Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Entrust Instant Financial Issuance (formerly known as Cardwizard) 6.10.0, 6.9.0, 6.9.1, 6.9.2, and 6.8.x and earlier uses a DLL library (i.e. DCG.Security.dll) with a custom AES encryption process that relies on static hard-coded key values. These keys are not uniquely generated per installation of the software. Combined with the encrypted password that can be obtained from "WebAPI.cfg.xml" in CVE-2024-39341, the decryption is trivial and can lead to privilege escalation on the Windows host.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Entrust Instant Financial Issuance 安全漏洞
Vulnerability Description
Entrust Instant Financial Issuance(Entrust Cardwizard)是美国Entrust公司的一个即时金融卡发行解决方案。 Entrust Instant Financial Issuance存在安全漏洞,该漏洞源于加密密码易被破解。攻击者利用该漏洞可以提升权限。以下版本受到影响:6.10.0版本、6.9.0版本、6.9.1版本、6.9.2版本和6.8.x版本及之前版本。
CVSS Information
N/A
Vulnerability Type
N/A