CVE-2016-10102

Опубликовано: 23 янв. 2017

Источник: nvd

CVSS3: 8.1

CVSS2: 4.3

EPSS Низкий

Описание

hitek.jar in Hitek Software's Automize uses weak encryption when encrypting SSH/SFTP and Encryption profile passwords. This allows an attacker to retrieve the encrypted passwords from sshProfiles.jsd and encryptionProfiles.jsd and decrypt them to recover cleartext passwords. All 10.x up to and including 10.25 and all 11.x up to and including 11.14 are verified to be affected.

Ссылки

http://www.securityfocus.com/bid/96848
https://rastamouse.me/guff/2016/automize/
Third Party Advisory
http://www.securityfocus.com/bid/96848
https://rastamouse.me/guff/2016/automize/
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:hiteksoftware:automize:10.00:*:*:*:*:*:*:*

cpe:2.3:a:hiteksoftware:automize:10.01:*:*:*:*:*:*:*

cpe:2.3:a:hiteksoftware:automize:10.02:*:*:*:*:*:*:*

cpe:2.3:a:hiteksoftware:automize:10.03:*:*:*:*:*:*:*

cpe:2.3:a:hiteksoftware:automize:10.04:*:*:*:*:*:*:*

cpe:2.3:a:hiteksoftware:automize:10.05:*:*:*:*:*:*:*

cpe:2.3:a:hiteksoftware:automize:10.06:*:*:*:*:*:*:*

cpe:2.3:a:hiteksoftware:automize:10.07:*:*:*:*:*:*:*

cpe:2.3:a:hiteksoftware:automize:10.08:*:*:*:*:*:*:*

cpe:2.3:a:hiteksoftware:automize:10.09:*:*:*:*:*:*:*

cpe:2.3:a:hiteksoftware:automize:10.11:*:*:*:*:*:*:*

cpe:2.3:a:hiteksoftware:automize:10.12:*:*:*:*:*:*:*

cpe:2.3:a:hiteksoftware:automize:10.13:*:*:*:*:*:*:*

cpe:2.3:a:hiteksoftware:automize:10.14:*:*:*:*:*:*:*

cpe:2.3:a:hiteksoftware:automize:10.15:*:*:*:*:*:*:*

cpe:2.3:a:hiteksoftware:automize:10.16:*:*:*:*:*:*:*

cpe:2.3:a:hiteksoftware:automize:10.17:*:*:*:*:*:*:*

cpe:2.3:a:hiteksoftware:automize:10.18:*:*:*:*:*:*:*

cpe:2.3:a:hiteksoftware:automize:10.19:*:*:*:*:*:*:*

cpe:2.3:a:hiteksoftware:automize:10.20:*:*:*:*:*:*:*

cpe:2.3:a:hiteksoftware:automize:10.21:*:*:*:*:*:*:*

cpe:2.3:a:hiteksoftware:automize:10.22:*:*:*:*:*:*:*

cpe:2.3:a:hiteksoftware:automize:10.23:*:*:*:*:*:*:*

cpe:2.3:a:hiteksoftware:automize:10.24:*:*:*:*:*:*:*

cpe:2.3:a:hiteksoftware:automize:10.25:*:*:*:*:*:*:*

cpe:2.3:a:hiteksoftware:automize:11.00:*:*:*:*:*:*:*

cpe:2.3:a:hiteksoftware:automize:11.01:*:*:*:*:*:*:*

cpe:2.3:a:hiteksoftware:automize:11.02:*:*:*:*:*:*:*

cpe:2.3:a:hiteksoftware:automize:11.03:*:*:*:*:*:*:*

cpe:2.3:a:hiteksoftware:automize:11.04:*:*:*:*:*:*:*

cpe:2.3:a:hiteksoftware:automize:11.05:*:*:*:*:*:*:*

cpe:2.3:a:hiteksoftware:automize:11.06:*:*:*:*:*:*:*

cpe:2.3:a:hiteksoftware:automize:11.07:*:*:*:*:*:*:*

cpe:2.3:a:hiteksoftware:automize:11.08:*:*:*:*:*:*:*

cpe:2.3:a:hiteksoftware:automize:11.09:*:*:*:*:*:*:*

cpe:2.3:a:hiteksoftware:automize:11.11:*:*:*:*:*:*:*

cpe:2.3:a:hiteksoftware:automize:11.12:*:*:*:*:*:*:*

cpe:2.3:a:hiteksoftware:automize:11.13:*:*:*:*:*:*:*

cpe:2.3:a:hiteksoftware:automize:11.14:*:*:*:*:*:*:*

EPSS

Процентиль: 24%

0.00082

Низкий

8.1 High

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-326

Связанные уязвимости

GHSA-fcqh-qv75-jmrg