PT-2024-31587 · Gotenna · Gotenna Pro Atak Plugin

Name of the Vulnerable Software and Affected Versions: goTenna Pro ATAK plugin affected versions not specified Description: The issue concerns the use of weak passwords for sharing encryption keys via the key broadcast method in the goTenna Pro ATAK plugin. If the broadcasted encryption key is...

PT-2024-32417

Name of the Vulnerable Software and Affected Versions goTenna Pro App affected versions not specified goTenna Pro X goTenna Pro X2 Description The encryption keys in the goTenna Pro App are stored along with a static IV on the End User Device EUD, allowing for complete decryption of keys if the...

goTenna Pro 安全漏洞

The goTenna Pro is a series of devices from goTenna that can create networks for off-grid communications and situational awareness. A security vulnerability exists in goTenna Pro that stems from an encryption key being stored on the device along with a static IV...

Netlogon Weak Cryptographic Authentication

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'windowserror' class MetasploitModule 'Netlogon Weak Cryptographic Authentication', 'Description' = %q A vulnerability exists within the Netlogon authentication...

CVE-2023-31305

CVE-2023-31305 describes weak and predictable IV generation in Power Management Firmware (PMFW). Under local access with high privileges, an attacker could reuse IV values to reverse‑engineer debug data, potentially causing information disclosure. The provided materials confirm the vulnerability ...

CVE-2023-31305

Generation of weak and predictable Initialization Vector IV in PMFW Power Management Firmware may allow an attacker with privileges to reuse IV values to reverse-engineer debug data, potentially resulting in information disclosure...

Ciphertext Leakage

Netbird is vulnerable to Ciphertext Leakage. The vulnerability is due to the use of a static initialization vector IV in the Encrypt function within the crypt.go file, which does not change for different encryption operations and allows attackers to expose the sensitive information through...

GHSA-9V35-4XCR-W9PH NetBird uses a static initialization vector (IV)

A static initialization vector IV in the encrypt function of netbird management's service from v0.23.2 to v0.29.1 allows attackers to obtain sensitive information email addresses when in possession of the audit events database...

CVE-2024-41260

A static initialization vector IV in the encrypt function of netbird management's service from v0.23.2 to v0.29.1 allows attackers to obtain sensitive information email addresses when in possession of the audit events database...

CVE-2024-41260

A static initialization vector IV in the encrypt function of netbird management's service from v0.23.2 to v0.29.1 allows attackers to obtain sensitive information email addresses when in possession of the audit events database...

CVE-2024-41260

A static initialization vector IV in the encrypt function of netbird management's service from v0.23.2 to v0.29.1 allows attackers to obtain sensitive information email addresses when in possession of the audit events database...

NetBird 安全漏洞

NetBird is an open source network security platform open sourced by netbirdio. A security vulnerability exists in NetBird version 0.28.4, which stems from a static initialization vector IV in the encryption function that allows an attacker to obtain sensitive information...

CVE-2024-41260

A static initialization vector IV in the encrypt function of netbird management's service from v0.23.2 to v0.29.1 allows attackers to obtain sensitive information email addresses when in possession of the audit events database...

PT-2024-29338

Name of the Vulnerable Software and Affected Versions netbird version 0.28.4 Description The issue concerns a static initialization vector IV used in the encrypt function, allowing attackers to obtain sensitive information. This static IV is utilized in the github.com/netbirdio/netbird code...

SUSE CVE-2022-26306

LibreOffice supports the storage of passwords for web connections in the user's configuration database. The stored passwords are encrypted with a single master key provided by the user. A flaw in LibreOffice existed where the required initialization vector for encryption was always the same which...

Insecure Cryptography

elixir is vulnerable to Insecure Cryptography. The vulnerability is due to Elixir's implementation of Blowfish in CFB mode without generating a unique initialization vector IV for each encryption operation, which allows context-dependent users to obtain sensitive information and decrypt the...

CentOS 8 : libreoffice (CESA-2023:0089)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2023:0089 advisory. - libreoffice: Execution of Untrusted Macros Due to Improper Certificate Validation CVE-2022-26305 - libreoffice: Static Initialization Vector Allows t...

openssl: Incorrect cipher key and IV length processing

A flaw was found in OpenSSL in how it processes key and initialization vector IV lengths. This issue can lead to potential truncation or overruns during the initialization of some symmetric ciphers. A truncation in the IV can result in non-uniqueness, which could result in loss of confidentiality...

openssl: Incorrect cipher key and IV length processing

A flaw was found in OpenSSL in how it processes key and initialization vector IV lengths. This issue can lead to potential truncation or overruns during the initialization of some symmetric ciphers. A truncation in the IV can result in non-uniqueness, which could result in loss of confidentiality...

CLSA-2023-1702495193 openssl: Fix of CVE-2023-5363

CVE-2023-5363: evp: process key length and iv length early if present...