Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The (1) Windows and (2) Java client programs for the ATEN KH1516i IP KVM switch with firmware 1.0.063 and the KN9116 IP KVM switch with firmware 1.1.104 do not properly use RSA cryptography for a symmetric session-key negotiation, which makes it easier for remote attackers to (a) decrypt network traffic, or (b) conduct man-in-the-middle attacks, by repeating unspecified "client-side calculations."
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
ATEN IP KVM交换机密钥交换安全漏洞
Vulnerability Description
IP KVM是台湾宏正自动科技成的系列交换机设备。 IP KVM交换机与客户端机器之间的连接所使用的加密方式存在多个漏洞,远程攻击者可以破解加密并扮演为其他用户执行恶意操作。密钥交换加密弱点,当Windows/Java客户端连接到设备时,kvm交换机和客户端会协商一个对称的会话密钥。这个密钥协商以不安全的方式使用了RSA,能够监控客户端与交换机之间通讯的攻击者可以重复客户端的计算并获得会话密钥,然后使用这个密钥解密通讯并重建键盘敲击,或执行中间人攻击访问连接到交换机上的机器。
CVSS Information
N/A
Vulnerability Type
N/A