![]() ![]() ![]() This is particularly problematic, because the ETS5 gives the users the impression that project password would be used to encrypt the project information, not just for exported projects. The information contained within allow to eaves-drop on, impersonate and reconfigure KNX devices. If an attacker is able to gain access to the files in the project store, they can decrypt them despite not knowing the project password. ![]() This can pose a threat to the security of the KNX installations. Storing cryptographic secrets in source code is ill-advised because they can be recovered by reverse engineering the software, thus offering little more protection than storing the information as cleartext. This is possible because the ETS5 has a significant design flaw, it uses a hard-coded password and salt to encrypt the project information ( CVE-2021-36799). Have you forgotten the password to one of your ETS5 projects and cannot access the configuration for the KNX installation anymore? The ETS5 Password Recovery Tool allows you to retrieve the project password and other secrets saved in the project store of the ETS5. ETS5 Password Recovery Tool Table of Contents ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |