Jenkins Kryptowire Plugin vulnerability stores unencrypted Kryptowire API key

Jenkins Kryptowire Plugin 0.2 and earlier stores the Kryptowire API key unencrypted in its global configuration file org.aerogear.kryptowire.GlobalConfigurationImpl.xml on the Jenkins controller as part of its configuration. This API key can be viewed by users with access to the Jenkins controlle...

CVE-2024-41931

The goTenna Pro ATAK Plugin encryption key name is always sent unencrypted when the key is sent over RF through a broadcast message. It is advised to share the encryption key via local QR for higher security operations...

CaSS 安全漏洞

CaSS is a Capabilities and Skills System. A security vulnerability exists in CaSS versions prior to 1.5.8 that stems from a missing encryption step when storing encryption keys...

CVE-2022-20621

Jenkins Metrics Plugin 4.0.2.8 and earlier stores an access key unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system...

PT-2022-14830 · Jenkins · Jenkins Metrics Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Metrics Plugin versions 4.0.2.8 and earlier Description: The issue allows an access key to be stored unencrypted in the global configuration file on the Jenkins controller. This access key can be viewed by users with access to the...

initscripts: IPSec ifup script allows for aggressive IKE mode

The default IPSec ifup script in Red Hat Enterprise Linux 3 through 5 configures racoon to use aggressive IKE mode instead of main IKE mode, which makes it easier for remote attackers to conduct brute force attacks by sniffing an unencrypted preshared key PSK hash...

Weak nCipher PKCS#11 encryption

Library error may lead to uncrypted key in certificate...