KLCERT advisories

KLCERT-18-005: Zipato Zipabox Sensitive Information Disclosure

08 August 2018

A remote attacker can get sensitive information that expands attack surface.
KLCERT-18-004: Zipato Zipabox Weak Hash Algorithm

08 August 2018

Weak hashing algorithm allows attacker get passwords in clear text.
KLCERT-18-003: Zipato Zipabox Insecure configuration storage

08 August 2018

Insecure configuration storage allows attacker take under control device and smart home.
KLCERT-18-002: Saperion webclient multiple vulnerabilities: Arbitrary File Read in Saperion web client

09 February 2018

Remote exploitation of discovered vulnerabilities lead to full compromise the system with Saperion webclient. An unauthenticated attacker may be able to exploit vulnerability and read arbitrary files.
KLCERT-18-001: Saperion webclient multiple vulnerabilities: Remote Code Execution with system user privileges in Saperion web client

09 February 2018

Remote exploitation of discovered vulnerabilities lead to full compromise the system with Saperion webclient. An unauthenticated attacker may be able to exploit vulnerability and cause to remote code execution with the privilege of the system user on Windows OS and with the privilege of www-data on Linux OS.
KLCERT-17-008: Sentinel LDK RTE: Remote enabling and disabling admin interface

02 October 2017

Remote enabling and disabling administrative interface opens new attack vectors on the remote system with Gemalto's HASP SRM, Sentinel HASP and Sentinel LDK products prior to Sentinel LDK RTE version 7.55.
KLCERT-17-007: Sentinel LDK RTE: Memory corruption might cause remote code execution

02 October 2017

Memory corruption in Gemalto's HASP SRM, Sentinel HASP and Sentinel LDK products prior to Sentinel LDK RTE version 7.55 might cause remote code execution.
KLCERT-17-006: Sentinel LDK RTE: Arbitrary memory read from controlled memory pointer leads to remote denial of service

02 October 2017

Arbitrary memory read from controlled memory pointer in Gemalto's HASP SRM, Sentinel HASP and Sentinel LDK products prior to Sentinel LDK RTE version 7.55 leads to remote denial of service.
KLCERT-17-005: Sentinel LDK RTE: Remote manipulations with language pack updater lead to NTLM-relay attack for system user

02 October 2017

Remote manipulations with language pack updater lead to NTLM-relay attack for system user in Gemalto's HASP SRM, Sentinel HASP and Sentinel LDK products prior to Sentinel LDK RTE version 7.55
KLCERT-17-004: Sentinel LDK RTE: Stack overflow in custom XML-parser leads to remote denial of service

02 October 2017

Stack overflow in custom XML-parser in Gemalto's HASP SRM, Sentinel HASP and Sentinel LDK products prior to Sentinel LDK RTE version 7.55 leads to remote denial of service.