PT-2018-13181 · Breustedt · Mensamax

Stefan Pietsch

Published

2018-10-02

Updated

2018-11-25

CVE-2018-15753

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions MensaMax (aka com.breustedt.mensamax) version 4.3

Description An issue was discovered in the MensaMax application, where the use of a hard-coded DES cryptographic key allows an attacker who decodes the application to decrypt transmitted data, such as the username and password.

Recommendations For MensaMax version 4.3, consider disabling the transmission of sensitive data until a patch is available. Restrict access to the application's data to minimize the risk of exploitation. Avoid using the application for sensitive transactions until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Using Hardcoded Credentials

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-798

Related Identifiers

CVE-2018-15753

Affected Products

Mensamax

PT-2018-13181 · Breustedt · Mensamax

CVE-2018-15753

Weakness Enumeration

Related Identifiers

Affected Products

References · 4