Bitwarden: Biometric key is stored in Windows Credential Manager, accessible to other local unprivileged processes

A vulnerability in Bitwarden Desktop for Windows allowed a local attacker to access the biometric master key used for unlocking the vault through Windows Hello. The key was stored in plaintext in the Windows Credential Manager, accessible to any local unprivileged process. This allowed an attacke...

Man-in-the-Middle (MitM)

gnutls is vulnerable to Man-in-the-Middle MitM. The vulnerability exists due to an error in the TLS RSA key exchange and allows remote attacker to decrypt the information...

CVE-2023-21443

Improper cryptographic implementation in Samsung Flow for Android prior to version 4.9.04 allows adjacent attackers to decrypt encrypted messages or inject commands...

CVE-2023-21444

Improper cryptographic implementation in Samsung Flow for PC 4.9.14.0 allows adjacent attackers to decrypt encrypted messages or inject commands...

SAMSUNG Flow 加密问题漏洞

SAMSUNG Flow is a software product from Samsung South Korea. It is used to enable a seamless, secure, and connected experience on devices. A security vulnerability exists in SAMSUNG Flow for Android prior to version 4.9.04. An attacker exploiting the vulnerability could decrypt encrypted messages...

Veeam Backup and Replication Credentials Dump

This module exports and decrypts credentials from Veeam Backup & Replication and Veeam ONE Monitor Server to a CSV file; it is intended as a post-exploitation module for Windows hosts with either of these products installed. The module supports automatic detection of VBR / Veeam ONE and is capabl...

Code injection

An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1. CheckUser TokenManager insecurely uses AES-CTR encryption with a repeated aka re-used nonce, allowing an adversary to decrypt...

CVE-2023-20038

A vulnerability in the monitoring application of Cisco Industrial Network Director could allow an authenticated, local attacker to access a static secret key used to store both local data and credentials for accessing remote systems. This vulnerability is due to a static key value stored in the...

CVE-2023-22912

An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1. CheckUser TokenManager insecurely uses AES-CTR encryption with a repeated aka re-used nonce, allowing an adversary to decrypt...

LastPass users should move their crypto funds, experts warn

Several experts have warned LastPass users who store cryptocurrency-related login information in their vaults to change that login information as soon as they can. Apparently, cybercriminals who have access to the stolen information are making it a priority to decrypt the data in an attempt to...

CVE-2022-38469

An unauthorized user with network access and the decryption key could decrypt sensitive data, such as usernames and passwords...

GE Digital Proficy Historian 加密问题漏洞

GE Digital Proficy Historian is a powerful tool with storage analysis and data collection capabilities from GE Digital. A security vulnerability exists in GE Digital Proficy Historian version 7.0 and later. An attacker could exploit the vulnerability to decrypt sensitive data, such as usernames a...

Uncontrolled Resource Consumption

github.com/flynn/noise is vulnerable to uncontrolled resource consumption. The weakened cryptographic security after encrypting 2^64 messages causes multiple messages to be encrypted with the same key and nonce resulting in denial of service conditions. Additionally the Decrypt function increment...

Design/Logic Flaw

The Noise protocol implementation suffers from weakened cryptographic security after encrypting 2^64 messages, and a potential denial of service attack. After 2^64 18.4 quintillion messages are encrypted with the Encrypt function, the nonce counter will wrap around, causing multiple messages to b...

CVE-2021-4239

The Noise protocol implementation suffers from weakened cryptographic security after encrypting 2^64 messages, and a potential denial of service attack. After 2^64 18.4 quintillion messages are encrypted with the Encrypt function, the nonce counter will wrap around, causing multiple messages to b...

CVE-2021-4239 Weak encryption and denial of service in github.com/flynn/noise

The Noise protocol implementation suffers from weakened cryptographic security after encrypting 2^64 messages, and a potential denial of service attack. After 2^64 18.4 quintillion messages are encrypted with the Encrypt function, the nonce counter will wrap around, causing multiple messages to b...

CVE-2021-4239

The Noise protocol implementation suffers from weakened cryptographic security after encrypting 2^64 messages, and a potential denial of service attack. After 2^64 18.4 quintillion messages are encrypted with the Encrypt function, the nonce counter will wrap around, causing multiple messages to b...

IBM Spectrum Control Weak Encryption Vulnerability

IBM Spectrum Control formerly known as Tivoli Storage Productivity Center is a suite of storage resource management software from International Business Machines IBM. The software provides monitoring, automation and analysis for multiple storage systems. IBM Spectrum Control version 5.4 suffers...

The vulnerability of the PRNG generator in the development environment for programming CODESYS V3 applications, related to the use of cryptographic algorithms with defects, allows a hacker to decrypt and modify the loaded code.

The vulnerability of the PRNG generator used in the development environment for CODESYS V3 applications is related to the use of cryptographic algorithms that contain vulnerabilities. Exploiting this vulnerability could allow a malicious actor, operating remotely, to decrypt and modify the loaded...

CVE-2022-20513

In decrypt12 of CryptoPlugin.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID:...