Open puru1761 opened 6 years ago
Line 736 of CTP Client contains a vulnerability as the SSL KeyStore Password is hardcoded to "ctpstore". This could allow an unauthorized non-root attacker to decrypt sent images by obtaining the SSL Key.
Reference Link: https://github.com/johnperry/CTPClient/blob/1c015288bc948dcdfd42874d6cbab67347cab5e9/source/java/client/CTPClient.java#L736
Line 736 of CTP Client contains a vulnerability as the SSL KeyStore Password is hardcoded to "ctpstore". This could allow an unauthorized non-root attacker to decrypt sent images by obtaining the SSL Key.
Reference Link: https://github.com/johnperry/CTPClient/blob/1c015288bc948dcdfd42874d6cbab67347cab5e9/source/java/client/CTPClient.java#L736