Cyber Security Daily Radar

#cwe-329

共收录 2 条相关安全情报。

← 返回所有主题
INFO EPSS 0%
VULNERABILITY 2026-05-28

electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. Prior to 3.9.5, deterministic AES-192-CBC with a fixed zero IV, constant KDF salt, and ...

推荐 3.4
Conf: 50%
CVE-2026-45787

electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. Prior to 3.9.5, deterministic AES-192-CBC with a fixed zero IV, constant KDF salt, and no MAC leads to confidentiality and integrity failures for synced bookmark/profile data. Attackers can crack common passwords across installs and perform undetected ciphertext bit-flips to alter config/bookmarks. This vulne

💡 影响/原因: 原文内容(由于配额限制,未进行深度 LLM 分析)

🎯 建议动作: 建议根据原文自行评估

来自 NVD
排序因子: Primary 数据源 (+3) | LLM 评分加成 (+0.4)
INFO
ADVISORY 2026-05-14

electerm's encrypt method not safe enough

推荐 7.4
Conf: 50%
electerm

### Impact _Insecure sync encryption: deterministic AES-192-CBC with a fixed zero IV, constant KDF salt, and no MAC leads to confidentiality and integrity failures for synced bookmark/profile data. Attackers can crack common passwords across installs and perform undetected ciphertext bit-flips to alter config/bookmarks._ ### Patches - https://github.com/electerm/electerm/commit/9dd8295e37d53396b

💡 风险点: 原文内容(由于配额限制,未进行深度 LLM 分析)

🎯 建议动作: 建议根据原文自行评估

来自 GitHub Advisory
排序因子: 有可用补丁/修复方案 (+3) | Secondary 数据源 (+2) | 包含 CVE (+2) | LLM 评分加成 (+0.4)