Vulnerabilities > CVE-2005-0809 - Multiple vulnerability in Notify Technology Notifylink Enterpriseserver

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

notify-technology

NVD

Published: 2005-05-02

Updated: 2008-09-05

Summary

NotifyLink, when configured for client key retrieval, allows remote attackers to obtain AES keys via a direct request to /hwp/get.asp, then uses a weak encryption scheme (fixed byte reordering) to protect the key, which allows remote attackers to obtain the key via a brute force attack.

Vulnerable Configurations

Part	Description	Count
Application	Notify_Technology Notify Technology Notifylink Enterprise_Server	1

References

http://secunia.com/advisories/14617
http://www.kb.cert.org/vuls/id/581068
http://www.securityfocus.com/bid/12843