CVE-2025-27459
Analyzed
Analyzed - Analysis Complete
BaseFortify
Publication date: 2025-07-03
Last updated on: 2026-01-29
Assigner: SICK AG
Description
Description
The VNC application stores its passwords encrypted within the registry but uses DES for encryption. As DES is broken, the original passwords can be recovered.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| endress | meac300-fnade4_firmware | * |
| endress | meac300-fnade4 | * |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-257 | The storage of passwords in a recoverable format makes them subject to password reuse attacks by malicious users. In fact, it should be noted that recoverable encrypted passwords provide no significant benefit over plaintext passwords since they are subject not only to reuse by malicious attackers but also by malicious insiders. If a system administrator can recover a password directly, or use a brute force search on the available information, the administrator can use the password on other accounts. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability involves a VNC application that stores passwords encrypted in the registry using DES encryption. Since DES is a broken encryption algorithm, attackers can recover the original passwords from the stored encrypted data.
How can this vulnerability impact me? :
An attacker with access to the registry could decrypt the stored passwords due to the weak DES encryption, potentially gaining unauthorized access to the VNC application and compromising system security.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70