2 matches found
Use of Hard-coded Credentials
Overview Affected versions of this package are vulnerable to Use of Hard-coded Credentials via the deriveVaultKey function. An attacker can recover a significant portion of the cryptographic key by brute-forcing the remaining unpredictable bytes if they have physical access to the device...
Cleartext Storage of Sensitive Information
Overview net.sourceforge.pmd:pmd-designer is a graphical tool that helps PMD users develop their custom rules Affected versions of this package are vulnerable to Cleartext Storage of Sensitive Information in the form of the passphrase for gpg.keyname=0xD0BF1D737C9A1C22 appearing in the Maven jar ...