Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An issue was discovered in Kaseya Rapid Fire Tools Network Detective through 2.0.16.0. A vulnerability exists in the EncryptionUtil class because symmetric encryption is implemented in a deterministic and non-randomized fashion. The method Encrypt(byte[] clearData) derives both the encryption key and the IV from a fixed, hardcoded input by using a static salt value. As a result, identical plaintext inputs always produce identical ciphertext outputs. This is true for both FIPS and non-FIPS generated passwords. In other words, there is a cryptographic implementation flaw in the password encryption mechanism. Although there are multiple encryption methods grouped under FIPS and non-FIPS classifications, the logic consistently results in predictable and reversible encrypted outputs due to the lack of per-operation randomness and encryption authentication.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Kaseya RapidFire Tools Network Detective 安全漏洞
Vulnerability Description
Kaseya RapidFire Tools Network Detective是美国Kaseya公司的一款网络资产评估与安全扫描工具。 Kaseya RapidFire Tools Network Detective 2.0.16.0及之前版本存在安全漏洞,该漏洞源于加密实现存在缺陷,可能导致密码加密机制可预测和可逆。
CVSS Information
N/A
Vulnerability Type
N/A