Phlox com.phlox.simpleserver (aka Simple HTTP Server) 1.8 and com.phlox.simpleserver.plus (aka Simple HTTP Server PLUS) 1.8.1-plus have a hardcoded aKySWb2jjrr4dzkYXczKRt7K encryption key. The threat is from a man-in-the-middle attacker who can intercept and potentially modify data during transmission.
References
Link | Resource |
---|---|
https://github.com/actuator/com.phlox.simpleserver/blob/main/CWE-321.md | Exploit Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
05 Jan 2024, 18:35
Type | Values Removed | Values Added |
---|---|---|
References | () https://github.com/actuator/com.phlox.simpleserver/blob/main/CWE-321.md - Exploit, Third Party Advisory | |
Summary |
|
|
CWE | CWE-798 | |
First Time |
Fedirtsapana simple Http Server Plus
Fedirtsapana simple Http Server Fedirtsapana |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.3 |
CPE | cpe:2.3:a:fedirtsapana:simple_http_server:1.8:*:*:*:*:android:*:* cpe:2.3:a:fedirtsapana:simple_http_server_plus:1.8.1-plus:*:*:*:*:android:*:* |
27 Dec 2023, 21:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-12-27 21:15
Updated : 2024-01-05 18:35
NVD link : CVE-2023-46919
Mitre link : CVE-2023-46919
CVE.ORG link : CVE-2023-46919
JSON object : View
Products Affected
fedirtsapana
- simple_http_server
- simple_http_server_plus
CWE
CWE-798
Use of Hard-coded Credentials