all InfoSec news
CVE-2023-43637 (eve)
Sept. 21, 2023, 2:15 p.m. |
National Vulnerability Database web.nvd.nist.gov
would always have the last 16 bytes predetermined to be "arfoobarfoobarfo".
This issue happens because "deriveVaultKey" calls "retrieveCloudKey" (which will always
return "foobarfoobarfoobarfoobarfoobarfo" as the key), and then merges the 32byte
randomly generated key with this key (by takeing 16bytes from each, see "mergeKeys").
This makes the key a lot weaker.
This issue does not persist in devices that were initialized on/after version 7.10, but devices …
cve eve generated implementation issue key return the key vault version
More from web.nvd.nist.gov / National Vulnerability Database
CVE-2023-45955 (lightstrip_firmware)
7 months, 1 week ago |
web.nvd.nist.gov
CVE-2023-21380 (android)
7 months, 1 week ago |
web.nvd.nist.gov
CVE-2023-21381 (android)
7 months, 1 week ago |
web.nvd.nist.gov
CVE-2023-21385 (android)
7 months, 1 week ago |
web.nvd.nist.gov
Jobs in InfoSec / Cybersecurity
CyberSOC Technical Lead
@ Integrity360 | Sandyford, Dublin, Ireland
Cyber Security Strategy Consultant
@ Capco | New York City
Cyber Security Senior Consultant
@ Capco | Chicago, IL
Senior Security Researcher - Linux MacOS EDR (Cortex)
@ Palo Alto Networks | Tel Aviv-Yafo, Israel
Sr. Manager, NetSec GTM Programs
@ Palo Alto Networks | Santa Clara, CA, United States
SOC Analyst I
@ Fortress Security Risk Management | Cleveland, OH, United States