BUG_Author: Kelsey Tian
Affected Version: stf - v3.6.6
Vendor: DeviceFarmer https://github.com/DeviceFarmer
Software: https://github.com/DeviceFarmer/stf
Vulnerability File: DeviceFarmer/stf#736
- lib/util/vncauth.js, line 35
Vulnerability Type: CWE-327 Use of a Broken or Risky Cryptographic Algorithm
Attack Type: Remote
Impact: Information Disclosure; Escalation of Privileges
Severity: High
Description: DeviceFarmer stf v3.6.6 suffers from Use of a Broken or Risky Cryptographic Algorithm. This algorithm is known to have significant vulnerabilities that can be exploited by attackers, compromising the confidentiality and integrity of sensitive data. DES-ECB uses a fixed encryption key and does not incorporate an initialization vector (IV). As a result, it produces the same output for identical input blocks, making it susceptible to pattern recognition and exposing encrypted data patterns.
References: DeviceFarmer/stf#736 https://github.com/DeviceFarmer/stf