| عنوان | Industrial Application Software - IAS Canias ERP 8.03-- Use of Hard-coded Cryptographic Key (CWE-321) |
|---|
| الوصف | A vulnerability was found in Industrial Application Software caniasERP 8.03 and classified as high. This vulnerability affects the crypto classes of the component Client JAR Files distributed via the JNLP deployment endpoint. The manipulation leads to use of hard-coded cryptographic keys. Multiple encryption keys are embedded as compile-time constants including AES-128, AES-256, Triple DES, DES-56 (cryptographically broken), Blowfish, and a server configuration file decryption key. The JAR files are downloadable without authentication over plain HTTP via the JNLP endpoint, exposing all keys to any network-level attacker. Combined with the FILETRANSFER vulnerability, these keys allow decryption of the server configuration file to obtain plaintext database credentials.
Discovered by Bilal Güneş (@b1lal) of HawkTrace. |
|---|
| المستخدم | b1lal (UID 97312) |
|---|
| ارسال | 20/04/2026 06:13 PM (2 أشهر منذ) |
|---|
| الاعتدال | 09/05/2026 06:33 PM (19 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 362459 [Industrial Application Software IAS Canias ERP 8.03 JNLP Deployment Endpoint تشفير ضعيف] |
|---|
| النقاط | 17 |
|---|