An issue was discovered in Ivanti Avalanche for all versions between 5.3 and 6.2. The impacted products used a single shared key encryption model to encrypt data. A user with access to system databases can use the discovered key to access potentially confidential stored data, which may include Wi-Fi passwords. This discovered key can be used for all instances of the product.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2024-08-05T07:10:46.652Z

Reserved: 2018-03-21T00:00:00

Link: CVE-2018-8902

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2018-06-29T15:29:00.443

Modified: 2024-11-21T04:14:34.010

Link: CVE-2018-8902

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.