Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-0809


Vulnerability Score 7.5 7.5
CVE Id CVE-2005-0809
Last Modified 05 Sep 2008 04:47:22
Published 02 May 2005 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE



NotifyLink, when configured for client key retrieval, allows remote attackers to obtain AES keys via a direct request to /hwp/get.asp, then uses a weak encryption scheme (fixed byte reordering) to protect the key, which allows remote attackers to obtain the key via a brute force attack.

Vulnerable Systems


  • Notify Technology Notifylink Enterprise Server


CERT-VN - VU#581068

BID - 12843

SECUNIA - 14617

Last Updated: 27 May 2016 10:39:56