CVE-2024-45165

Name of the Vulnerable Software and Affected Versions UCI IDOL 2 versions through 2.12

Description An issue was discovered in the encryption mechanism used by UCI IDOL 2. Data sent between the client and server is encrypted, but the key is derived from a static string "(c)2007 UCI Software GmbH B.Boll". This key is hardcoded, allowing an attacker with access to messages to decrypt and encrypt them, thus enabling passive and active man-in-the-middle attacks.

Recommendations For versions through 2.12, consider disabling the encryption mechanism that uses the static key until a patch is available. Restrict access to sensitive data and minimize the risk of exploitation by implementing additional security measures, such as monitoring network traffic for suspicious activity. At the moment, there is no information about a newer version that contains a fix for this vulnerability.