CVE-2022-25807

IGEL Universal Management Suite (UMS) 6.07.100 contains a hardcoded DES key in the LDAPDesPWEncrypter class. This allows an attacker who gains access to encrypted LDAP bind credentials to decrypt them using a static 8-byte DES key. The connected documents provide concrete details of the affected ...

CVE-2022-25804

CVE-2022-25804 affects IGEL Universal Management Suite (UMS) 6.07.100. The issue is insecure permissions on the serverconfig registry key (under JavaSoft\Prefs\de\igel\rm\config in HKLM\SOFTWARE) that allow an unprivileged local attacker to read the encrypted dbuser and dbpassword values for the ...

CVE-2022-25806

IGEL UMS 6.07.100 contains a hardcoded DES key in PrefDBCredentials, enabling an attacker who has obtained encrypted superuser credentials to decrypt them with a static 8-byte DES key. This affects IGEL Universal Management Suite and allows confidentiality/integrity/availability impact as describ...

CVE-2022-25805

CVE-2022-25805 affects IGEL Universal Management Suite (UMS) 6.07.100, where the cmd_mgt_load_mgt_tree command transmits LDAP bind credentials in cleartext. This enables an attacker who can observe traffic between an authenticated UMS client and server to compromise LDAP bind credentials. The ava...