CVE Vulnerabilities

CVE-2024-23580

Inadequate Encryption Strength

Published: May 28, 2024 | Modified: Jul 03, 2024
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu

HCL DRYiCE Optibot Reset Station is impacted by insecure encryption of One-Time Passwords (OTPs). This could allow an attacker with access to the database to recover some or all encrypted values.

Weakness

The product stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.

Potential Mitigations

References