| tiêu đề | Industrial Application Software - IAS Canias ERP 8.03-- Use of Hard-coded Cryptographic Key (CWE-321) |
|---|
| Mô tả | A vulnerability was found in Industrial Application Software caniasERP 8.03 and classified as high. This vulnerability affects the crypto classes of the component Client JAR Files distributed via the JNLP deployment endpoint. The manipulation leads to use of hard-coded cryptographic keys. Multiple encryption keys are embedded as compile-time constants including AES-128, AES-256, Triple DES, DES-56 (cryptographically broken), Blowfish, and a server configuration file decryption key. The JAR files are downloadable without authentication over plain HTTP via the JNLP endpoint, exposing all keys to any network-level attacker. Combined with the FILETRANSFER vulnerability, these keys allow decryption of the server configuration file to obtain plaintext database credentials.
Discovered by Bilal Güneş (@b1lal) of HawkTrace. |
|---|
| Người dùng | b1lal (UID 97312) |
|---|
| Đệ trình | 20/04/2026 18:13 (cách đây 2 các tháng) |
|---|
| Kiểm duyệt | 09/05/2026 18:33 (19 days later) |
|---|
| Trạng thái | được chấp nhận |
|---|
| Mục VulDB | 362459 [Industrial Application Software IAS Canias ERP 8.03 JNLP Deployment Endpoint mã hóa yếu] |
|---|
| điểm | 17 |
|---|