CVE-2019-15075

EUVD-2019-6155
An issue was discovered in iNextrix ASTPP before 4.0.1. web_interface/astpp/application/config/config.php does not have strong random keys, as demonstrated by use of the 8YSDaBtDHAB3EQkxPAyTz2I5DttzA9uR private key and the r)fddEw232f encryption key.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 24%
Affected Products (NVD)
VendorProductVersion
inextrixastpp
𝑥
< 4.0.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/iNextrix/ASTPP/commit/9877ec62556f0470030acd306b24bc94fdcbe2ae
https://github.com/iNextrix/ASTPP/commit/9877ec62556f0470030acd306b24bc94fdcbe2ae