CVE-2018-15781 HIGH

CVE-2018-15781: DSA-2019-022: Dell Wyse Password Encoder Hard-coded Cryptographic Key Vulnerability

Vendor Dell
Product Wyse Password Encoder
Published February 13, 2019
Last update September 16, 2024

CVSS base score

7.9/10
Attack vector Adjacent
Attack complexity High
Privileges required None
User interaction Required
Confidentiality High
Integrity High

CVSS vector

CVSS:3.0/AV:A/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

What the vulnerability does

01Description

The Dell Wyse Password Encoder in ThinLinux2 versions prior to 2.1.0.01 contain a Hard-coded Cryptographic Key vulnerability. An unauthenticated remote attacker could reverse engineer the cryptographic system used in the Dell Wyse Password Encoder to discover the hard coded private key and decrypt locally stored cipher text.

Key dates

02Disclosure timeline

February 13, 2019 CVE published
September 16, 2024 Record updated