4 matches found
CVE-2024-5264 Network Key Transfer with AES KHT vulnerability in Luna EFT
Network Transfer with AES KHT in Thales Luna EFT 2.1 and above allows a user with administrative console access to access backups taken via offline analysis...
CVE-2024-5264 Network Key Transfer with AES KHT vulnerability in Luna EFT
Network Transfer with AES KHT in Thales Luna EFT 2.1 and above allows a user with administrative console access to access backups taken via offline analysis...
Approvals not cleared after key transfer
Handle cmichel Vulnerability details The locks implement three different approval types, see onlyKeyManagerOrApproved for an overview: key manager map keyManagerOf single-person approvals map approved. Cleared by clearApproval or setKeyManagerOf operator approvals map managerToOperatorApproved Th...
Key transfer will destroy key if from==to
Handle kenzo Vulnerability details If calling transferFrom with from == recipient, the key will get destroyed meaning the key will be set as expired and set the owner's key to be 0. Impact A key manager or approved might accidently destroy user's token. Note: this requires user error and so I'm n...