Explorance Blue Reversible Encryption Vulnerability Allowing Credential Decryption
Vulnerability
A vulnerability exists in Explorance Blue versions prior to 8.14.12, where sensitive data such as user passwords and system configurations are encrypted using reversible symmetric encryption with a hardcoded static key. This design allows encrypted data to be decrypted offline if accessed, potentially exposing plaintext credentials and configuration details to an attacker with database access.
Impact
Exploitation of this vulnerability could lead to the decryption of stored user passwords and sensitive system configuration data, allowing unauthorized access or manipulation of application settings.
Remediation
Users can upgrade to Explorance Blue version 8.14.12 or later to address this vulnerability. For self-hosted customers, no action is required if already on version 8.14.12 or later.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.