CVE-2016-10102

hitek.jar in Hitek Software's Automize uses weak encryption when encrypting SSH/SFTP and Encryption profile passwords. This allows an attacker to retrieve the encrypted passwords from sshProfiles.jsd and encryptionProfiles.jsd and decrypt them to recover cleartext passwords. All 10.x up to and including 10.25 and all 11.x up to and including 11.14 are verified to be affected.

CVSS v3 8.1 HIGH
CVSS v2.0 4.3 MEDIUM

8.1^/10

CVSS v3 : HIGH

V3 Legend

Vector : AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability : 2.2 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

4.3^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:P/I:N/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://www.securityfocus.com/bid/96848
https://rastamouse.me/guff/2016/automize/	Third Party Advisory
http://www.securityfocus.com/bid/96848
https://rastamouse.me/guff/2016/automize/	Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:hiteksoftware:automize:10.00:::::::*
	cpe:2.3:a:hiteksoftware:automize:10.01:::::::*
	cpe:2.3:a:hiteksoftware:automize:10.02:::::::*
	cpe:2.3:a:hiteksoftware:automize:10.03:::::::*
	cpe:2.3:a:hiteksoftware:automize:10.04:::::::*
	cpe:2.3:a:hiteksoftware:automize:10.05:::::::*
	cpe:2.3:a:hiteksoftware:automize:10.06:::::::*
	cpe:2.3:a:hiteksoftware:automize:10.07:::::::*
	cpe:2.3:a:hiteksoftware:automize:10.08:::::::*
	cpe:2.3:a:hiteksoftware:automize:10.09:::::::*
	cpe:2.3:a:hiteksoftware:automize:10.11:::::::*
	cpe:2.3:a:hiteksoftware:automize:10.12:::::::*
	cpe:2.3:a:hiteksoftware:automize:10.13:::::::*
	cpe:2.3:a:hiteksoftware:automize:10.14:::::::*
	cpe:2.3:a:hiteksoftware:automize:10.15:::::::*
	cpe:2.3:a:hiteksoftware:automize:10.16:::::::*
	cpe:2.3:a:hiteksoftware:automize:10.17:::::::*
	cpe:2.3:a:hiteksoftware:automize:10.18:::::::*
	cpe:2.3:a:hiteksoftware:automize:10.19:::::::*
	cpe:2.3:a:hiteksoftware:automize:10.20:::::::*
	cpe:2.3:a:hiteksoftware:automize:10.21:::::::*
	cpe:2.3:a:hiteksoftware:automize:10.22:::::::*
	cpe:2.3:a:hiteksoftware:automize:10.23:::::::*
	cpe:2.3:a:hiteksoftware:automize:10.24:::::::*
	cpe:2.3:a:hiteksoftware:automize:10.25:::::::*
	cpe:2.3:a:hiteksoftware:automize:11.00:::::::*
	cpe:2.3:a:hiteksoftware:automize:11.01:::::::*
	cpe:2.3:a:hiteksoftware:automize:11.02:::::::*
	cpe:2.3:a:hiteksoftware:automize:11.03:::::::*
	cpe:2.3:a:hiteksoftware:automize:11.04:::::::*
	cpe:2.3:a:hiteksoftware:automize:11.05:::::::*
	cpe:2.3:a:hiteksoftware:automize:11.06:::::::*
	cpe:2.3:a:hiteksoftware:automize:11.07:::::::*
	cpe:2.3:a:hiteksoftware:automize:11.08:::::::*
	cpe:2.3:a:hiteksoftware:automize:11.09:::::::*
	cpe:2.3:a:hiteksoftware:automize:11.11:::::::*
	cpe:2.3:a:hiteksoftware:automize:11.12:::::::*
	cpe:2.3:a:hiteksoftware:automize:11.13:::::::*
	cpe:2.3:a:hiteksoftware:automize:11.14:::::::*

History

21 Nov 2024, 02:43

Type	Values Removed	Values Added
References	~~() http://www.securityfocus.com/bid/96848 -~~	() http://www.securityfocus.com/bid/96848 -
References	~~() https://rastamouse.me/guff/2016/automize/ - Third Party Advisory~~	() https://rastamouse.me/guff/2016/automize/ - Third Party Advisory

Information

Published : 2017-01-23 07:59

Updated : 2024-11-21 02:43

NVD link : CVE-2016-10102

Mitre link : CVE-2016-10102

CVE.ORG link : CVE-2016-10102

JSON object : View

Products Affected

hiteksoftware

automize

CWE

CWE-326

Inadequate Encryption Strength

8.1 /10