Lucene search
K

9 matches found

Cvelist
Cvelist
•added 2026/05/28 6:34 p.m.•30 views

CVE-2026-45041 RustFS: Hard-coded RSA private key in license verifier permits arbitrary license forgery

RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta.2, crates/appauth/src/token.rs ships a 2048-bit RSA private key as a string constant named TESTPRIVATEKEY and uses it in production via parselicense to "verify" license tokens. Because the key is embedded in every...

8.7CVSS0.00239EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/05/28 6:34 p.m.•9 views

CVE-2026-45041 RustFS: Hard-coded RSA private key in license verifier permits arbitrary license forgery

RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta.2, crates/appauth/src/token.rs ships a 2048-bit RSA private key as a string constant named TESTPRIVATEKEY and uses it in production via parselicense to "verify" license tokens. Because the key is embedded in every...

8.7CVSS5.9AI score0.00239EPSS
Exploits0References1
CVE
CVE
•added 2026/05/28 6:34 p.m.•19 views

CVE-2026-45041

CVE-2026-45041 affects RustFS prior to 1.0.0-beta.2, where crates/appauth/src/token.rs embeds a 2048-bit RSA private key (TEST_PRIVATE_KEY) as a string constant and uses it in production to verify licenses. This allows anyone who can read the source or extract the key from binaries to mint arbitr...

8.7CVSS5.9AI score0.00239EPSS
Exploits0References1
Positive Technologies
Positive Technologies
•added 2026/05/28 12:0 a.m.•15 views

PT-2026-44469

RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta.2, crates/appauth/src/token.rs ships a 2048-bit RSA private key as a string constant named TEST PRIVATE KEY and uses it in production via parse license to "verify" license tokens. Because the key is embedded in every...

8.7CVSS5.9AI score0.00239EPSS
Exploits0References2
Vulnrichment
Vulnrichment
•added 2025/12/02 1:22 p.m.•2 views

CVE-2025-41086 Authorization bypass in GAMS from GAMS Development Corp.

Vulnerability in the access control system of the GAMS licensing system that allows unlimited valid licenses to be generated, bypassing any usage restrictions. The validator uses an insecure checksum algorithm; knowing this algorithm and the format of the license lines, an attacker can recalculat...

6.9CVSS6.5AI score0.0018EPSS
Exploits0References2
Cvelist
Cvelist
•added 2023/12/06 1:16 a.m.•19 views

CVE-2021-27795 License forgery in Brocade Fabric OS (FOS) hardware platforms running any version of Brocade Fabric OS software,

Brocade Fabric OS FOS hardware platforms running any version of Brocade Fabric OS software, which supports the license string format; contain cryptographic issues that could allow for the installation of forged or fraudulent license keys. This would allow attackers or a malicious party to forge a...

6.4CVSS8.3AI score0.00244EPSS
Exploits0References1
Broadcom
Broadcom
•added 2022/03/28 12:0 a.m.•8 views

License forgery in Brocade Fabric OS (FOS) hardware platforms running any version of Brocade Fabric OS software, (CVE-2021-27795)

Security Advisory ID : BSA-2022-1758 Component : Brocade Fabric OS License Revision : 2.0 Brocade Fabric OS FOS hardware platforms running any version of Brocade Fabric OS software, which supports the license string format; contain cryptographic issues that could allow for the installation of...

8.1CVSS6.8AI score0.00244EPSS
Exploits0
NCSC
NCSC
•added 2020/12/04 12:0 a.m.•3 views

WIBU CodeMeter vulnerabilities fixed

Wibu-Systems has fixed vulnerabilities in CodeMeter. Successful exploitation of these vulnerabilities could allow a malicious person to modify and forge a license file, create a denial-of-service condition, potentially execute remote code execute, read heap data, and disrupt the normal operation ...

9.8CVSS7.2AI score0.02031EPSS
Exploits0
OSV
OSV
•added 2020/09/16 8:15 p.m.•3 views

CVE-2020-14515

CodeMeter All versions prior to 6.90 when using CmActLicense update files with CmActLicense Firm Code has an issue in the license-file signature checking mechanism, which allows attackers to build arbitrary license files, including forging a valid license file as if it were a valid license file o...

7.5CVSS7.2AI score0.00838EPSS
Exploits0References1
Rows per page
Query Builder