Vulnerabilities > CVE-2015-5997 - Unspecified vulnerability in Impero Education PRO

CVSS 7.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

NONE

Availability impact

NONE

network

low complexity

impero

NVD

Published: 2015-09-14

Updated: 2015-09-16

Summary

Impero Education Pro before 5105 uses a hardcoded CBC key and initialization vector derived from a hash of the Imp3ro string, which makes it easier for remote attackers to obtain plaintext data by sniffing the network for ciphertext data. <a href="https://cwe.mitre.org/data/definitions/329.html">CWE-329: Not Using a Random IV with CBC Mode</a>

Vulnerable Configurations

Part	Description	Count
Application	Impero Impero Impero Education PRO *	1

References

http://www.kb.cert.org/vuls/id/549807