CVE-2018-5261

Published: Feb 2, 2018Modified: Nov 21, 2024

8.1

Vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.2 / Impact: 5.9

Source: NVD

Description

An issue was discovered in Flexense DiskBoss 8.8.16 and earlier. Due to the usage of plaintext information from the handshake as input for the encryption key used for the encryption of the rest of the session, the server and client disclose sensitive information, such as the authentication credentials, to any man-in-the-middle (MiTM) listener.

Affected (1)

Products: Flexense: Diskboss

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Flexense Diskboss	Up to 8.8.16

Related CWEs

Missing Encryption of Sensitive Data

The product does not encrypt sensitive or critical information before storage or transmission.

References (2)

https://github.com/bitsadmin/exploits/tree/master/CVE-2018-5261

Source: cve@mitre.org

ExploitThird Party Advisory

https://github.com/bitsadmin/exploits/tree/master/CVE-2018-5261

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.