Lucene search
Veracode Vulnerability DatabaseVERACODE:20652HistoryJul 04, 2019 - 5:05 a.m.
Insecure Encryption Key
2019-07-0405:05:07
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
33
EPSS
0.001
Percentile
47.2%
Dnn.Platform uses an insecure encryption key. The vulnerability exists as it does not actually use an encrypted key as its key.
References
packetstormsecurity.com/files/157080/DotNetNuke-Cookie-Deserialization-Remote-Code-Execution.html
github.com/dnnsoftware/Dnn.Platform/commit/99bf22270b28c5124ae5ada6c9cf00b2901efb3a
github.com/dnnsoftware/Dnn.Platform/releases
github.com/dnnsoftware/Dnn.Platform/releases/tag/v9.2.2
www.dnnsoftware.com/community/security/security-center
Related
attackerkb
attackerkb
CVE-2018-15812
2019-07-03 00:00:00
osv
osv
Insufficient Entropy in DotNetNuke
2019-07-05 21:08:24
CVE-2018-15812
2019-07-03 17:15:10
CVE-2018-18326
2019-07-03 17:15:10
cvelist
cvelist
CVE-2018-15812
2019-07-03 16:35:30
CVE-2018-18326
2019-07-03 16:39:12
github
github
Insufficient Entropy in DotNetNuke
2019-07-05 21:08:24
Insufficient Entropy in DotNetNuke
2019-07-05 21:08:20
prion
prion
Code injection
2019-07-03 17:15:00
Code injection
2019-07-03 17:15:00
cve
cve
CVE-2018-15812
2019-07-03 17:15:10
CVE-2018-18326
2019-07-03 17:15:10
nvd
nvd
CVE-2018-15812
2019-07-03 17:15:10
CVE-2018-18326
2019-07-03 17:15:10
veracode
veracode
Information Disclosure
2019-07-04 09:17:04
openvas
openvas
DotNetNuke 9.2.x < 9.2.2 Multiple Vulnerabilities
2022-08-08 00:00:00
DotNetNuke < 9.3.0 Multiple Vulnerabilities
2022-08-08 00:00:00
exploitdb
exploitdb
DotNetNuke - Cookie Deserialization Remote Code Execution (Metasploit)
2020-04-16 00:00:00
packetstorm
packetstorm
DotNetNuke Cookie Deserialization Remote Code Execution
2020-04-03 00:00:00
zdt
zdt
DotNetNuke Cookie Deserialization Remote Code Execution Exploit
2020-04-03 00:00:00
metasploit
metasploit
DotNetNuke Cookie Deserialization Remote Code Excecution
2019-07-16 16:16:53