Use of Hard-coded Cryptographic Key
CVE-2021-38461
Summary
The affected product uses a hard-coded blowfish key for encryption/decryption processes. The key can be easily extracted from binaries.
- LOW
- NETWORK
- HIGH
- UNCHANGED
- NONE
- NONE
- LOW
- NONE
CWE-321 - Use of Hard-coded Cryptographic Key
The use of a hard-coded cryptographic key significantly increases the possibility that encrypted data may be recovered.
References
Advisory Timeline
- Published