PT-2025-19375 · Unknown +2 · Request-Tracker4 +2

Name of the Vulnerable Software and Affected Versions: request-tracker4 versions affected versions not specified Description: The issue concerns the use of a default OpenSSL cipher, specifically 3DES des3, for encrypting SMIME email. This could potentially lead to security issues due to the...

Security Bulletin: OpenSSLにある複数の脆弱性のWebSphere Message BrokerとIBM Integration Busへの影響について

Summary OpenSSLの脆弱性について、OpenSSL Projectより2016年 9月22日、9月26日、11月10日にそれぞれ公表されております。WebSphere Message BrokerならびにIBM Integration Busにて使用されているDataDirect ODBC ドライバーに対して該当するCVEがあり、対処しております。 Vulnerability Details 最新の情報は下記の文書（英語）をご参照ください。 Security Bulletin: Multiple vulnerabilities in OpenSSL affect...

HP Insight Control For VMware vCenter Server 7.3 Insecure Permissions Vulnerability

HP Insight Control for VMware vCenter Server version 7.3 allows a low privileged attacker to read sensitive information files, decrypt all configuration server passwords, and gain access to the systems which in turn leads to the compromise of the whole infrastructure. / Exploit Title: HP Insight...

Technology sharing: the CBC, Padding Oracle attack re-interpretation, how to break HTTPS-bug warning-the black bar safety net

Why is a re-interpretation? Now about the Padding Oracle attack presentation, the better the articles including the content, are taken from this article in foreign languages. However, the text in the discussion a key issue of how to confirm the Padding bits, and no mention, which makes many puris...

SAP HANA system exposed to security vulnerabilities, static key exists in the database-vulnerability warning-the black bar safety net

! SAP is well-known in-memory database management system HANA was traced to the presence of security vulnerabilities, static encryption key is actually stored in the database. SAP HANA is SAP ever the fastest-growing products. Vulnerability overview ERPScan researchers held in Amsterdam the black...

Use of 3DES to Encrypt Stolen Target PIN Data Invites Worry

Target Corp.’s admission that encrypted PIN data was stolen in the Black Friday breach was bad news for consumers. For security experts, especially cryptographers, particular exception was taken to the retail giant’s use of Triple DES 3DES encryption to keep the PIN data safe. With all crypto...

Aastra IP Telephone encrypted .tuz configuration file leakage

Aastra IP telephone encrypted .tuz configuration file leakage ------------------------------------------------------------- Affected products ================= Aastra 6753i IP Telephone Firmware Version 3.2.2.56 Firmware Release Code SIP Boot Version 2.5.2.1010 Background ========== "The 6753i fr...

Multiple vulnerabilities in Ipswitch Instant Messaging 2.0.8.1

Luigi Auriemma Application: Ipswitch Instant Messaging http://www.ipswitch.com/products/instantmessaging Versions: = 2.0.8.1 Platforms: Windows Bugs: A pre-auth NULL pointer crash in decryption function B format string in logging C arbitrary empty files creation Exploitation: remote A versus both...

Nortel CES (3DES version) offers false sense of security when using IPSEC

Short summary: Nortel Networks Contivity Extranet Switch CES has a weakness in it's IPSEC key exchange when using 3DES encryption. The 3DES encryption keys are encrypted using single DES during initial key exchange thus reducing cryptographic strength to 56-bit DES level. The weakness affects bot...