The Chrome HUDweb plugin prior to 2016-05-05 for Fonality (previously trixbox Pro) 12.6 up to and including 14.1i uses the same hardcoded private key across different customers' installations, which allows remote malicious users to defeat cryptographic protection mechanisms by leveraging knowledge of this key from another installation.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
fonality hud_web |
||
fonality fonality 12.8 |
||
fonality fonality 12.6 |
||
fonality fonality 14.1i |