CVE-2023-46919

Name of the Vulnerable Software and Affected Versions Phlox com.phlox.simpleserver (aka Simple HTTP Server) version 1.8 com.phlox.simpleserver.plus (aka Simple HTTP Server PLUS) version 1.8.1-plus

Description The issue is related to a hardcoded encryption key, specifically aKySWb2jjrr4dzkYXczKRt7K, which is an AES key. This key can be extracted by an attacker with physical access to the application's source code or binary, allowing them to decrypt the TLS secret. The threat posed is from a man-in-the-middle attacker who can intercept and potentially modify data during transmission.

Recommendations For Phlox com.phlox.simpleserver (aka Simple HTTP Server) version 1.8, consider regenerating or updating the encryption key to prevent unauthorized access. For com.phlox.simpleserver.plus (aka Simple HTTP Server PLUS) version 1.8.1-plus, consider regenerating or updating the encryption key to prevent unauthorized access. As a temporary workaround, restrict access to sensitive data transmitted over the affected server to minimize the risk of exploitation.