notifylink software vulnerabilities
vulnerabilities.aspcode.net
Searching notifylink software vulnerabilities
NotifyLink, when configured for client key retr
/hwp/getasp
|
encryption
|
NotifyLink
|
configured
|
retrieval
|
attackers
|
request
|
direct
|
obtain
|
allows
|
scheme
|
client
|
remote
|
then
|
uses
|
keys
|
weak
|
key
|
AES
|
via
|
NotifyLink, when configured for client key retrieval, allows remote attackers to obtain AES keys via a direct request to /hwp/get.asp, then uses a weak encryption scheme (fixed byte reordering) to protect the key, which allows remote attackers to obtain the key via a brute force attack.
The web interface in NotifyLink 3.0 does not pr
authenticated
|
restrictions
|
NotifyLink
|
functions
|
interface
|
intended
|
disabled
|
restrict
|
properly
|
request
|
certain
|
allows
|
direct
|
remote
|
access
|
bypass
|
users
|
which
|
does
|
URLs
|
been
|
have
|
not
|
web
|
via
|
GUI
|
The web interface in NotifyLink 3.0 does not properly restrict access to functions that have been disabled in the GUI, which allows remote authenticated users to bypass intended restrictions via a direct request to certain URLs.
The web interface in NotifyLink 3.0 displays pa
administrative
|
information
|
NotifyLink
|
interface
|
sensitive
|
attackers
|
passwords
|
cleartext
|
displays
|
remote
|
obtain
|
users
|
local
|
which
|
could
|
allow
|
page
|
web
|
The web interface in NotifyLink 3.0 displays passwords in cleartext on the administrative page, which could allow remote attackers or local users to obtain sensitive information.
Software vulnerabilities results 1 to 4 of 4
Page:
1