CVE-2025-26849

CVSS 4.3 MEDIUMEPSS 0.2%CWE-1394

In short

Docusnap stores a fixed encryption key in its code that can be used to decrypt inventory files containing sensitive data like firewall rules. This means anyone with access to the software can decrypt these files without authorization.

Technical detail

CWE-1394 hard-coded cryptographic key vulnerability in Docusnap allows attackers with local or remote access to encrypted inventory files to decrypt sensitive configuration data (firewall rules, etc.) using the embedded key. No authentication bypass required if the encrypted file is accessible; impact is confidentiality of stored sensitive information.

Summary generated and translated by AI from the official description.

There is a Hard-coded Cryptographic Key in Docusnap 13.0.1440.24261, and earlier and later versions. This key can be used to decrypt inventory files that contain sensitive information such as firewall rules.

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

Affected products

Docusnap · Docusnap

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://docs.docusnap.com/en/release-notes/changelog/https://www.redteam-pentesting.de/en/advisories/rt-sa-2024-012/