PT-2016-5134 · Fonality · Chrome Hudweb Plugin

Charlie Wolf

Publicado

2016-06-20

Atualizado

2016-06-21

CVE-2016-2364

CVSS v3.1

7.5

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Chrome HUDweb plugin for Fonality versions 12.6 through 14.1i

Description The issue allows remote attackers to defeat cryptographic protection mechanisms by leveraging knowledge of a hardcoded private key from another installation. This is possible because the Chrome HUDweb plugin uses the same hardcoded private key across different customers' installations.

Recommendations For Chrome HUDweb plugin for Fonality versions 12.6 through 14.1i, consider updating to a version released after 2016-05-05 to replace the hardcoded private key with a unique key for each installation.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-310

Identificadores relacionados

CVE-2016-2364

Produtos afetados

Chrome Hudweb Plugin

PT-2016-5134 · Fonality · Chrome Hudweb Plugin

CVE-2016-2364

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 3