CVE-2020-10256

An issue was discovered in beta versions of the 1Password command-line tool prior to 0.5.5 and in beta versions of the 1Password SCIM bridge prior to 0.7.3. An insecure random number generator was used to generate various keys. An attacker with access to the user's encrypted data may be able to...

CVE-2020-10256

An issue was discovered in beta versions of the 1Password command-line tool prior to 0.5.5 and in beta versions of the 1Password SCIM bridge prior to 0.7.3. An insecure random number generator was used to generate various keys. An attacker with access to the user's encrypted data may be able to...

Design/Logic Flaw

An issue was discovered in beta versions of the 1Password command-line tool prior to 0.5.5 and in beta versions of the 1Password SCIM bridge prior to 0.7.3. An insecure random number generator was used to generate various keys. An attacker with access to the user's encrypted data may be able to...

CVE-2020-10256

An issue was discovered in beta versions of the 1Password command-line tool prior to 0.5.5 and in beta versions of the 1Password SCIM bridge prior to 0.7.3. An insecure random number generator was used to generate various keys. An attacker with access to the user's encrypted data may be able to...

CVE-2020-27181

A hardcoded AES key in CipherUtils.java in the Java applet of konzept-ix publiXone before 2020.015 allows attackers to craft password-reset tokens or decrypt server-side configuration files...

PT-2020-12009 · 1Password · 1Password Scim Bridge +1

Name of the Vulnerable Software and Affected Versions: 1Password command-line tool versions prior to 0.5.5 1Password SCIM bridge versions prior to 0.7.3 Description: An issue was discovered where an insecure random number generator was used to generate various keys. This could allow an attacker...

CVE-2020-25659

A flaw was found in python-cryptography, where it is vulnerable to Bleichenbacher timing attacks. This flaw allows an attacker, via the RSA decryption API, to decrypt parts of the ciphertext encrypted with RSA. The highest threat from this vulnerability is to confidentiality...

PT-2020-6703 · Pypi +8 · Python-Cryptography +8

Name of the Vulnerable Software and Affected Versions: python-cryptography versions 3.2 Description: The issue is related to errors in RSA key management in the python-cryptography package for the Python programming language. It may allow a remote attacker to gain unauthorized access to protected...

New Report on Police Decryption Capabilities

There is a new report on police decryption capabilities: specifically, mobile device forensic tools MDFTs. Short summary: its not just the FBI that can do it. This report documents the widespread adoption of MDFTs by law enforcement in the United States. Based on 110 public records requests to...

Design/Logic Flaw

A vulnerability in the sftunnel functionality of Cisco Firepower Management Center FMC Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to obtain the device registration hash. The vulnerability is due to insufficient sftunnel negotiation...

Cisco Firepower 1000 Series Bleichenbacher Attack Vulnerability

A vulnerability in the TLS handler of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software for Cisco Firepower 1000 Series firewalls could allow an unauthenticated, remote attacker to gain access to sensitive information. The vulnerability is due to...

EulerOS Virtualization 3.0.2.2 : nettle (EulerOS-SA-2020-2206)

According to the version of the nettle package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - A Bleichenbacher type side-channel based padding oracle attack was found in the way nettle handles endian conversion of RSA decrypted...

EulerOS Virtualization 3.0.2.2 : nss (EulerOS-SA-2020-2205)

According to the version of the nss packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a...

Huawei EulerOS: Security Advisory for nss (EulerOS-SA-2020-2205)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2020-8929

A mis-handling of invalid unicode characters in the Java implementation of Tink versions prior to 1.5 allows an attacker to change the ID part of a ciphertext, which result in the creation of a second ciphertext that can decrypt to the same plaintext. This can be a problem with encrypting...

IBM Security Guardium Big Data Intelligence (SonarG) Information Disclosure Vulnerability

IBM Security Guardium and IBM Security Guardium Big Data Intelligence SonarG are both products of IBM Corporation in the U.S. IBM Security Guardium is a suite of platforms that provide data protection capabilities. The platform includes features such as customized UI, report management, and...

CVE-2020-1688

On Juniper Networks SRX Series and NFX Series, a local authenticated user with access to the shell may obtain the Web API service private key that is used to provide encrypted communication between the Juniper device and the authenticator services. Exploitation of this vulnerability may allow an...

Design/Logic Flaw

The Juniper Device Manager JDM container, used by the disaggregated Junos OS architecture on Juniper Networks NFX350 Series devices, stores password hashes in the world-readable file /etc/passwd. This is not a security best current practice as it can allow an attacker with access to the local...

Authentication flaw

On Juniper Networks SRX Series and NFX Series, a local authenticated user with access to the shell may obtain the Web API service private key that is used to provide encrypted communication between the Juniper device and the authenticator services. Exploitation of this vulnerability may allow an...

CVE-2020-1688 Junos OS: SRX and NFX Series: Insufficient Web API private key protection

On Juniper Networks SRX Series and NFX Series, a local authenticated user with access to the shell may obtain the Web API service private key that is used to provide encrypted communication between the Juniper device and the authenticator services. Exploitation of this vulnerability may allow an...