CVE-2024-27168

Hardcoded keys used to generate authentication cookies

CVSS 7.1 HIGHEPSS 0.3%CWE-798

It appears that some hardcoded keys are used for authentication to internal API. Knowing these private keys may allow attackers to bypass authentication and reach administrative interfaces. As for the affected products/models/versions, see the reference URL.

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

Produtos afetados

Toshiba Tec Corporation · Toshiba Tec e-Studio multi-function peripheral (MFP)

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

http://seclists.org/fulldisclosure/2024/Jul/1 https://jvn.jp/en/vu/JVNVU97136265/index.html https://www.toshibatec.com/information/20240531_01.html https://www.toshibatec.com/information/pdf/information20240531_01.pdf