CVE-2024-36496

Name of the Vulnerable Software and Affected Versions Software (affected versions not specified)

Description The issue concerns the encryption of a configuration file using a static key derived from a static five-character password. This password is hashed with the outdated MD5 algorithm, which is considered broken and insecure, especially since it does not use a salt. The first five bytes of the hashed password are used as the key for the RC4 encryption algorithm to encrypt the configuration file. This setup allows an attacker to potentially decrypt the configuration file.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.