PT-2018-16847 · Flexense · Diskboss

Publicado

2018-02-02

Atualizado

2019-10-03

CVE-2018-5261

CVSS v3.1

8.1

Alta

Vetor

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Flexense DiskBoss versions 8.8.16 and earlier

Description An issue was discovered that allows a man-in-the-middle (MiTM) listener to obtain sensitive information, including authentication credentials, due to the use of plaintext information from the handshake as input for the encryption key. This affects the encryption of the rest of the session.

Recommendations For Flexense DiskBoss versions 8.8.16 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Missing Encryption of Sensitive Data

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-311

Identificadores relacionados

CVE-2018-5261

Produtos afetados

Diskboss

PT-2018-16847 · Flexense · Diskboss

CVE-2018-5261

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 3