Description

The vulnerability exists in the password storage of Mobateks MobaXterm in versions below 25.0. MobaXTerm uses an initialisation vector (IV) consisting only of zero bytes and a master key to encrypt each password individually. In the default configuration, on opening MobaXTerm, the user is prompted for their password. A derivative of the password is used as the master key. As both the master key and the IV are the same for each stored password, the AES CFB ciphertext depends only on the plaintext (the password). The static IV and master key make it easier to obtain sensitive information and to decrypt data when it is stored at rest.

INFO

Published Date :

2025-02-17T11:56:45.283Z

Last Modified :

2025-02-19T08:29:49.252Z

Source :

cirosec
AFFECTED PRODUCTS

The following products are affected by CVE-2025-0714 vulnerability.

Vendors Products
Mobatek
  • Mobaxterm
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-0714.

URL Resource
https://www.cirosec.de/sa/sa-2024-012 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact