An issue was discovered in UCI IDOL 2 (aka uciIDOL or IDOL2) through 2.12. Data is sent between client and server with encryption. However, the key is derived from the string "(c)2007 UCI Software GmbH B.Boll" (without quotes). The key is both static and hardcoded. With access to messages, this results in message decryption and encryption by an attacker. Thus, it enables passive and active man-in-the-middle attacks.
History

Wed, 03 Sep 2025 19:45:00 +0000

Type Values Removed Values Added
First Time appeared Uci
Uci idol2
CPEs cpe:2.3:a:uci:idol2:*:*:*:*:*:*:*:*
Vendors & Products Uci
Uci idol2

Thu, 31 Oct 2024 19:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-798
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N'}


Thu, 22 Aug 2024 13:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Thu, 22 Aug 2024 03:45:00 +0000

Type Values Removed Values Added
Description An issue was discovered in UCI IDOL 2 (aka uciIDOL or IDOL2) through 2.12. Data is sent between client and server with encryption. However, the key is derived from the string "(c)2007 UCI Software GmbH B.Boll" (without quotes). The key is both static and hardcoded. With access to messages, this results in message decryption and encryption by an attacker. Thus, it enables passive and active man-in-the-middle attacks.
References

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2024-10-31T18:17:04.946Z

Reserved: 2024-08-22T00:00:00

Link: CVE-2024-45165

cve-icon Vulnrichment

Updated: 2024-08-22T13:04:59.970Z

cve-icon NVD

Status : Analyzed

Published: 2024-08-22T04:15:22.310

Modified: 2025-09-03T19:43:58.610

Link: CVE-2024-45165

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.