VYPR
High severity7.5NVD Advisory· Published Jun 20, 2016· Updated Jun 17, 2026

CVE-2016-2364

CVE-2016-2364

Description

The Chrome HUDweb plugin before 2016-05-05 for Fonality (previously trixbox Pro) 12.6 through 14.1i uses the same hardcoded private key across different customers' installations, which allows remote attackers to defeat cryptographic protection mechanisms by leveraging knowledge of this key from another installation.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

5
  • Fonality/Fonality4 versions
    cpe:2.3:a:fonality:fonality:12.6:*:*:*:*:*:*:*+ 3 more
    • cpe:2.3:a:fonality:fonality:12.6:*:*:*:*:*:*:*
    • cpe:2.3:a:fonality:fonality:12.8:*:*:*:*:*:*:*
    • cpe:2.3:a:fonality:fonality:14.1i:*:*:*:*:*:*:*
    • (no CPE)range: <2016-05-05
  • cpe:2.3:a:fonality:hud_web:*:*:*:*:*:fonality:*:*
    Range: <=1.4.1

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.