Lucene search
+L

10 matches found

veracode
veracode
added 2025/11/24 4:53 a.m.9 views

Improper Authentication

Akka.NET is vulnerable to improper authentication. The vulnerability is due to the lack of mutual TLS enforcement in Akka.Remote, which allows an attacker to connect to a TLS-enabled cluster without presenting a valid client certificate and thereby communicate with the cluster...

9.3CVSS6.9AI score0.00374EPSS
Exploits0References7Affected Software2
github
github
added 2025/10/07 9:15 p.m.9 views

Akka.Remote TLS did not properly implement certificate-based authentication

Impact This is a critical network security vulnerability for Akka.Remote users who have SSL / TLS enabled on their Akka.Remote connections and were expecting certificate-based authentication to be enforced on all peers attempting to join the network. In all versions of Akka.Remote from v1.2.0 to...

9.3CVSS7AI score0.00374EPSS
Exploits0References7Affected Software2
osv
osv
added 2025/10/07 9:15 p.m.3 views

GHSA-JHPV-4Q4F-43G5 Akka.Remote TLS did not properly implement certificate-based authentication

Impact This is a critical network security vulnerability for Akka.Remote users who have SSL / TLS enabled on their Akka.Remote connections and were expecting certificate-based authentication to be enforced on all peers attempting to join the network. In all versions of Akka.Remote from v1.2.0 to...

9.3CVSS7AI score0.00374EPSS
Exploits0References7
redhatcve
redhatcve
added 2025/10/07 5:35 p.m.4 views

CVE-2025-61778

Akka.NET is a .NET port of the Akka project from the Scala / Java community. In all versions of Akka.Remote from v1.2.0 to v1.5.51, TLS could be enabled via our akka.remote.dot-netty.tcp transport and this would correctly enforce private key validation on the server-side of inbound connections...

9.3CVSS6.8AI score0.00374EPSS
Exploits0References1
gitlab
gitlab
added 2025/10/07 12:0 a.m.13 views

Akka.Remote TLS did not properly implement certificate-based authentication

This is a critical network security vulnerability for Akka.Remote users who have SSL / TLS enabled on their Akka.Remote connections and were expecting certificate-based authentication to be enforced on all peers attempting to join the network. In all versions of Akka.Remote from v1.2.0 to v1.5.51...

9.3CVSS7AI score0.00374EPSS
Exploits0References8Affected Software1
gitlab
gitlab
added 2025/10/07 12:0 a.m.12 views

Akka.Remote TLS did not properly implement certificate-based authentication

This is a critical network security vulnerability for Akka.Remote users who have SSL / TLS enabled on their Akka.Remote connections and were expecting certificate-based authentication to be enforced on all peers attempting to join the network. In all versions of Akka.Remote from v1.2.0 to v1.5.51...

9.3CVSS7AI score0.00374EPSS
Exploits0References8Affected Software1
snyk
snyk
added 2025/10/06 5:47 p.m.3 views

User Impersonation

Overview Akka.Remote is a .NET port of the popular Akka project from the Scala / Java community. Affected versions of this package are vulnerable to User Impersonation due to improper implementation of certificate-based authentication in the akka.remote.dot-netty.tcp transport. An attacker can ga...

9.3CVSS7.1AI score0.00374EPSS
Exploits0References2
cvelist
cvelist
added 2025/10/06 4:53 p.m.10 views

CVE-2025-61778 Akka.Remote TLS did not properly implement certificate-based authentication

Akka.NET is a .NET port of the Akka project from the Scala / Java community. In all versions of Akka.Remote from v1.2.0 to v1.5.51, TLS could be enabled via our akka.remote.dot-netty.tcp transport and this would correctly enforce private key validation on the server-side of inbound connections...

9.3CVSS0.00374EPSS
Exploits0References5
vulnrichment
vulnrichment
added 2025/10/06 4:53 p.m.2 views

CVE-2025-61778 Akka.Remote TLS did not properly implement certificate-based authentication

Akka.NET is a .NET port of the Akka project from the Scala / Java community. In all versions of Akka.Remote from v1.2.0 to v1.5.51, TLS could be enabled via our akka.remote.dot-netty.tcp transport and this would correctly enforce private key validation on the server-side of inbound connections...

9.3CVSS6.5AI score0.00374EPSS
Exploits0References5
veracode
veracode
added 2018/09/03 6:30 a.m.21 views

Insecure Random Number Generation

akka-remote is vulnerable to insecure random number generation. When a custom random number generator is configured, if the AES128CounterSecureRNG and AES256CounterSecureRNG are enabled, a malicious user can easily guess the random number used during encryption and possibly eavesdrop onto ongoing...

9.1CVSS8.9AI score0.01186EPSS
Exploits0References3Affected Software3
Rows per page
Query Builder