An issue was discovered in UCI IDOL 2 (aka uciIDOL or IDOL2) through 2.12. Data is sent between client and server with encryption. However, the key is derived from the string "(c)2007 UCI Software GmbH B.Boll" (without quotes). The key is both static and hardcoded. With access to messages, this results in message decryption and encryption by an attacker. Thus, it enables passive and active man-in-the-middle attacks.
Metrics
Affected Vendors & Products
References
History
Thu, 31 Oct 2024 19:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | CWE-798 | |
Metrics |
cvssV3_1
|
Thu, 22 Aug 2024 13:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Thu, 22 Aug 2024 03:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | An issue was discovered in UCI IDOL 2 (aka uciIDOL or IDOL2) through 2.12. Data is sent between client and server with encryption. However, the key is derived from the string "(c)2007 UCI Software GmbH B.Boll" (without quotes). The key is both static and hardcoded. With access to messages, this results in message decryption and encryption by an attacker. Thus, it enables passive and active man-in-the-middle attacks. | |
References |
|
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2024-08-22T00:00:00
Updated: 2024-10-31T18:17:04.946Z
Reserved: 2024-08-22T00:00:00
Link: CVE-2024-45165
Vulnrichment
Updated: 2024-08-22T13:04:59.970Z
NVD
Status : Awaiting Analysis
Published: 2024-08-22T04:15:22.310
Modified: 2024-10-31T19:35:08.327
Link: CVE-2024-45165
Redhat
No data.