Microsoft SHA-2 Advisory Causing 'Infinite Loop' Issues

Problems with a security update issued this week by Microsoft have surfaced on a number of technology forums. Windows users say Microsoft Security Advisory 303929, which adds SHA-2 code-signing and verification support for Windows 7 client machines and Windows Server 2008 R2 boxes, is causing...

GPG 32-Bit Short Key ID Collision Attacks

Attack and vulnerability details are often disclosed in order to prompt vendors and project maintainers into action. It happened recently with publication of attack code that mimicked the work of Karsten Nohl on BadUSB and tried to nudge Phison Electronics of Taiwan into looking at its USB...

Mozilla Begins Phasing Out Support for SHA-1 Hash Algorithm

Mozilla has joined the chorus of browser makers and technology companies no longer throwing their support behind the shaky SHA-1 hash algorithm. Long considered vulnerable to attack, SHA-1 is already on hackers’ collective to-do list with experts predicting collision attacks practical within four...

Microsoft Warns Customers Away From RC4, SHA-1

The RC4 and SHA-1 algorithms have taken a lot of hits in recent years, with new attacks popping up on a regular basis. Many security experts and cryptographers have been recommending that vendors begin phasing the two out, and Microsoft on Tuesday said that is now recommending to developers that...

Microsoft to Eliminate Weak MD5 Crypto Algorithm

The clock is running on Windows administrators to sweep out MD5 implementations before a February 2014 patch from Microsoft slams the door shut on the broken, aged crypto algorithm. Microsoft released a pair of advisories yesterday in addition to its regular Patch Tuesday security updates alertin...

CVE-2011-0539

The keycertify function in usr.bin/ssh/key.c in OpenSSH 5.6 and 5.7, when generating legacy certificates using the -t command-line option in ssh-keygen, does not initialize the nonce field, which might allow remote attackers to obtain sensitive stack memory contents or make it easier to conduct...

CVE-2011-0539

The keycertify function in usr.bin/ssh/key.c in OpenSSH 5.6 and 5.7, when generating legacy certificates using the -t command-line option in ssh-keygen, does not initialize the nonce field, which might allow remote attackers to obtain sensitive stack memory contents or make it easier to conduct...

Design/Logic Flaw

The keycertify function in usr.bin/ssh/key.c in OpenSSH 5.6 and 5.7, when generating legacy certificates using the -t command-line option in ssh-keygen, does not initialize the nonce field, which might allow remote attackers to obtain sensitive stack memory contents or make it easier to conduct...

Fedora Core 10 FEDORA-2009-1291 (nss)

The remote host is missing an update to nss announced via advisory FEDORA-2009-1291. Note: This VT has been deprecated and is therefore no longer functional. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the...

SSL Certificate Forgery via MD5 Collision Attacks

Public key infrastructure PKI is a mechanism used for issuing digital certificates for secure websites. A critical vulnerability was detected in PKI that enables attackers to create a forged digital certificate that will be trusted by all common web browsers. The vulnerability is due to a weaknes...

SSL Certificate Signed Using Weak Hashing Algorithm

The remote service uses an SSL certificate chain that has been signed using a cryptographically weak hashing algorithm e.g. MD2, MD4, MD5, or SHA1. These signature algorithms are known to be vulnerable to collision attacks. An attacker can exploit this to generate another certificate with the sam...

MD5 vulnerable to collision attacks

Overview Weaknesses in the MD5 algorithm allow for collisions in output. As a result, attackers can generate cryptographic tokens or other data that illegitimately appear to be authentic. Description A secure cryptographic hash algorithm is one that generates a unique identifier of a fixed size...