Hardcoded AES Key Vulnerability in konzept-ix publiXone Java Applet

Hardcoded AES Key Vulnerability in konzept-ix publiXone Java Applet

CVE-2020-27181 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

A hardcoded AES key in CipherUtils.java in the Java applet of konzept-ix publiXone before 2020.015 allows attackers to craft password-reset tokens or decrypt server-side configuration files.

Learn more about our Cis Benchmark Audit For Server Software.