There is a Hard-coded Cryptographic Key in Docusnap 13.0.1440.24261, and earlier and later versions. This key can be used to decrypt inventory files that contain sensitive information such as firewall rules.
References
Link | Resource |
---|---|
https://docs.docusnap.com/en/release-notes/changelog/ | Release Notes |
https://www.redteam-pentesting.de/en/advisories/rt-sa-2024-012/ | Exploit Third Party Advisory |
https://www.redteam-pentesting.de/en/advisories/rt-sa-2024-012/ | Exploit Third Party Advisory |
Configurations
History
07 Jul 2025, 18:27
Type | Values Removed | Values Added |
---|---|---|
First Time |
Docusnap
Docusnap docusnap |
|
Summary |
|
|
References | () https://docs.docusnap.com/en/release-notes/changelog/ - Release Notes | |
References | () https://www.redteam-pentesting.de/en/advisories/rt-sa-2024-012/ - Exploit, Third Party Advisory | |
CPE | cpe:2.3:a:docusnap:docusnap:*:*:*:*:*:*:*:* |
05 Mar 2025, 04:15
Type | Values Removed | Values Added |
---|---|---|
Summary | (en) There is a Hard-coded Cryptographic Key in Docusnap 13.0.1440.24261, and earlier and later versions. This key can be used to decrypt inventory files that contain sensitive information such as firewall rules. |
04 Mar 2025, 16:15
Type | Values Removed | Values Added |
---|---|---|
References | () https://www.redteam-pentesting.de/en/advisories/rt-sa-2024-012/ - |
04 Mar 2025, 09:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2025-03-04 09:15
Updated : 2025-07-07 18:27
NVD link : CVE-2025-26849
Mitre link : CVE-2025-26849
CVE.ORG link : CVE-2025-26849
JSON object : View
Products Affected
docusnap
- docusnap
CWE
CWE-1394
Use of Default Cryptographic Key