Описание
The Chrome HUDweb plugin before 2016-05-05 for Fonality (previously trixbox Pro) 12.6 through 14.1i uses the same hardcoded private key across different customers' installations, which allows remote attackers to defeat cryptographic protection mechanisms by leveraging knowledge of this key from another installation.
Комментарий
Ссылки
- Third Party AdvisoryUS Government Resource
- Third Party AdvisoryUS Government Resource
Уязвимые конфигурации
Конфигурация 1Версия до 1.4.1 (включая)
Одновременно
cpe:2.3:a:fonality:hud_web:*:*:*:*:*:fonality:*:*
Одно из
cpe:2.3:a:fonality:fonality:12.6:*:*:*:*:*:*:*
cpe:2.3:a:fonality:fonality:12.8:*:*:*:*:*:*:*
cpe:2.3:a:fonality:fonality:14.1i:*:*:*:*:*:*:*
EPSS
Процентиль: 56%
0.00338
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-310
Связанные уязвимости
CVSS3: 7.5
github
больше 3 лет назад
The Chrome HUDweb plugin before 2016-05-05 for Fonality (previously trixbox Pro) 12.6 through 14.1i uses the same hardcoded private key across different customers' installations, which allows remote attackers to defeat cryptographic protection mechanisms by leveraging knowledge of this key from another installation.
EPSS
Процентиль: 56%
0.00338
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-310