exploitDog

CVE-2015-5997

Опубликовано: 14 сент. 2015

Источник: nvd

CVSS2: 7.8

EPSS Низкий

Описание

Impero Education Pro before 5105 uses a hardcoded CBC key and initialization vector derived from a hash of the Imp3ro string, which makes it easier for remote attackers to obtain plaintext data by sniffing the network for ciphertext data.

Комментарий

CWE-329: Not Using a Random IV with CBC Mode

Ссылки

http://www.kb.cert.org/vuls/id/549807
Third Party Advisory
US Government Resource
http://www.kb.cert.org/vuls/id/549807
Third Party Advisory
US Government Resource

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:impero:impero_education_pro:*:*:*:*:*:*:*:*

Версия до 5008 (включая)

EPSS

Процентиль: 68%

0.00555

Низкий

7.8 High

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-x93v-9x9w-2586

github

больше 3 лет назад

Impero Education Pro before 5105 uses a hardcoded CBC key and initialization vector derived from a hash of the Imp3ro string, which makes it easier for remote attackers to obtain plaintext data by sniffing the network for ciphertext data.

EPSS

Процентиль: 68%

0.00555

Низкий

7.8 High

CVSS2

Дефекты

NVD-CWE-Other