A hardcoded AES key in CipherUtils.java in the Java applet of konzept-ix publiXone before 2020.015 allows attackers to craft password-reset tokens or decrypt server-side configuration files.
References
| Link | Resource |
|---|---|
| https://sec-consult.com/en/blog/advisories/multiple-vulnerabilities-in-publixone/ | Third Party Advisory |
| https://seclists.org/fulldisclosure/2020/Oct/28 | Mailing List Third Party Advisory |
| https://sec-consult.com/en/blog/advisories/multiple-vulnerabilities-in-publixone/ | Third Party Advisory |
| https://seclists.org/fulldisclosure/2020/Oct/28 | Mailing List Third Party Advisory |
Configurations
History
21 Nov 2024, 05:20
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://sec-consult.com/en/blog/advisories/multiple-vulnerabilities-in-publixone/ - Third Party Advisory | |
| References | () https://seclists.org/fulldisclosure/2020/Oct/28 - Mailing List, Third Party Advisory |
Information
Published : 2020-10-27 05:15
Updated : 2024-11-21 05:20
NVD link : CVE-2020-27181
Mitre link : CVE-2020-27181
CVE.ORG link : CVE-2020-27181
JSON object : View
Products Affected
konzept-ix
- publixone
CWE
CWE-798
Use of Hard-coded Credentials