CVE Vulnerabilities

CVE-2016-10102

Inadequate Encryption Strength

Published: Jan 23, 2017 | Modified: Mar 16, 2017
CVSS 3.x
8.1
HIGH
Source:
NVD
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS 2.x
4.3 MEDIUM
AV:N/AC:M/Au:N/C:P/I:N/A:N
RedHat/V2
RedHat/V3
Ubuntu

hitek.jar in Hitek Softwares Automize uses weak encryption when encrypting SSH/SFTP and Encryption profile passwords. This allows an attacker to retrieve the encrypted passwords from sshProfiles.jsd and encryptionProfiles.jsd and decrypt them to recover cleartext passwords. All 10.x up to and including 10.25 and all 11.x up to and including 11.14 are verified to be affected.

Weakness

The product stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.

Affected Software

Name Vendor Start Version End Version
Automize Hiteksoftware 10.00 (including) 10.00 (including)
Automize Hiteksoftware 10.01 (including) 10.01 (including)
Automize Hiteksoftware 10.02 (including) 10.02 (including)
Automize Hiteksoftware 10.03 (including) 10.03 (including)
Automize Hiteksoftware 10.04 (including) 10.04 (including)
Automize Hiteksoftware 10.05 (including) 10.05 (including)
Automize Hiteksoftware 10.06 (including) 10.06 (including)
Automize Hiteksoftware 10.07 (including) 10.07 (including)
Automize Hiteksoftware 10.08 (including) 10.08 (including)
Automize Hiteksoftware 10.09 (including) 10.09 (including)
Automize Hiteksoftware 10.11 (including) 10.11 (including)
Automize Hiteksoftware 10.12 (including) 10.12 (including)
Automize Hiteksoftware 10.13 (including) 10.13 (including)
Automize Hiteksoftware 10.14 (including) 10.14 (including)
Automize Hiteksoftware 10.15 (including) 10.15 (including)
Automize Hiteksoftware 10.16 (including) 10.16 (including)
Automize Hiteksoftware 10.17 (including) 10.17 (including)
Automize Hiteksoftware 10.18 (including) 10.18 (including)
Automize Hiteksoftware 10.19 (including) 10.19 (including)
Automize Hiteksoftware 10.20 (including) 10.20 (including)
Automize Hiteksoftware 10.21 (including) 10.21 (including)
Automize Hiteksoftware 10.22 (including) 10.22 (including)
Automize Hiteksoftware 10.23 (including) 10.23 (including)
Automize Hiteksoftware 10.24 (including) 10.24 (including)
Automize Hiteksoftware 10.25 (including) 10.25 (including)
Automize Hiteksoftware 11.00 (including) 11.00 (including)
Automize Hiteksoftware 11.01 (including) 11.01 (including)
Automize Hiteksoftware 11.02 (including) 11.02 (including)
Automize Hiteksoftware 11.03 (including) 11.03 (including)
Automize Hiteksoftware 11.04 (including) 11.04 (including)
Automize Hiteksoftware 11.05 (including) 11.05 (including)
Automize Hiteksoftware 11.06 (including) 11.06 (including)
Automize Hiteksoftware 11.07 (including) 11.07 (including)
Automize Hiteksoftware 11.08 (including) 11.08 (including)
Automize Hiteksoftware 11.09 (including) 11.09 (including)
Automize Hiteksoftware 11.11 (including) 11.11 (including)
Automize Hiteksoftware 11.12 (including) 11.12 (including)
Automize Hiteksoftware 11.13 (including) 11.13 (including)
Automize Hiteksoftware 11.14 (including) 11.14 (including)

Potential Mitigations

References