2 results (0.041 seconds)

CVSS: 9.1EPSS: 0%CPEs: 183EXPL: 0

The Rambus SafeZone Basic Crypto Module before 10.4.0, as used in certain Fujifilm (formerly Fuji Xerox) devices before 2022-03-01, Canon imagePROGRAF and imageRUNNER devices through 2022-03-14, and potentially many other devices, generates RSA keys that can be broken with Fermat's factorization method. This allows efficient calculation of private RSA keys from the public key of a TLS certificate. Rambus SafeZone Basic Crypto Module anterior a la versión 10.4.0, utilizado en algunos dispositivos Fujifilm (antes Fuji Xerox) anteriores a 2022-03-01, dispositivos Canon imagePROGRAF e imageRUNNER hasta 2022-03-14, y potencialmente muchos otros dispositivos, genera claves RSA que pueden romperse con el método de factorización de Fermat. Esto permite un cálculo eficiente de las claves RSA privadas a partir de la clave pública de un certificado TLS • https://fermatattack.secvuln.info https://global.canon/en/support/security/index.html https://safezoneswupdate.com https://www.fujifilm.com/fbglobal/eng/company/news/notice/2022/0302_rsakey_announce.html https://www.rambus.com/security/response-center/advisories/rmbs-2021-01 https://web.archive.org/web/20220922042721/https://safezoneswupdate.com • CWE-330: Use of Insufficiently Random Values •

CVSS: 4.9EPSS: 0%CPEs: 320EXPL: 1

A risky-algorithm issue was discovered on Fujifilm DocuCentre-VI C4471 1.8 devices. An attacker that obtained access to the administrative web interface of a printer (e.g., by using the default credentials) can download the address book file, which contains the list of users (domain users, FTP users, etc.) stored on the printer, together with their encrypted passwords. The passwords are protected by a weak cipher, such as ROT13, which requires minimal effort to instantly retrieve the original password, giving the attacker a list of valid domain or FTP usernames and passwords. Se ha detectado un problema de algoritmo riesgoso en los dispositivos Fujifilm DocuCentre-VI C4471 versión 1.8. Un atacante que obtuviera acceso a la interfaz web administrativa de una impresora (por ejemplo, usando las credenciales predeterminadas) puede descargar el archivo de la libreta de direcciones, que contiene la lista de usuarios (usuarios de dominio, usuarios de FTP, etc.) almacenados en la impresora, junto con sus contraseñas cifradas. • https://www.foregenix.com/blog https://www.foregenix.com/blogs-new-2021/dude-its-just-a-printer https://www.fujifilm.com/fbglobal/eng/company/news/notice/2022/0302_addressbook_announce.html • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •