5980 matches found
DEBIAN-CVE-2012-6059
The dissectisakmp function in epan/dissectors/packet-isakmp.c in the ISAKMP dissector in Wireshark 1.6.x before 1.6.12 and 1.8.x before 1.8.4 uses an incorrect data structure to determine IKEv2 decryption parameters, which allows remote attackers to cause a denial of service application crash via...
NGS000193 Technical Advisory: DataArmor Full Disk Encryption Restricted Environment breakout
======= Summary ======= Name: DataArmor Full Disk Encryption - Restricted Environment breakout, Privilege Escalation and Full Disk Decryption Release Date: 30 November 2012 Reference: NGS00193 Discoverer: Stuart Passe [email protected] Vendor: Mobile Armor Vendor Reference: KB 1060043...
DataArmor / DriveArmor Privilege Escalation / Decryption Vulnerability
DataArmor and DriveArmor versions prior to 3.0.12.861 suffer from restricted environment breakout, privilege escalation, and full disk decryption vulnerabilities. ======= Summary ======= Name: DataArmor Full Disk Encryption - Restricted Environment breakout, Privilege Escalation and Full Disk...
DataArmor / DriveArmor Privilege Escalation / Decryption
======= Summary ======= Name: DataArmor Full Disk Encryption - Restricted Environment breakout, Privilege Escalation and Full Disk Decryption Release Date: 30 November 2012 Reference: NGS00193 Discoverer: Stuart Passe Vendor: Mobile Armor Vendor Reference: KB 1060043 Systems Affected: All version...
CVE-2012-4409
Stack-based buffer overflow in the checkfilehead function in extra.c in mcrypt 2.6.8 and earlier allows user-assisted remote attackers to execute arbitrary code via an encrypted file with a crafted header containing long salt data that is not properly handled during decryption...
CVE-2012-4409
Stack-based buffer overflow in the checkfilehead function in extra.c in mcrypt 2.6.8 and earlier allows user-assisted remote attackers to execute arbitrary code via an encrypted file with a crafted header containing long salt data that is not properly handled during decryption...
SSL Certificate Signed with the Compromised FortiGate Key
The X.509 certificate of the remote host was signed by a certificate belonging to a Certificate Authority CA found in FortiGate devices. The private key corresponding to the CA has been compromised, meaning that the remote host's X.509 certificate cannot be trusted. Certificate chains descending...
Huawei (Multiple Products) - Password Encryption
Huawei Multiple Products - Password Encryption source: https://www.securityfocus.com/bid/56510/info Multiple Huawei products are prone to a weak password encryption weakness. Successful exploits may allow an attacker to decrypt stored passwords; this may aid in further attacks. The following are...
Huawei (Multiple Products) - Password Encryption
source: https://www.securityfocus.com/bid/56510/info Multiple Huawei products are prone to a weak password encryption weakness. Successful exploits may allow an attacker to decrypt stored passwords; this may aid in further attacks. The following are vulnerable: Huawei Quidway series Huawei CX600...
[Android Privacy Guard v1.0.8] OpenPGP for Android
There's no public key encryption for Android yet, but that's an important feature for many of us. Android Privacy Guard is to manage OpenPGP keys on your phone, use them to encrypt, sign, decrypt emails and files. Change log v1.0.8 HKP key server support app2sd support more pass phrase cache...
[TCHead] TrueCrypt Password Cracking Tool
TCHead is software that decrypts and verifies TrueCrypt headers. TCHead supports all the current hashes, individual ciphers, standard volume headers, hidden volume headers and system drive encrypted headers preboot authentication. Brute-force TrueCrypt : However, TrueCrypt passwords go through ma...
Social Engineers Launch New Attack on Embattled Banks
As a number of major U.S. financial institutions deal with the aftermath of what was perhaps the largest DDoS campaign ever, researchers at FireEye are reporting on a separate phishing attack that establishes a channel of malicious communications on its victims’ computers. The attack is affecting...
openssl: uninitialized SSL 3.0 padding
The SSL 3.0 implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly initialize data structures for block cipher padding, which might allow remote attackers to obtain sensitive information by decrypting the padding data sent by an SSL peer...
CRIME Attack Uses Compression Ratio of TLS Requests as Side Channel to Hijack Secure Sessions
The new attack on TLS developed by researchers Juliano Rizzo and Thai Duong takes advantage of an information leak in the compression ratio of TLS requests as a side channel to enable them to decrypt the requests made by the client to the server. This, in turn, allows them to grab the user’s logi...
New Attack Uses SSL/TLS Information Leak to Hijack HTTPS Sessions
There is a feature supported by the SSL/TLS encryption standard and used by most of the major browsers that leaks enough information about encrypted sessions to enable attackers decrypt users’ supposedly protected cookies and hijack their sessions. The researchers who developed the attack that...
GnuTLS TLS Record Application GenericBlockCipher Parsing Integer Overflow (CVE-2012-1573)
An integer overflow vulnerability has been reported in GnuTLS. The vulnerability is due to improper handling of certain fields during the decryption process. A remote attacker can exploit this vulnerability by sending a specially crafted TLS Application Data packet to the server. Successful...
CVE-2012-2146
Elixir 0.8.0 uses Blowfish in CFB mode without constructing a unique initialization vector IV, which makes it easier for context-dependent users to obtain sensitive information and decrypt the database...
PYSEC-2012-13
Elixir 0.8.0 uses Blowfish in CFB mode without constructing a unique initialization vector IV, which makes it easier for context-dependent users to obtain sensitive information and decrypt the database...
UBUNTU-CVE-2012-2146
Elixir 0.8.0 uses Blowfish in CFB mode without constructing a unique initialization vector IV, which makes it easier for context-dependent users to obtain sensitive information and decrypt the database...
CVE-2012-2146
Elixir 0.8.0 uses Blowfish in CFB mode without constructing a unique initialization vector IV, which makes it easier for context-dependent users to obtain sensitive information and decrypt the database...