OpenSSL -- ChaCha20-Poly1305 nonce vulnerability

The OpenSSL project reports: Low: ChaCha20-Poly1305 with long nonces CVE-2019-1543 ChaCha20-Poly1305 is an AEAD cipher, and requires a unique nonce input for every encryption operation. RFC 7539 specifies that the nonce value IV should be 96 bits 12 bytes. OpenSSL allows a variable nonce length a...

PT-2019-1694

Name of the Vulnerable Software and Affected Versions OpenSSL versions 1.1.1 through 1.1.1b OpenSSL versions 1.1.0 through 1.1.0j Description The issue is related to the ChaCha20-Poly1305 cipher in OpenSSL, which requires a unique nonce input for every encryption operation. According to RFC 7539,...

CVE-2019-9555

Sagemcom F@st 5260 routers using firmware version 0.4.39, in WPA mode, default to using a PSK that is generated from a 2-part wordlist of known values and a nonce with insufficient entropy. The number of possible PSKs is about 1.78 billion, which is too small...

Design/Logic Flaw

Sagemcom F@st 5260 routers using firmware version 0.4.39, in WPA mode, default to using a PSK that is generated from a 2-part wordlist of known values and a nonce with insufficient entropy. The number of possible PSKs is about 1.78 billion, which is too small...

Semmle: the login blocking mechanism does not work correctly

Summary: The login block mechanism does not work correctly because it blocks the login for 1 minute and allows you to sign in again many times with specific pattern by allowing login 2 or 3 times after 1 minute Exploitation 1. open https://lgtm-com.pentesting.semmle.net/ 2. try to login with vali...

httpd: Weak Digest auth nonce generation in mod_auth_digest

In Apache httpd 2.2.0 to 2.4.29, when generating an HTTP Digest authentication challenge, the nonce sent to prevent reply attacks was not correctly generated using a pseudo-random seed. In a cluster of servers using a common Digest authentication configuration, HTTP requests could be replayed...

httpd: Weak Digest auth nonce generation in mod_auth_digest

In Apache httpd 2.2.0 to 2.4.29, when generating an HTTP Digest authentication challenge, the nonce sent to prevent reply attacks was not correctly generated using a pseudo-random seed. In a cluster of servers using a common Digest authentication configuration, HTTP requests could be replayed...

Memory corruption

In Live555 0.95, a setup packet can cause a memory leak leading to DoS because, when there are multiple instances of a single field username, realm, nonce, uri, or response, only the last instance can ever be freed...

UBUNTU-CVE-2019-7732

In Live555 0.95, a setup packet can cause a memory leak leading to DoS because, when there are multiple instances of a single field username, realm, nonce, uri, or response, only the last instance can ever be freed...

CVE-2019-7732

Removed by vendor...

Stryker Medical Beds

1. EXECUTIVE SUMMARY CVSS v3 6.8 ATTENTION: Public exploits are available Vendor: Stryker Equipment: Secure II MedSurg Bed, S3 MedSurg Bed, and InTouch ICU Bed Vulnerability: Reusing a Nonce 2. RISK EVALUATION Successful exploitation of this vulnerability could allow data traffic manipulation,...

Nonce Values Unchecked

python-oauth2 is vulnerable to replay attacks. This vulnerability is caused in the Server.verifyrequest function where it does not check the nonce value, allowing remote attackers to perform replay attacks through a signed URL...

WordPress MapSVG Lite 3.2.3 Cross Site Request Forgery

Details ================ Software: MapSVG Lite Version: 3.2.3 Homepage: https://en-gb.wordpress.org/plugins/mapsvg-lite-interactive-vector-maps/ Advisory report: https://advisories.dxw.com/advisories/csrf-mapsvg-lite/ CVE: Awaiting assignment CVSS: 5.8 Medium; AV:N/AC:M/Au:N/C:P/I:P/A:N Descripti...

CVE-2018-20231

Cross Site Request Forgery CSRF in the two-factor-authentication plugin before 1.3.13 for WordPress allows remote attackers to disable 2FA via the tfaenabletfa parameter due to missing nonce validation...

Code injection

An issue was discovered on Sigma Design Z-Wave S0 through S2 devices. An attacker first prepares a Z-Wave frame-transmission program e.g., Z-Wave PC Controller, OpenZWave, CC1110, etc.. Next, the attacker conducts a DoS attack against the Z-Wave S0 Security version product by continuously sending...

CVE-2018-19983

An issue was discovered on Sigma Design Z-Wave S0 through S2 devices. An attacker first prepares a Z-Wave frame-transmission program e.g., Z-Wave PC Controller, OpenZWave, CC1110, etc.. Next, the attacker conducts a DoS attack against the Z-Wave S0 Security version product by continuously sending...

CVE-2018-19983

CVE-2018-19983 affects Sigma Design Z-Wave devices (S0 through S2). An attacker can perform a DoS by repeatedly sending divided Nonce Get frames (0x98 0x81). In S0, upon receiving a Nonce Get, the node generates and sends a new nonce, then waits; if another Nonce Get arrives, the previous nonce i...

CVE-2018-19983

An issue was discovered on Sigma Design Z-Wave S0 through S2 devices. An attacker first prepares a Z-Wave frame-transmission program e.g., Z-Wave PC Controller, OpenZWave, CC1110, etc.. Next, the attacker conducts a DoS attack against the Z-Wave S0 Security version product by continuously sending...

httpd: Weak Digest auth nonce generation in mod_auth_digest

In Apache httpd 2.2.0 to 2.4.29, when generating an HTTP Digest authentication challenge, the nonce sent to prevent reply attacks was not correctly generated using a pseudo-random seed. In a cluster of servers using a common Digest authentication configuration, HTTP requests could be replayed...

Yi Technology Home Camera 27US nonce reuse authentication bypass vulnerability

Summary An exploitable code execution vulnerability exists in the firmware update functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted set of UDP packets can cause a logic flaw, resulting in an authentication bypass. An attacker can sniff network traffic and send a set of packets to...