7.5

CVE-2020-25493

Exploit

EPSS 0.16%
Veröffentlicht 11.02.2021 18:15:14
Zuletzt bearbeitet 21.11.2024 05:18:03
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

Oclean Mobile Application 2.1.2 communicates with an external website using HTTP so it is possible to eavesdrop the network traffic. The content of HTTP payload is encrypted using XOR with a hardcoded key, which allows for the possibility to decode the traffic.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 2 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Oclean ≫ Oclean Version2.1.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.16%	0.332

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N

CWE-327 Use of a Broken or Risky Cryptographic Algorithm

The product uses a broken or risky cryptographic algorithm or protocol.

CWE-798 Use of Hard-coded Credentials

The product contains hard-coded credentials, such as a password or cryptographic key.

http://oclean.com

Product

https://github.com/c3r34lk1ll3r/decrypt-oclean-traffic

Third Party Advisory

Exploit

https://play.google.com/store/apps/details?id=com.yunding.noopsychebrushforeign

Product

https://nvd.nist.gov/vuln/detail/CVE-2020-25493

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-25493

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-25493

EUVD