NEWS > Research Blog
March 31, 2022
Critical Vulnerabilities in Spring and Spring Cloud Function That Will Probably Make This Weekend Less Fun - Analysis and Overview
The popular Java Spring framework may be affected by multiple remote code execution (RCE) vulnerabilities.
March 09, 2022
RustyHermit Security Vulnerabilities & Missing Mitigations
The research unikernel RustHermit was further audited for security vulnerabilities and effectiveness of its mitigations.
January 18, 2022
Telenot Complex: Insecure AES Key Generation
CVE-2021-34600: How predictable random numbers (literally) open the door for attackers: Our discovery of a flaw in the generation of AES keys, used for both physical and remote access, in a popular alarm system's parameterization software. Includes a proof-of-concept for cloning NFC tags!
January 18, 2022
Advisory X41-2021-003: Telenot complex - Insecure AES Key Generation
The compasX parameterization software for complex alarm systems generated the AES keys used for both physical access control (via NFC tags) and remote management in an insecure fashion.
January 12, 2022
RustyHermit Missing Memory Protections
The research unikernel RustyHermit lacks of several memory protection mechanisms which significantly ease attacks on vulnerable applications
