Successful exploitation of this vulnerability may enable an attacker to access tenant email addresses and associated information in cleartext or cause a denial-of-service condition.
The following versions of MAXHUB Pivot client application are affected:
MAXHUB Pivot client application
Vendor
Equipment
MAXHUB
MAXHUB Pivot client application
Use of a Broken or Risky Cryptographic Algorithm
Critical Infrastructure Sectors: Information Technology
Countries/Areas Deployed: Worldwide
Company Headquarters Location: United States
This vulnerability, in the MAXHUB Pivot client application versions prior to v1.36.2, may allow an attacker to obtain encrypted tenant email addresses and related metadata from any tenant. Due to the presence of a hardcoded AES key within the application, the encrypted data can be decrypted, enabling access to tenant email addresses and associated informat...