QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2005-0809

Back to search

CVE-2005-0809

Published: Mar 20, 2005

Modified: Aug 7, 2024

PUBLISHED

Description

NotifyLink, when configured for client key retrieval, allows remote attackers to obtain AES keys via a direct request to /hwp/get.asp, then uses a weak encryption scheme (fixed byte reordering) to protect the key, which allows remote attackers to obtain the key via a brute force attack.

VendorProductVersions

n/a

n/a

affected
n/a

References

14617
third-party-advisory
x_refsource_SECUNIA
VU#581068
third-party-advisory
x_refsource_CERT-VN
12843
vdb-entry
x_refsource_BID

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now