Static IV and Key in Akuvox E11 Encryption Function: Potential Message Decryption Vulnerability

Static IV and Key in Akuvox E11 Encryption Function: Potential Message Decryption Vulnerability

CVE-2023-0343 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Akuvox E11 contains a function that encrypts messages which are then forwarded. The IV vector and the key are static, and this may allow an attacker to decrypt messages.

Learn more about our Web Application Penetration Testing UK.