Submit #808296: Industrial Application Software - IAS Canias ERP 8.03-- Use of Hard-coded Cryptographic Key (CWE-321)info

TitleIndustrial Application Software - IAS Canias ERP 8.03-- Use of Hard-coded Cryptographic Key (CWE-321)
DescriptionA vulnerability was found in Industrial Application Software caniasERP 8.03 and classified as high. This vulnerability affects the crypto classes of the component Client JAR Files distributed via the JNLP deployment endpoint. The manipulation leads to use of hard-coded cryptographic keys. Multiple encryption keys are embedded as compile-time constants including AES-128, AES-256, Triple DES, DES-56 (cryptographically broken), Blowfish, and a server configuration file decryption key. The JAR files are downloadable without authentication over plain HTTP via the JNLP endpoint, exposing all keys to any network-level attacker. Combined with the FILETRANSFER vulnerability, these keys allow decryption of the server configuration file to obtain plaintext database credentials. Discovered by Bilal Güneş (@b1lal) of HawkTrace.
User
 b1lal (UID 97312)
Submission04/20/2026 18:13 (3 months ago)
Moderation05/09/2026 18:33 (19 days later)
StatusAccepted
VulDB entry362459 [Industrial Application Software IAS Canias ERP 8.03 JNLP Deployment Endpoint hard-coded key]
Points17

Do you need the next level of professionalism?

Upgrade your account now!