crackle - Crack Bluetooth Smart (BLE) Encryption

crackle cracks BLE Encryption AKA Bluetooth Smart. crackle exploits a flaw in the BLE pairing process that allows an attacker to guess or very quickly brute force the TK Temporary Key. With the TK and other data collected from the pairing process, the STK Short Term Key and later the LTK Long Ter...

Design/Logic Flaw

An issue was discovered in certain Apple products. iOS before 10.1 is affected. The issue involves the "iTunes Backup" component, which improperly hashes passwords, making it easier to decrypt files...

CVE-2016-4685

An issue was discovered in certain Apple products. iOS before 10.1 is affected. The issue involves the "iTunes Backup" component, which improperly hashes passwords, making it easier to decrypt files...

CVE-2016-4685

CVE-2016-4685 affects iOS versions before 10.1, in the iTunes Backup component where a weak password hashing method was used for encrypted backups, enabling easier recovery of the backup password and thus decryption of files. Apple’s security content for iOS 10.1 states the weak hash was removed,...

CVE-2016-3995

The timing attack protection in Rijndael::Enc::ProcessAndXorBlock and Rijndael::Dec::ProcessAndXorBlock in Crypto++ aka cryptopp before 5.6.4 may be optimized out by the compiler, which allows attackers to conduct timing attacks...

Brute Force Decryption

OpenSSL is vulnerable to brute-force decryption attacks and RSA-to-EXPORTRSA downgrade attacks. These attacks are possible through the ssl3getkeyexchange function which offers a weak ephemeral RSA key in a noncompliant role, related to the "FREAK" issue...

CVE-2016-8492

The implementation of an ANSI X9.31 RNG in Fortinet FortiGate allows attackers to gain unauthorized read access to data handled by the device via IPSec/TLS decryption...

CVE-2016-8492

The implementation of an ANSI X9.31 RNG in Fortinet FortiGate allows attackers to gain unauthorized read access to data handled by the device via IPSec/TLS decryption...

CVE-2016-8492

The implementation of an ANSI X9.31 RNG in Fortinet FortiGate allows attackers to gain unauthorized read access to data handled by the device via IPSec/TLS decryption...

Information Disclosure

OpenSSL is vulnerable to decryption oracle attacks. A malicious user on the network can use the server as an oracle to determine the SSLv2 master key...

Information disclosure

IBM AppScan Source uses a one-way hash without salt to encrypt highly sensitive information, which could allow a local attacker to decrypt information more easily...

DROWN Attack

OpenSSL is vulnerable to the DROWN attack. The DROWN attack is also known as a Bleichenbacher RSA padding oracle. This vulnerability allows a malicious user to recover a session key from SSL2.0 connections, allowing them to decrypt such connections...

Side Channel Attack On Modular Exponentiation

OpenSSL is vulnerable to side channel attacks. The vulnerability exploits cache-bank conflicts on the Intel Sandy-Bridge microarchitecture, exposing RSA keys. However, an attacker can only exploit this only if he has control of code in a thread running on the same hyper-threaded core as the victi...

Leakage Of Decryption Key

nifi is susceptible to information disclosure. The vulnerability exists because running the encrypt-config.sh script allows the boostrap process RunNiFi.java to leak the sensitive property decryption key in 1 in the plaintext in boostrap.conf 2 in the process invocation...

CVE-2016-10102

hitek.jar in Hitek Software's Automize uses weak encryption when encrypting SSH/SFTP and Encryption profile passwords. This allows an attacker to retrieve the encrypted passwords from sshProfiles.jsd and encryptionProfiles.jsd and decrypt them to recover cleartext passwords. All 10.x up to and...

Yelp: Yelp.com is vulnerable to SWEET32 attack

Researchers have found new attack against 3DES-CBC cipher in TLS,that they can decrypt customer data using a method called SWEET32 Birthday Attack. This Vulnerability has got CVE-2016-2183 and has cvss score 5.0 This vulnerability can be found manually by simply using nmap script nmap -Pn -p...

rc4 Password Cracking Vulnerability in LOGBASE Ops Security Management System from Sifo-Di

The LOGBASE O&M security management system from Sifo-Di provides O&M security audits for O&M staff. A rc4 password cracking vulnerability exists in the LOGBASE Operations and Maintenance Security Management System from Sifo-Dee. As the system comes with a URL link to decrypt its own "RC4",...

Padding Oracle Attack

bouncycastle is vulnerable to padding oracle attacks. In an environment where timings can be easily observed, it is possible to identify when the decryption is failing due to padding...

Weak Encryption

aes is vulnerable to weak encryption. The vulnerability exists due to improper implementation of string to hex conversion. A string that does not contain a hexadecimal sequence 00-FF is converted to a hexadecimal array filled with zeroes. This means that it is possible to decrypt messages with...

Los Angeles College Pays Hackers $28,000 Ransom To Get Its Files Back

Ransomware has turned on to a noxious game of Hackers to get paid effortlessly. Once again the heat was felt by the Los Angeles Valley College LAVC when hackers managed to infect its computer network with ransomware and demanded US$28,000 payment in Bitcoins to get back online. The cyber-attack...