cve/2019/CVE-2019-5106.md

### [CVE-2019-5106](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5106)
![](https://img.shields.io/static/v1?label=Product&message=WAGO%20e!Cockpit&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=Use%20of%20a%20Broken%20or%20Risky%20Cryptographic%20Algorithm&color=brighgreen)

### Description

A hard-coded encryption key vulnerability exists in the authentication functionality of WAGO e!Cockpit version 1.5.1.1. An attacker with access to communications between e!Cockpit and CoDeSyS Gateway can trivially recover the password of any user attempting to log in, in plain text.

### POC

#### Reference
- https://talosintelligence.com/vulnerability_reports/TALOS-2019-0898

#### Github
No PoCs found on GitHub currently.
Update Sun May 26 14:27:04 CEST 2024 2024-05-26 14:27:05 +02:00			`### [CVE-2019-5106](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5106)`
			`![](https://img.shields.io/static/v1?label=Product&message=WAGO%20e!Cockpit&color=blue)`
			`![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)`
			`![](https://img.shields.io/static/v1?label=Vulnerability&message=Use%20of%20a%20Broken%20or%20Risky%20Cryptographic%20Algorithm&color=brighgreen)`

			`### Description`

			`A hard-coded encryption key vulnerability exists in the authentication functionality of WAGO e!Cockpit version 1.5.1.1. An attacker with access to communications between e!Cockpit and CoDeSyS Gateway can trivially recover the password of any user attempting to log in, in plain text.`

			`### POC`

			`#### Reference`
			`- https://talosintelligence.com/vulnerability_reports/TALOS-2019-0898`

			`#### Github`
			`No PoCs found on GitHub currently.`