1482 matches found
JetBrains Code With Me 安全漏洞
JetBrains Code With Me is a plug-in application from the Czech company JetBrains that provides code co-editing for the IntelliJ IDE. JetBrains Code With Me suffers from a cryptographic issue vulnerability that can be exploited by an attacker on the local network to access encrypted traffic knowin...
Microchip Libraries for Applications Encryption Problem Vulnerability
Microchip Libraries for Applications is a microchip library for applications from Microchip. A cryptographic vulnerability exists in Microchip Libraries for Applications, which can be exploited by an attacker to decrypt information returned by the application in question, resulting in a disclosur...
IBM Security Guardium Insights Weak Cryptographic Algorithm Vulnerability (CNVD-2021-03713)
IBM Security Guardium Insights is a modern hybrid cloud data security hub designed to provide a reliable view of an organization's data security and compliance posture. A weak cryptographic algorithm vulnerability exists in IBM Security Guardium Insights 2.0.2. An attacker could exploit the...
CVE-2020-4595
IBM Security Guardium Insights 2.0.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 184819...
Scalance X Products hard-coded encryption key vulnerability (CNVD-2021-02592)
SCALANCE X is a switch for connecting industrial components such as programmable logic controllers plc or human machine interfaces HMIs. The Scalance X Products hard-coded encryption key vulnerability can be exploited by an attacker to handle man-in-the-middle scenarios and decrypt previously...
CVE-2020-28395
A vulnerability has been identified in SCALANCE X-200RNA switch family All versions V3.2.7, SCALANCE X-300 switch family incl. X408 and SIPLUS NET variants All versions V4.1.0. Devices do not create a new unique private key after factory reset. An attacker could leverage this situation to a...
CVE-2020-28391
Summary: CVE-2020-28391 affects Siemens SCALANCE X switches (X-200, X-200IRT, X-200RNA; incl. SIPLUS NET variants). Root cause: after factory reset, devices normally generate a new unique key, but when used with C-PLUG they ship a hardcoded private RSA key, enabling a man-in-the-middle and decryp...
PT-2021-2203 · Siemens · Scalance X-200 +2
Name of the Vulnerable Software and Affected Versions: SCALANCE X-200 versions prior to V3.2.7 SCALANCE X-200IRT versions prior to V3.2.7 SCALANCE X-300 versions prior to V4.1.0 Description: The issue is related to the reset function of industrial switches, which does not generate a new...
CVE-2017-20001
The AES encryption project 7.x and 8.x for Drupal does not sufficiently prevent attackers from decrypting data, aka SA-CONTRIB-2017-027. NOTE: This project is not covered by Drupal's security advisory policy...
Drupal Encryption Problem Vulnerability
Drupal is an open source content management system developed in the PHP language by the Drupal community. An encryption issue vulnerability exists in Drupal AES encryption project 7.x and 8.x, which stems from a vulnerability that does not adequately prevent an attacker from being able to decrypt...
Tibco ObfuscationEngine 5.11 - Fixed Key Password Decryption
Exploit Title: Tibco ObfuscationEngine 5.11 - Fixed Key Password Decryption Date: December 8th 2020 Exploit Author: Tess Sluijter Vendor Homepage: https://www.tibco.com Version: 5.11x and before Tested on: MacOS, Linux, Windows Tibco password decryption exploit Background Tibco's documentation...
Kr00k vulnerability (CVE-2019-15126) in Broadcom and Cypress Wi-Fi chips
During the RSA conference of February 26th 2020, researchers Štefan Svorencík and Robert Lipovsky disclosed a vulnerability in the implementation of the wireless egress packet processing of certain Broadcom Wi-Fi chipsets. This vulnerability is referenced as CVE-2019-15126 and could allow an...
CVE-2020-4937
IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.0.3.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 191814...
Nextcloud Server server-side encryption key underprotection vulnerability (CNVD-2020-66860)
Nextcloud is a set of client-server software for creating file hosting services and using them. A server-side insufficient encryption key protection vulnerability exists in Nextcloud Server 19.0.1. An attacker can exploit the vulnerability to replace the public key and decrypt the encryption key...
CVE-2020-27688
RVToolsPasswordEncryption.exe in RVTools 4.0.6 allows users to encrypt passwords to be used in the configuration files. This encryption used a static IV and key, and thus using the Decrypt method from VISKD.cs from the RVTools.exe executable allows for decrypting the encrypted passwords. The...
CVE-2020-27688
RVToolsPasswordEncryption.exe in RVTools 4.0.6 allows users to encrypt passwords to be used in the configuration files. This encryption used a static IV and key, and thus using the Decrypt method from VISKD.cs from the RVTools.exe executable allows for decrypting the encrypted passwords. The...
Design/Logic Flaw
RVToolsPasswordEncryption.exe in RVTools 4.0.6 allows users to encrypt passwords to be used in the configuration files. This encryption used a static IV and key, and thus using the Decrypt method from VISKD.cs from the RVTools.exe executable allows for decrypting the encrypted passwords. The...
CVE-2020-27688
RVTools 4.0.6 is affected by CVE-2020-27688: RVToolsPasswordEncryption.exe uses a static IV and key for encryption, and the Decrypt() method in VISKD.cs within RVTools.exe can decrypt the stored passwords. This creates a risk that passwords in configuration files could be recovered by anyone with...
PT-2020-16764 · Robbie Van Bommel · Rvtools
Name of the Vulnerable Software and Affected Versions: RVTools version 4.0.6 Description: The issue concerns the encryption of passwords in RVTools. Specifically, the RVToolsPasswordEncryption.exe utility in RVTools 4.0.6 uses a static initialization vector IV and key for encryption. This static...
freerdp: Out-of-bounds read in security_fips_decrypt in libfreerdp/core/security.c
An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds OOB read vulnerability has been detected in securityfipsdecrypt in libfreerdp/core/security.c due to an uninitialized value...