Lucene search
Veracode Vulnerability DatabaseVERACODE:34352HistoryFeb 23, 2022 - 6:11 a.m.
Weak Cryptography
2022-02-2306:11:34
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
7
vulnerability
cryptographic key
attacker
specially crafted data
arbitrary commands
system
software
EPSS
0.001
Percentile
46.2%
github.com/gravitl/netmaker is using weak cryptography. The vulnerability exists because a hard-coded cryptographic key is used in the code base which allows an attacker to pass specially crafted data to the application and execute arbitrary commands on the system.
References
github.com/gravitl/netmaker/commit/3d4f44ecfe8be4ca38920556ba3b90502ffb4fee
github.com/gravitl/netmaker/commit/e9bce264719f88c30e252ecc754d08f422f4c080
github.com/gravitl/netmaker/pull/781
github.com/gravitl/netmaker/pull/781/commits/1bec97c662670dfdab804343fc42ae4b1d050a87
github.com/gravitl/netmaker/security/advisories/GHSA-86f3-hf24-76q4
Related
prion
prion
Hardcoded credentials
2022-02-18 22:15:00
osv
osv
CVE-2022-23650
2022-02-18 22:15:13
Use of Hard-coded Cryptographic Key in Netmaker
2022-02-22 19:40:23
cvelist
cvelist
CVE-2022-23650 Use of Hard-coded Cryptographic Key in Netmaker
2022-02-18 22:00:12
cve
cve
CVE-2022-23650
2022-02-18 22:15:13
cnvd
cnvd
Gravitl Netmaker has an unspecified vulnerability
2022-02-22 00:00:00
github
github
Use of Hard-coded Cryptographic Key in Netmaker
2022-02-22 19:40:23
nvd
nvd
CVE-2022-23650
2022-02-18 22:15:13