Monthly
Cryptographic salt generation in Jasypt Spring Boot library (versions ≤3.0.5 and ≤4.0.4) uses predictable values, enabling offline password cracking attacks against encrypted configuration properties. The SimpleGCMConfig class's getSecretKeySaltGenerator function generates salts without sufficient entropy, reducing the computational cost for attackers who obtain encrypted passwords to derive plaintext through dictionary or brute-force attacks. Public exploit code exists (POC available) with EPSS indicating low probability of widespread exploitation (3.7 CVSS, AC:H). Vendor has not responded to responsible disclosure as of analysis date.
An authentication weakness was identified in Omada Controllers, Gateways and Access Points, controller-device adoption due to improper handling of random values.
One way hash with predictable salt vulnerabilities in ASPECT may expose sensitive information to a potential attacker*; NEXUS Series: through 3.*; MATRIX Series: through 3.*. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Cryptographic salt generation in Jasypt Spring Boot library (versions ≤3.0.5 and ≤4.0.4) uses predictable values, enabling offline password cracking attacks against encrypted configuration properties. The SimpleGCMConfig class's getSecretKeySaltGenerator function generates salts without sufficient entropy, reducing the computational cost for attackers who obtain encrypted passwords to derive plaintext through dictionary or brute-force attacks. Public exploit code exists (POC available) with EPSS indicating low probability of widespread exploitation (3.7 CVSS, AC:H). Vendor has not responded to responsible disclosure as of analysis date.
An authentication weakness was identified in Omada Controllers, Gateways and Access Points, controller-device adoption due to improper handling of random values.
One way hash with predictable salt vulnerabilities in ASPECT may expose sensitive information to a potential attacker*; NEXUS Series: through 3.*; MATRIX Series: through 3.*. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.