exploitDog

CVE-2018-5261

Опубликовано: 02 фев. 2018

Источник: nvd

CVSS3: 8.1

CVSS2: 4.3

EPSS Низкий

Описание

An issue was discovered in Flexense DiskBoss 8.8.16 and earlier. Due to the usage of plaintext information from the handshake as input for the encryption key used for the encryption of the rest of the session, the server and client disclose sensitive information, such as the authentication credentials, to any man-in-the-middle (MiTM) listener.

Ссылки

https://github.com/bitsadmin/exploits/tree/master/CVE-2018-5261
Exploit
Third Party Advisory
https://github.com/bitsadmin/exploits/tree/master/CVE-2018-5261
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:flexense:diskboss:*:*:*:*:*:*:*:*

Версия до 8.8.16 (включая)

EPSS

Процентиль: 14%

0.00047

Низкий

8.1 High

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-311

Связанные уязвимости

GHSA-j69q-3vrr-gwj6

CVSS3: 8.1

github

больше 3 лет назад

An issue was discovered in Flexense DiskBoss 8.8.16 and earlier. Due to the usage of plaintext information from the handshake as input for the encryption key used for the encryption of the rest of the session, the server and client disclose sensitive information, such as the authentication credentials, to any man-in-the-middle (MiTM) listener.

EPSS

Процентиль: 14%

0.00047

Низкий

8.1 High

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-311