CVE-2020-26511

The wpo365-login plugin before v11.7 for WordPress allows use of a symmetric algorithm to decrypt a JWT token. This leads to authentication bypass...

CVE-2020-26511

The wpo365-login plugin before v11.7 for WordPress allows use of a symmetric algorithm to decrypt a JWT token. This leads to authentication bypass...

Authentication flaw

The wpo365-login plugin before v11.7 for WordPress allows use of a symmetric algorithm to decrypt a JWT token. This leads to authentication bypass...

RHEL 7 : nss and nspr (RHSA-2020:4076)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:4076 advisory. Network Security Services NSS is a set of libraries designed to support the cross-platform development of security-enabled client and server...

openSUSE Security Update : roundcubemail (openSUSE-2020-1516)

This update for roundcubemail fixes the following issues : roundcubemail was upgraded to 1.3.15 This is a security update to the LTS version 1.3. boo1175135 - Security: Fix cross-site scripting XSS via HTML messages with malicious svg content CVE-2020-16145 - Security: Fix cross-site scripting XS...

EulerOS Virtualization for ARM 64 3.0.6.0 : python-rsa (EulerOS-SA-2020-2050)

According to the version of the python-rsa package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability : - Python-RSA before 4.1 ignores leading '\0' bytes during decryption of ciphertext. This could conceivably have a...

EulerOS 2.0 SP3 : python-rsa (EulerOS-SA-2020-2070)

According to the version of the python-rsa package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - Python-RSA before 4.1 ignores leading '\0' bytes during decryption of ciphertext. This could conceivably have a security-relevant impact, e.g., ...

Updated mbedtls packages fix security vulnerabilities

mbedtls 2.16.8 fixes three security vulnerabilities which could affect earlier releases: Local side channel attack on classical CBC decryption in DTLS CVE-2020-16150. Local side channel attack on RSA and static Diffie-Hellman. Protocol weakness in DHE-PSK key exchange...

Windows SecureCRT Session Information Enumeration

This module will determine if SecureCRT is installed on the target system and, if it is, it will try to dump all saved session information from the target. The passwords for these saved sessions will then be decrypted where possible, using the decryption information that HyperSine reverse...

Default credentials

In GLPI before version 9.5.0, the encryption algorithm used is insecure. The security of the data encrypted relies on the password used, if a user sets a weak/predictable password, an attacker could decrypt data. This is fixed in version 9.5.0 by using a more secure encryption library. The librar...

UBUNTU-CVE-2020-11031

In GLPI before version 9.5.0, the encryption algorithm used is insecure. The security of the data encrypted relies on the password used, if a user sets a weak/predictable password, an attacker could decrypt data. This is fixed in version 9.5.0 by using a more secure encryption library. The librar...

CVE-2020-16244

GE Digital APM Classic, Versions 4.4 and prior. Salt is not used for hash calculation of passwords, making it possible to decrypt passwords. This design flaw, along with the IDOR vulnerability, puts the entire platform at high risk because an authenticated user can retrieve all user account data...

CVE-2020-16244

GE Digital APM Classic, Versions 4.4 and prior. Salt is not used for hash calculation of passwords, making it possible to decrypt passwords. This design flaw, along with the IDOR vulnerability, puts the entire platform at high risk because an authenticated user can retrieve all user account data...

Design/Logic Flaw

GE Digital APM Classic, Versions 4.4 and prior. Salt is not used for hash calculation of passwords, making it possible to decrypt passwords. This design flaw, along with the IDOR vulnerability, puts the entire platform at high risk because an authenticated user can retrieve all user account data...

CVE-2020-16244

GE Digital APM Classic, Versions 4.4 and prior. Salt is not used for hash calculation of passwords, making it possible to decrypt passwords. This design flaw, along with the IDOR vulnerability, puts the entire platform at high risk because an authenticated user can retrieve all user account data...

CVE-2020-16244

Ge Digital APM Classic (Versions 4.4 and prior) is affected by two vulnerabilities: (1) an IDOR-based vulnerability allowing unauthorized retrieval of user account data, and (2) use of a one-way hash without a salt, enabling password decryption. The combination creates a high-risk scenario for au...

CVE-2020-4614

CVE-2020-4614 affects IBM Data Risk Manager (iDNA) 2.0.6. The issue is weaker than expected cryptographic algorithms that could allow an attacker to decrypt sensitive information. Remediation is to upgrade to v2.0.6.4 and then apply subsequent fixpacks (2.0.6.5, 2.0.6.6) in order, as detailed in ...

AES Finder - Utility To Find AES Keys In Running Processes

Utility to find AES keys in running process memory. Works for 128, 192 and 256-bit keys. Usage Open aes-finder.sln solution in Visual Studio 2013 to compile source. Alternatively use gcc/clang: g++ -O3 -march=native -fomit-frame-pointer aes-finder.cpp -o aes-finder To search for keys in process...

USN-4504-1: OpenSSL vulnerabilities

Robert Merget, Marcus Brinkmann, Nimrod Aviram, and Juraj Somorovsky discovered that certain Diffie-Hellman ciphersuites in the TLS specification and implemented by OpenSSL contained a flaw. A remote attacker could possibly use this issue to eavesdrop on encrypted communications. This was fixed i...

New Linux Malware Steals Call Details from VoIP Softswitch Systems

Cybersecurity researchers have discovered an entirely new kind of Linux malware dubbed "CDRThief" that targets voice over IP VoIP softswitches in an attempt to steal phone call metadata. "The primary goal of the malware is to exfiltrate various private data from a compromised softswitch, includin...