Efchatz

**Name of the Vulnerable Software and Affected Versions** Enpass Password Manager versions up to 6.9.5 **Description** A vulnerability has been found in Enpass Password Manager, which affects some unknown processing and leads to cleartext storage of sensitive information in memory. The manipulation requires a local attack, and the complexity of the attack is rather high. The exploitation is known to be difficult. **Recommendations** For Enpass Password Manager versions up to 6.9.5, upgrade to version 6.10.1 to address this issue. It is recommended to upgrade the affected component.

**Name of the Vulnerable Software and Affected Versions** TP-Link AX10v1 version V1 211117 **Description** The web app client of TP-Link AX10v1 uses hard-coded cryptographic keys when communicating with the router. This allows attackers to obtain the sequence key via a brute-force attack if they can intercept the communications between the web client and router through a man-in-the-middle attack, resulting in unauthorized access to sensitive information. **Recommendations** For TP-Link AX10v1 version V1 211117, consider disabling the web app client until a patch is available to prevent exploitation. Restrict access to the router to minimize the risk of a man-in-the-middle attack. Avoid using the hard-coded cryptographic keys in the web app client to prevent brute-force attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.