Lucene search
K

4 matches found

Snyk
Snyk
added 2025/11/24 2:40 p.m.3 views

Use of Hard-coded Cryptographic Key

Overview Affected versions of this package are vulnerable to Use of Hard-coded Cryptographic Key in the password encryption process. An attacker can recover original cleartext password values by accessing the internal database content, as the encryption key is hard-coded and publicly known. Note:...

7.5CVSS6.7AI score0.00448EPSS
Exploits0References2
Snyk
Snyk
added 2025/11/24 2:40 p.m.4 views

Use of Hard-coded Cryptographic Key

Overview org.apache.syncope.core.idrepo:syncope-core-idrepo-logic is an Apache Syncope Core IdRepo Logic Affected versions of this package are vulnerable to Use of Hard-coded Cryptographic Key in the password encryption process. An attacker can recover original cleartext password values by...

7.5CVSS6.7AI score0.00448EPSS
Exploits0References2
OSV
OSV
added 2025/11/24 1:47 p.m.5 views

CVE-2025-65998 Apache Syncope: Default AES key used for internal password encryption

Apache Syncope can be configured to store the user password values in the internal database with AES encryption, though this is not the default option. When AES is configured, the default key value, hard-coded in the source code, is always used. This allows a malicious attacker, once obtained...

7.5CVSS6AI score0.00448EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2025/11/24 1:47 p.m.1 views

CVE-2025-65998 Apache Syncope: Default AES key used for internal password encryption

Apache Syncope can be configured to store the user password values in the internal database with AES encryption, though this is not the default option. When AES is configured, the default key value, hard-coded in the source code, is always used. This allows a malicious attacker, once obtained...

6.4AI score0.00448EPSS
Exploits0References1
Rows per page
Query Builder