Encryption Flaw in Flexense DiskBoss Affects Sensitive Data Transmission
CVE-2018-5261

8.1HIGH

Key Information:

Vendor: Flexense
Status: Diskboss
Vendor: CVE Published:; 2 February 2018

What is CVE-2018-5261?

An encryption vulnerability exists in Flexense DiskBoss versions up to 8.8.16, where the application improperly utilizes plaintext data from handshakes to generate encryption keys. This flaw allows a man-in-the-middle attacker to intercept and glean sensitive information, including authentication credentials, compromising the confidentiality of user sessions.

References

https://github.com/bitsadmin/exploits/tree/master/CVE-201...

x_refsource_MISC

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 2, 2018
Vulnerability Reserved
Jan 7, 2018