Primary

Context

BizRobo! Hard-Coded Cryptographic Key Vulnerability

Vulnerability

A vulnerability exists in all versions of BizRobo! due to the use of a hard-coded cryptographic key. This issue allows for the potential decryption of credentials stored in robot files, as they are encrypted with the same single key. The vulnerability could be exploited if the encryption key is obtained.

Impact

If the encryption key is available, credentials within robot files can be decrypted and accessed.

Reproduction

To reproduce this vulnerability, access to a robot file is required. This can be achieved by logging into the Management Console with a user that has permission to use the robot, and accessing the backup files or the database where the robot file data is stored. Once the robot file is obtained, if the hard-coded encryption key is also acquired, the encrypted credentials can be decrypted.

Remediation

The vendor recommends applying the provided workaround information to the deployment environment.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

8.7

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

8.7

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

BizRobo! Hard-Coded Cryptographic Key Vulnerability

Vulnerability

Impact

Reproduction

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating