CVE-2025-59102 Secrets Stored in Plaintext in Database in dormakaba access manager

The web server of the Access Manager offers a functionality to download a backup of the local database stored on the device. This database contains the whole configuration. This includes encrypted MIFARE keys, card data, user PINs and much more. The PINs are even stored unencrypted. Combined with...

EUVD-2025-206369

The web server of the Access Manager offers a functionality to download a backup of the local database stored on the device. This database contains the whole configuration. This includes encrypted MIFARE keys, card data, user PINs and much more. The PINs are even stored unencrypted. Combined with...

CVE-2025-59102

The CVE-2025-59102 entry concerns the Access Manager web server’s backup-download functionality, which can expose the device’s entire configuration including unencrypted PINs and MIFARE keys. Connected Red Hat CVEs clarify the adjacent issues: CVE-2025-59101 allows an attacker to bypass session m...

PT-2026-4752

The web server of the Access Manager offers a functionality to download a backup of the local database stored on the device. This database contains the whole configuration. This includes encrypted MIFARE keys, card data, user PINs and much more. The PINs are even stored unencrypted. Combined with...

Dormakaba Access Manager security vulnerabilities

Dormakaba Access Manager is a smart hardware controller developed by the American company Dormakaba. There is a security vulnerability in Dormakaba Access Manager. This vulnerability arises from the fact that the exported databases are sometimes not deleted, and the paths can be accessed without...

CVE-2021-33881

On NXP MIFARE Ultralight and NTAG cards, an attacker can interrupt a write operation aka conduct a "tear off" attack over RFID to bypass a Monotonic Counter protection mechanism. The impact depends on how the anti tear-off feature is used in specific applications such as public transportation,...

EUVD-2020-8063

Malware in sbrugna...

EUVD-2021-20554

Malware in sbrugna...

EUVD-2025-27972

Malicious code in bioql PyPI...

EUVD-2025-29040

Malicious code in bioql PyPI...

CVE-2025-8699

Some "Stored Value" Unattended Payment Solutions of KioSoft use vulnerable NFC cards. Attackers could potentially use this vulnerability to change the balance on the cards and generate money. The account balance is stored on an insecure MiFare Classic NFC card and can be read and written back. By...

CVE-2025-8699

CVE-2025-8699 affects KioSoft’s Stored Value Unattended Payment Solutions. The flaw centers on insecure MiFare Classic NFC cards storing account balances that can be read and written, enabling an attacker to identify value fields and a checksum (calculated by XOR-ing cash with an unknown field) a...

CVE-2025-8699

Some "Stored Value" Unattended Payment Solutions of KioSoft use vulnerable NFC cards. Attackers could potentially use this vulnerability to change the balance on the cards and generate money. The account balance is stored on an insecure MiFare Classic NFC card and can be read and written back. By...

CVE-2025-8699

Some "Stored Value" Unattended Payment Solutions of KioSoft use vulnerable NFC cards. Attackers could potentially use this vulnerability to change the balance on the cards and generate money. The account balance is stored on an insecure MiFare Classic NFC card and can be read and written back. By...

KioSoft Stored Value Unattended Payment Solutions 安全漏洞

KioSoft Stored Value Unattended Payment Solutions is a self-service payment solution from KioSoft USA. A security vulnerability exists in KioSoft Stored Value Unattended Payment Solutions that stems from the use of an insecure MiFare Classic NFC card to store account balances, which could allow a...

CVE-2025-4053

The data stored in Be-Tech Mifare Classic card is stored in cleartext. An attacker having access to a Be-Tech hotel guest Mifare Classic card can create a master key card that unlocks all the locks in the building. This issue affects all Be-Tech Mifare Classic card systems. To fix the...

CVE-2025-4053

The data stored in Be-Tech Mifare Classic card is stored in cleartext. An attacker having access to a Be-Tech hotel guest Mifare Classic card can create a master key card that unlocks all the locks in the building. This issue affects all Be-Tech Mifare Classic card systems. To fix the...

CVE-2025-4053 Unauthorized creation of master key in Mifare Classic Be-Tech cards

The data stored in Be-Tech Mifare Classic card is stored in cleartext. An attacker having access to a Be-Tech hotel guest Mifare Classic card can create a master key card that unlocks all the locks in the building. This issue affects all Be-Tech Mifare Classic card systems. To fix the...

CVE-2025-4053

Be-Tech Mifare Classic card systems are affected. The root cause is that data stored on the Mifare Classic cards is in cleartext, enabling an attacker with a guest card to craft a master key card that can unlock all locks in the building. Affected component: Be-Tech Mifare Classic cards and assoc...

CVE-2025-4053 Unauthorized creation of master key in Mifare Classic Be-Tech cards

The data stored in Be-Tech Mifare Classic card is stored in cleartext. An attacker having access to a Be-Tech hotel guest Mifare Classic card can create a master key card that unlocks all the locks in the building. This issue affects all Be-Tech Mifare Classic card systems. To fix the...