Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The https web interfaces on the ATEN KH1516i IP KVM switch with firmware 1.0.063, the KN9116 IP KVM switch with firmware 1.1.104, and the PN9108 power-control unit have a hardcoded SSL private key, which makes it easier for remote attackers to decrypt https sessions by extracting this key from their own switch and then sniffing network traffic to a switch owned by a different customer.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
ATEN IP KVM交换机HTTPS Web接口同一SSL密钥漏洞
Vulnerability Description
IP KVM是台湾宏正自动科技成的系列交换机设备。 IP KVM交换机与客户端机器之间的连接所使用的加密方式存在多个漏洞,远程攻击者可以破解加密并扮演为其他用户执行恶意操作。所有设备使用同一SSL密钥KH1516i、KN9116和PN9108型号设备对HTTPS Web接口使用了相同的SSL密钥,如果攻击者从一个设备获得了密钥,就可以解密所有其他几个设备的HTTPS通讯,包括用于认证到kvm交换机的用户名和口令。
CVSS Information
N/A
Vulnerability Type
N/A