CVE-2018-15781

HIGH

Dell Wyse ThinLinux 2.0-2.1.0.01 - Unauthenticated Hard-coded Cryptographic Key in Password Encoder

Title source: llm
STIX 2.1

Description

The Dell Wyse Password Encoder in ThinLinux2 versions prior to 2.1.0.01 contain a Hard-coded Cryptographic Key vulnerability. An unauthenticated remote attacker could reverse engineer the cryptographic system used in the Dell Wyse Password Encoder to discover the hard coded private key and decrypt locally stored cipher text.

References (1)

Core 1
Core References
Patch, Vendor Advisory x_refsource_misc
https://www.dell.com/support/article/SLN316104

Scores

CVSS v3 7.9
EPSS 0.0024
EPSS Percentile 47.3%
Attack Vector ADJACENT_NETWORK
CVSS:3.0/AV:A/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

Details

CWE
CWE-798
Status published
Products (1)
dell/wyse_thinlinux 2.0 - 2.1.0.01
Published Feb 13, 2019
Tracked Since Feb 18, 2026