CVE-2019-15075

Name of the Vulnerable Software and Affected Versions iNextrix ASTPP versions prior to 4.0.1

Description An issue was discovered in the web interface/astpp/application/config/config.php file, where it does not have strong random keys. This is demonstrated by the use of the 8YSDaBtDHAB3EQkxPAyTz2I5DttzA9uR private key and the r)fddEw232f encryption key.

Recommendations For versions prior to 4.0.1, update to version 4.0.1 or later to resolve the issue. As a temporary workaround, consider regenerating the private key and encryption key with strong random values to minimize the risk of exploitation. Restrict access to the web interface/astpp/application/config/config.php file to prevent unauthorized modifications.