5771 matches found
Design/Logic Flaw
A vulnerability in the Secure Sockets Layer SSL Decryption and Inspection feature of Cisco Firepower System Software 5.4.0, 5.4.1, 6.0.0, 6.1.0, 6.2.0, 6.2.1, and 6.2.2 could allow an unauthenticated, remote attacker to bypass the SSL policy for decrypting and inspecting traffic on an affected...
CVE-2017-6766
A vulnerability in the Secure Sockets Layer SSL Decryption and Inspection feature of Cisco Firepower System Software 5.4.0, 5.4.1, 6.0.0, 6.1.0, 6.2.0, 6.2.1, and 6.2.2 could allow an unauthenticated, remote attacker to bypass the SSL policy for decrypting and inspecting traffic on an affected...
CVE-2017-6766
Cisco Firepower System Software versions 5.4.0, 5.4.1, 6.0.0, 6.1.0, 6.2.0, 6.2.1, and 6.2.2 contain a vulnerability (CVE-2017-6766) in the SSL Decryption and Inspection feature that allows an unauthenticated, remote attacker to bypass SSL policy for decrypting and inspecting traffic. The issue a...
CVE-2017-6766
A vulnerability in the Secure Sockets Layer SSL Decryption and Inspection feature of Cisco Firepower System Software 5.4.0, 5.4.1, 6.0.0, 6.1.0, 6.2.0, 6.2.1, and 6.2.2 could allow an unauthenticated, remote attacker to bypass the SSL policy for decrypting and inspecting traffic on an affected...
All Credentials and Backup Encryption Keys Become Invalid if Veeam Backup and Replication Is Manually Migrated to Another Machine
Challenge All credentials and backup encryption keys become unusable after manually migrating Veeam Backup and Replication software to a different machine. The term "manual migration," in this case, refers to the process of installing Veeam Backup & Replication on a new system and directing it to...
CVE-2017-9856
An issue was discovered in SMA Solar Technology products. Sniffed passwords from SMAdata2+ communication can be decrypted very easily. The passwords are "encrypted" using a very simple encryption algorithm. This enables an attacker to find the plaintext passwords and authenticate to the device...
CVE-2017-9856
The connected PT-2017-19222 entry confirms concrete technical details: SMA Solar Technology inverters (Sunny Boy TLST-21/TL-21 and Sunny Tripower TL-10/TL-30) use a simple encryption algorithm for SMAdata2+ passwords, allowing an attacker to decrypt passwords to plaintext and authenticate to the ...
CVE-2017-9856
An issue was discovered in SMA Solar Technology products. Sniffed passwords from SMAdata2+ communication can be decrypted very easily. The passwords are "encrypted" using a very simple encryption algorithm. This enables an attacker to find the plaintext passwords and authenticate to the device...
CVE-2017-9856
An issue was discovered in SMA Solar Technology products. Sniffed passwords from SMAdata2+ communication can be decrypted very easily. The passwords are "encrypted" using a very simple encryption algorithm. This enables an attacker to find the plaintext passwords and authenticate to the device...
Design/Logic Flaw
Zoho ManageEngine OpManager 11 through 12.2 uses a custom encryption algorithm to protect the credential used to access the monitored devices. The implemented algorithm doesn't use a per-system key or even a salt; therefore, it's possible to create a universal decryptor...
Cisco Firepower Management Secure Sockets Layer Policy Bypass Vulnerability
A vulnerability in the Secure Sockets Layer SSL Decryption and Inspection feature of Cisco Firepower System Software could allow an unauthenticated, remote attacker to bypass the SSL policy for decrypting and inspecting traffic on an affected system. SPDX-FileCopyrightText: 2017 Greenbone AG Some...
Cisco Firepower System Software Secure Sockets Layer Policy Bypass Vulnerability
A vulnerability in the Secure Sockets Layer SSL Decryption and Inspection feature of Cisco Firepower System Software could allow an unauthenticated, remote attacker to bypass the SSL policy for decrypting and inspecting traffic on an affected system. The vulnerability is due to unexpected...
Design/Logic Flaw
IBM API Connect 5.0.0.0 could allow a user to bypass policy restrictions and create non-compliant passwords which could be intercepted and decrypted using man in the middle techniques. IBM X-Force ID: 127160...
CVE-2017-1386
IBM API Connect 5.0.0.0 could allow a user to bypass policy restrictions and create non-compliant passwords which could be intercepted and decrypted using man in the middle techniques. IBM X-Force ID: 127160...
CVE-2017-1386
CVE-2017-1386 affects IBM API Connect 5.0.0.0 (and related product versions) where a user could bypass password policy and create non‑compliant passwords that might be intercepted and decrypted via man‑in‑the‑middle techniques. The IBM Security Bulletin details affected ranges: API Connect 5.0.0....
A week in security (July 24 – July 30)
Last week, we recognized one of the unsung heroes of our times, explained what the Dark Web is, revealed challenges one of our experienced when putting together his conference presentation for SteelCon, revealed the potential dangers of smart toys to kids, and made a prediction following the...
CVE-2017-2834
An exploitable code execution vulnerability exists in the authentication functionality of FreeRDP 2.0.0-beta1+android11. A specially crafted server response can cause an out-of-bounds write resulting in an exploitable condition. An attacker can compromise the server or use a man in the middle...
CVE-2015-8013
s2k.js in OpenPGP.js will decrypt arbitrary messages regardless of passphrase for crafted PGP keys which allows remote attackers to bypass authentication if message decryption is used as an authentication mechanism via a crafted symmetrically encrypted PGP message...
CVE-2015-8013
CVE-2015-8013 concerns s2k.js in OpenPGP.js, where crafted PGP keys can be decrypted regardless of the provided passphrase, enabling an attacker to bypass authentication if message decryption is used as an authentication mechanism. The concrete technical detail across the connected documents iden...
CVE-2015-8013
s2k.js in OpenPGP.js will decrypt arbitrary messages regardless of passphrase for crafted PGP keys which allows remote attackers to bypass authentication if message decryption is used as an authentication mechanism via a crafted symmetrically encrypted PGP message...