Mitigation for Azure Storage SDK Client-Side Encryption Padding Oracle Vulnerability

Summary Summary Google informed Microsoft under Coordinated Vulnerability Disclosure CVD of a padding oracle vulnerability that may affect customers using Azure Storage SDK for Python, .NET, Java client-side encryption CVE-2022-30187. To mitigate this vulnerability, we released a new General...

CVE-2022-30187

creationtimestamp| type| source ---|---|--- 2022-07-13 02:25:48+00:00| seen| https://t.me/cibsecurity/46123 2022-07-18 05:00:00+00:00| seen| https://msrc.microsoft.com/blog/2022/07/mitigation-for-azure-storage-sdk-client-side-encryption-padding-oracle-vulnerability/...

Storing Encrypted Photos in Google’s Cloud

New paper: "Encrypted Cloud Photo Storage Using Google Photos": Abstract: Cloud photo services are widely used for persistent, convenient, and often free photo storage, which is especially useful for mobile devices. As users store more and more photos in the cloud, significant privacy concerns...

Google Workspace Now Offers Client-side Encryption For Drive and Docs

Google on Monday announced that it's rolling out client-side encryption to Google Workspace formerly G Suite, thereby giving its enterprise customers direct control of encryption keys and the identity service they choose to access those keys. "With client-side encryption, customer data is...

PT-2021-13887 · Unknown · Java Driver

Name of the Vulnerable Software and Affected Versions: Java driver versions that support client-side field level encryption CSFLE Description: The issue arises from the Java driver's failure to perform correct host name verification on the KMS server's certificate, which, in combination with a...

MongoDB Offers Field Level Encryption

MongoDB now has the ability to encrypt data by field: MongoDB calls the new feature Field Level Encryption. It works kind of like end-to-end encrypted messaging, which scrambles data as it moves across the internet, revealing it only to the sender and the recipient. In such a "client-side"...

MongoDB 4.2 Introduces End-to-End Field Level Encryption for Databases

At its developer conference held earlier this week in New York, the MongoDB team announced the latest version of its database management software that includes a variety of advanced features, including Field Level Encryption, Distributed Transactions, and Wildcard Indexes. The newly introduced...

U.S. Dept Of Defense: Multiple cryptographic vulnerabilities in login page on ███████

Summary: I realize that this report's title may not make sense yet. In one sentence: users logging in to the ███████ Server REST API Login page can have their passwords stolen by an attacker on the same LAN or WiFi as the victim trying to log in. Description: To save the reader any confusion, I'l...

Verax NMS Password Replay Attack (CVE-2013-1351)

Verax NMS Password Replay Attack CVE-2013-1351 I. BACKGROUND ---------------------- Verax NMS provides a service-oriented, unified management & monitoring of networks, applications and infrastructure enabling quick problem detection, root-cause analysis, reporting and automating recovery, reducin...

Verax NMS Password Replay Attack

Verax NMS Password Replay Attack CVE-2013-1351 I. BACKGROUND ---------------------- Verax NMS provides a service-oriented, unified management & monitoring of networks, applications and infrastructure enabling quick problem detection, root-cause analysis, reporting and automating recovery, reducin...

CVE-2002-2303

3D3.Com ShopFactory 5.8 is affected by a vulnerability where client-side encryption and decryption of sensitive price data enables remote attackers to modify shopping cart prices by using JavaScript to decrypt the cookie containing the data. This indicates a weakness in where price data is stored...

CVE-2002-2303

3D3.Com ShopFactory 5.8 uses client-side encryption and decryption for sensitive price data, which allows remote attackers to modify shopping cart prices by using the Javascript to decrypt the cookie that contains the data...

CVE-2002-2303

3D3.Com ShopFactory 5.8 uses client-side encryption and decryption for sensitive price data, which allows remote attackers to modify shopping cart prices by using the Javascript to decrypt the cookie that contains the data...