An issue was discovered in UCI IDOL 2 (aka uciIDOL or IDOL2) through 2.12. Data is sent between client and server with encryption. However, the key is derived from the string "(c)2007 UCI Software GmbH B.Boll" (without quotes). The key is both static and hardcoded. With access to messages, this results in message decryption and encryption by an attacker. Thus, it enables passive and active man-in-the-middle attacks.
Metrics
Affected Vendors & Products
References
History
Wed, 03 Sep 2025 19:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Uci
Uci idol2 |
|
CPEs | cpe:2.3:a:uci:idol2:*:*:*:*:*:*:*:* | |
Vendors & Products |
Uci
Uci idol2 |
Thu, 31 Oct 2024 19:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | CWE-798 | |
Metrics |
cvssV3_1
|
Thu, 22 Aug 2024 13:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Thu, 22 Aug 2024 03:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | An issue was discovered in UCI IDOL 2 (aka uciIDOL or IDOL2) through 2.12. Data is sent between client and server with encryption. However, the key is derived from the string "(c)2007 UCI Software GmbH B.Boll" (without quotes). The key is both static and hardcoded. With access to messages, this results in message decryption and encryption by an attacker. Thus, it enables passive and active man-in-the-middle attacks. | |
References |
|

Status: PUBLISHED
Assigner: mitre
Published:
Updated: 2024-10-31T18:17:04.946Z
Reserved: 2024-08-22T00:00:00
Link: CVE-2024-45165

Updated: 2024-08-22T13:04:59.970Z

Status : Analyzed
Published: 2024-08-22T04:15:22.310
Modified: 2025-09-03T19:43:58.610
Link: CVE-2024-45165

No data.

No data.