CVE-2022-45379

Jenkins Script Security Plugin 1189.vbab7c8fd5fde and earlier stores whole-script approvals as the SHA-1 hash of the script, making it vulnerable to collision attacks...

# Only part of keccak256() is used as hash, making it susceptible to collision attacks

Lines of code Vulnerability details At 2 places in the code only part of the output of keccak256 is used as the hash: At TokenDistributor - DistributionState.distributionHash15 - uses only a 15 bytes as a hash This one is intended to save storage At Crowdfund.governanceOptsHash a 16 bytes is used...

EulerOS Virtualization for ARM 64 3.0.1.0 : gnutls (EulerOS-SA-2019-1388)

According to the versions of the gnutls packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - It was found that the GnuTLS implementation of HMAC-SHA-384 was vulnerable to a Lucky thirteen style attack. Remote...

Microsoft to Kill Updates for Legacy OS Using SHA-1

Microsoft is in the process of phasing out use of the Secure Hash Algorithm 1 SHA-1 code-signing encryption to deliver Windows OS updates – announcing that customers running legacy OS versions will be required to have SHA-2 code-signing support installed on their devices by July 2019. No SHA-2...

Code injection

Vulnerable hash algorithms exists in Schneider Electric's Modicon Premium, Modicon Quantum, Modicon M340, and BMXNOR0200 controllers in all versions of the communication modules. The algorithm used to encrypt the password is vulnerable to hash collision attacks...

CVE-2018-7242

Vulnerable hash algorithms exists in Schneider Electric's Modicon Premium, Modicon Quantum, Modicon M340, and BMXNOR0200 controllers in all versions of the communication modules. The algorithm used to encrypt the password is vulnerable to hash collision attacks...

Weak Password Hashing Algorithm

WordPress is vulnerable to collision attacks. It uses a weak MD-5 based password hashing algorithm, making it easier for attackers to obtain a valid password hash...

Collision Attack

Apache Hive is vulnerable to collision attacks. The vulnerability is possible because it uses the weak hashing algorithm, SHA-1, in src/java/org/apache/hive/service/CookieSigner.java and src/java/org/apache/hadoop/hive/ql/udf/generic/GenericUDFMaskHash.java allowing the attackers to easily perfor...

Fedora 25 : subversion (2017-b9e4c24094)

This update includes the latest stable release of Apache Subversion, version 1.9.6. User-visible changes: Client-side bugfixes : - cp/mv: improve error message when target is an unversioned dir - merge: reduce memory usage with large amounts of mergeinfo issue 4667 Server-side bugfixes : -...

Weak Hash Algorithm

contwidgetor is using SHA-1 which is a weak hash algorithm. The use of the weak algorithm in the authentication allows attackers to easily perform collsion attacks...

SHA-1 End Times Have Arrived

For the past couple of years, browser makers have raced to migrate from SHA-1 to SHA-2 as researchers have intensified warnings about collision attacks moving from theoretical to practical. In just weeks, a transition deadline set by Google, Mozilla and Microsoft for the deprecation of SHA-1 is u...

SSL Certificate Signed Using Weak Hashing Algorithm (Known CA)

The remote service uses a known CA certificate in the SSL certificate chain that has been signed using a cryptographically weak hashing algorithm e.g., MD2, MD4, MD5, or SHA1. These signature algorithms are known to be vulnerable to collision attacks CVE-2004-2761, for example. An attacker can...

Google Removing SHA-1 Support in Chrome 56

The home stretch for SHA-1 deprecation is in full effect with Google on Wednesday announcing its final deprecation deadlines for the Chrome browser, and a cryptographic services provider warning that there’s still a long way to go to get sites off SHA-1 certificates. Google said it will remove it...

New Collision Attacks Against 3DES, Blowfish Allow for Cookie Decryption

RC4 apparently is no longer the lone pariah among smaller cryptographic ciphers. Already broken and set for deprecation by the major browser and technology makers, RC4 could shortly have company in Triple-DES 3DES and Blowfish. Researchers are set to present new attacks against 64-bit ciphers tha...

Security Losses from Obsolete and Truncated Transcript Hashes (SLOTH) - Lenovo Support US

No description provided...

Security Losses from Obsolete and Truncated Transcript Hashes (SLOTH)

Lenovo Security Advisory: LEN-4603 Potential Impact: An attacker with man-in-the-middle capabilities could decrypt encrypted traffic or impersonate a legitimate client or server Severity: Medium Scope of Impact: Industry-Wide Summary Description: A flaw was found in the way the TLS 1.2 protocol...

TLS 1.2 Transcipt Collision attacks against MD5 in key exchange protocol (SLOTH)

A flaw was found in the way TLS 1.2 could use the MD5 hash function for signing ServerKeyExchange and Client Authentication packets during a TLS handshake. A man-in-the-middle attacker able to force a TLS connection to use the MD5 hash function could use this flaw to conduct collision attacks to...

Microsoft's SHA-1 Deprecation Begins with Windows 10 Anniversary Update

The home stretch of Microsoft’s planned SHA-1 deprecation schedule has arrived. This summer, with the planned release of the Windows 10 Anniversary Update, users should see signs that the weak cryptographic hash function is being phased out. Microsoft said that once the anniversary update is roll...

Important: java-1.7.0-openjdk

Issue Overview: An out-of-bounds write flaw was found in the JPEG image format decoder in the AWT component in OpenJDK. A specially crafted JPEG image could cause a Java application to crash or, possibly execute arbitrary code. An untrusted Java application or applet could use this flaw to bypass...

Medium: gnutls

Issue Overview: A flaw was found in the way TLS 1.2 could use the MD5 hash function for signing ServerKeyExchange and Client Authentication packets during a TLS handshake. A man-in-the-middle attacker able to force a TLS connection to use the MD5 hash function could use this flaw to conduct...