PT-2018-16847 · Flexense · Diskboss

Published

2018-02-02

Updated

2019-10-03

CVE-2018-5261

CVSS v3.1

8.1

High

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Flexense DiskBoss versions 8.8.16 and earlier

Description An issue was discovered that allows a man-in-the-middle (MiTM) listener to obtain sensitive information, including authentication credentials, due to the use of plaintext information from the handshake as input for the encryption key. This affects the encryption of the rest of the session.

Recommendations For Flexense DiskBoss versions 8.8.16 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Missing Encryption of Sensitive Data

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-311

Related Identifiers

CVE-2018-5261

Affected Products

Diskboss

PT-2018-16847 · Flexense · Diskboss

CVE-2018-5261

Weakness Enumeration

Related Identifiers

Affected Products

References · 3