MobaXterm versions prior to 25.0 Description: The issue exists in the password storage of MobaXterm, where it uses an initialization vector IV consisting only of zero bytes and a master key to encrypt each password individually. In the defaul...
CVE-2022-26083
Generation of weak initialization vector in an IntelR IPP Cryptography software library before version 2021.5 may allow an unauthenticated user to potentially enable information disclosure via local access...
CVE-2022-26083
Generation of weak initialization vector in an IntelR IPP Cryptography software library before version 2021.5 may allow an unauthenticated user to potentially enable information disclosure via local access...
CVE-2022-26083
Affected software: Intel® IPP Cryptography library (before version 2021.5). Issue (root cause): Generation of a weak initialization vector may allow an unauthenticated user to potentially cause information disclosure via local access. Impact: Information disclosure with high impact (confidentiali...
CVE-2022-26083
Generation of weak initialization vector in an IntelR IPP Cryptography software library before version 2021.5 may allow an unauthenticated user to potentially enable information disclosure via local access...
CVE-2022-26083
Generation of weak initialization vector in an IntelR IPP Cryptography software library before version 2021.5 may allow an unauthenticated user to potentially enable information disclosure via local access...
CVE-2022-26083
Generation of weak initialization vector in an IntelR IPP Cryptography software library before version 2021.5 may allow an unauthenticated user to potentially enable information disclosure via local access...
PT-2025-6481 · Intel · Intel Ipp Cryptography
Name of the Vulnerable Software and Affected Versions: IntelR IPP Cryptography software library versions prior to 2021.5 Description: The issue is related to the generation of a weak initialization vector in the IntelR IPP Cryptography software library. This may allow an unauthenticated user to...
PT-2026-2892
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw within the crypto subsystem, specifically related to the seqiv functionality. After the crypto aead encrypt function is called, the associated request...
CVE-2024-53845
ESPTouch is a connection protocol for internet of things devices. In the ESPTouchV2 protocol, while there is an option to use a custom AES key, there is no option to set the IV Initialization Vector prior to versions 5.3.2, 5.2.4, 5.1.6, and 5.0.8. The IV is set to zero and remains constant...
Espressif ESP-IDF 安全漏洞
Espressif ESP-IDF is an Internet of Things IoT development framework from China Loxin Espressif. A security vulnerability exists in Espressif ESP-IDF, which stems from the fact that the encrypted output becomes deterministic if the IV is not properly initialized, leading to a potential data leak...
CVE-2024-53845 AES/CBC Constant IV Vulnerability in ESPTouch v2
ESPTouch is a connection protocol for internet of things devices. In the ESPTouchV2 protocol, while there is an option to use a custom AES key, there is no option to set the IV Initialization Vector prior to versions 5.3.2, 5.2.4, 5.1.6, and 5.0.8. The IV is set to zero and remains constant...
CVE-2024-53845
CVE-2024-53845 concerns ESPRESSIF ESP-IDF’s ESPTouch v2 AES/CBC encryption where the Initialization Vector (IV) was not configurable prior to versions 5.3.2, 5.2.4, 5.1.6, and 5.0.8, causing a deterministic ciphertext and potential data leakage. The fixed behavior, implemented in these versions, ...
CVE-2024-53845 AES/CBC Constant IV Vulnerability in ESPTouch v2
ESPTouch is a connection protocol for internet of things devices. In the ESPTouchV2 protocol, while there is an option to use a custom AES key, there is no option to set the IV Initialization Vector prior to versions 5.3.2, 5.2.4, 5.1.6, and 5.0.8. The IV is set to zero and remains constant...
CVE-2024-53845 AES/CBC Constant IV Vulnerability in ESPTouch v2
ESPTouch is a connection protocol for internet of things devices. In the ESPTouchV2 protocol, while there is an option to use a custom AES key, there is no option to set the IV Initialization Vector prior to versions 5.3.2, 5.2.4, 5.1.6, and 5.0.8. The IV is set to zero and remains constant...
GHSA-H63V-HW6G-X8HP Bit flip attack vulnerability in cookie-encrypter
due to a weakness in the encryption method used in cookie-encrypter an attack can use the world visible IV to edit encrypted cookies without decrypting the cookie itself. This is known as an AES CBC bit flipping attack...
Bit flip attack vulnerability in cookie-encrypter
due to a weakness in the encryption method used in cookie-encrypter an attack can use the world visible IV to edit encrypted cookies without decrypting the cookie itself. This is known as an AES CBC bit flipping attack...
CVE-2024-47122
In the goTenna Pro App, the encryption keys are stored along with a static IV on the End User Device EUD. This allows for complete decryption of keys stored on the EUD if physically compromised. This allows an attacker to decrypt all encrypted broadcast communications based on encryption keys...
goTenna Pro 安全漏洞
goTenna Pro is a series of devices from goTenna that can create networks for off-grid communications and situational awareness. A security vulnerability exists in goTenna Pro versions 1.9.12 and earlier, which stems from an encryption key being stored with a static IV, which allows the key stored...
goTenna Pro ATAK Plugin 安全漏洞
The goTenna Pro ATAK Plugin is a plugin for goTenna's device that creates networks for off-grid communication and situational awareness. A security vulnerability exists in goTenna Pro ATAK Plugin version 1.9.12 and earlier, which stems from an encryption key being stored on the device along with ...