CVE-2024-40719

The encryption strength of the authorization keys in CHANGING Information Technology TCBServiSign Windows Version is insufficient. When a remote attacker tricks a victim into visiting a malicious website, TCBServiSign will treat that website as a legitimate server and interact with it.
Configurations

Configuration 1 (hide)

cpe:2.3:a:changingtec:tcb_servisign:*:*:*:*:*:windows:*:*

History

09 Aug 2024, 14:36

Type Values Removed Values Added
References () https://www.twcert.org.tw/en/cp-139-7970-e8ac5-2.html - () https://www.twcert.org.tw/en/cp-139-7970-e8ac5-2.html - Third Party Advisory
References () https://www.twcert.org.tw/tw/cp-132-7964-5b266-1.html - () https://www.twcert.org.tw/tw/cp-132-7964-5b266-1.html - Third Party Advisory
CPE cpe:2.3:a:changingtec:tcb_servisign:*:*:*:*:*:windows:*:*
First Time Changingtec tcb Servisign
Changingtec

02 Aug 2024, 12:59

Type Values Removed Values Added
Summary
  • (es) La seguridad de cifrado de las claves de autorización en CHANGING Information Technology TCBServiSign Windows Version es insuficiente. Cuando un atacante remoto engaña a una víctima para que visite un sitio web malicioso, TCBServiSign tratará ese sitio web como un servidor legítimo e interactuará con él.

02 Aug 2024, 10:16

Type Values Removed Values Added
New CVE

Information

Published : 2024-08-02 10:16

Updated : 2024-08-09 14:36


NVD link : CVE-2024-40719

Mitre link : CVE-2024-40719

CVE.ORG link : CVE-2024-40719


JSON object : View

Products Affected

changingtec

  • tcb_servisign
CWE
CWE-326

Inadequate Encryption Strength