Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
CreateBossCredentials.jar in Toshiba CHEC before 6.6 build 4014 and 6.7 before build 4329 contains a hardcoded AES key, which allows attackers to discover Back Office System Server (BOSS) DB2 database credentials by leveraging knowledge of this key in conjunction with bossinfo.pro read access.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Toshiba CHEC Hardcoded Cryptographic Key 信息泄露漏洞
Vulnerability Description
Toshiba CHEC是日本东芝(Toshiba)公司的一款产品。 Toshiba CHEC 6.6及之前版本和6.7版本的CreateBossCredentials.jar文件中存在安全漏洞,该漏洞源于程序中存在硬编码的AES密钥。攻击者可借助已知的密钥和bossinfo.pro文件的读权限利用该漏洞发现Back Office System Server(BOSS)DB2数据库证书。
CVSS Information
N/A
Vulnerability Type
N/A