CVE-2005-0809 Information

Description

NotifyLink when configured for client key retrieval allows remote attackers to obtain AES keys via a direct request to /hwp/get.asp then uses a weak encryption scheme (fixed byte reordering) to protect the key which allows remote attackers to obtain the key via a brute force attack.

Reference

http://secunia.com/advisories/14617 http://www.kb.cert.org/vuls/id/581068 http://www.securityfocus.com/bid/12843