[原文]NotifyLink, when configured for client key retrieval, allows remote attackers to obtain AES keys via a direct request to /hwp/get.asp, then uses a weak encryption scheme (fixed byte reordering) to protect the key, which allows remote attackers to obtain the key via a brute force attack.
NotifyLink Enterprise Server get.asp AES Key Disclosure
Remote / Network Access
Loss of Confidentiality
Unknown or Incomplete
Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround: Configure NotifyLink to use "Manual Key Generation."