Vulnerability Details : CVE-2005-0809
NotifyLink, when configured for client key retrieval, allows remote attackers to obtain AES keys via a direct request to /hwp/get.asp, then uses a weak encryption scheme (fixed byte reordering) to protect the key, which allows remote attackers to obtain the key via a brute force attack.
Products affected by CVE-2005-0809
- cpe:2.3:a:notify_technology:notifylink:enterprise_server:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2005-0809
1.07%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 84 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2005-0809
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
References for CVE-2005-0809
-
http://www.kb.cert.org/vuls/id/581068
Third Party Advisory;US Government Resource
-
http://www.securityfocus.com/bid/12843
Jump to