Man-in-the-middle attack in DiskBoss - CVE-2018-5261
Published: May 21, 2018
Vulnerability identifier: #VU12874
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2018-5261
CWE-ID: CWE-300
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Flexence
Affected software:
DiskBoss
DiskBoss
Detailed vulnerability description
The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.
The weakness exists due to the usage of plaintext information from the handshake as input for the encryption key used for the encryption of the rest of the session. A remote attacker can conduct man-in-the-middle attack and gain access to potentially sensitive information, such as the authentication credentials.
The weakness exists due to the usage of plaintext information from the handshake as input for the encryption key used for the encryption of the rest of the session. A remote attacker can conduct man-in-the-middle attack and gain access to potentially sensitive information, such as the authentication credentials.
How to mitigate CVE-2018-5261
Install update from vendor's website.