NetWin Authentication Module 3.0b password storage vulnerabilities / buffer overflows

NetWin Authentication Module 3.0b password storage vulnerabilities / buffer overflows AFFECTED SYSTEMS NWAuth module as used by DMail, SurgeFTP, others... cfr www.netwinsite.com I've tested SurgeFTP in particular The source code for NWAuth 2.0 can be found at...

ArGoSoft FTP Server 1.2.2.2 Weak password encryption

ArGoSoft FTP Server 1.2.2.2 Weak password encryption AFFECTED SYSTEMS ArGoSoft FTP Server 1.2.2.2 DESCRIPTION ArGoSoft FTP Server 1.2.2.2 for win32 is vulnerable to decryption of the password file. As a matter of fact the programmers are aware of this since they have implemented decryption...

ArGoSoft FTP Server 1.2.2.2 - Weak Password Encryption

// source: https://www.securityfocus.com/bid/3029/info ArGoSoft FTP server is an FTP server for the Windows platform. A design error exists in ArGoSoft FTP which enables an authenticated user to view other users encrypted passwords. However due to a weak encryption scheme it is possible for a use...

ArGoSoft FTP Server 1.2.2.2 - Weak Password Encryption

ArGoSoft FTP Server 1.2.2.2 - Weak Password Encryption // source: https://www.securityfocus.com/bid/3029/info ArGoSoft FTP server is an FTP server for the Windows platform. A design error exists in ArGoSoft FTP which enables an authenticated user to view other users encrypted passwords. However d...

CVE-2001-0259

ssh-keygen in ssh 1.2.27 - 1.2.30 with Secure-RPC can allow local attackers to recover a SUN-DES-1 magic phrase generated by another user, which the attacker can use to decrypt that user's private key file...

GNU Privacy Guard 1.0.x - Format String

source: https://www.securityfocus.com/bid/2797/info GnuPG is a popular open source public/private key encryption system. It is possible for attackers to create an encrypted document that will exploit a format string vulnerability in the GnuPG client when the document is decrypted. This...

CVE-1999-0757

The ColdFusion CFCRYPT program for encrypting CFML templates has weak encryption, allowing attackers to decrypt the templates...

CVE-1999-0757

CVE-1999-0757 concerns the ColdFusion CFCRYPT program used for encrypting CFML templates. Multiple sources (NVD, Red Hat and CVE records) describe the issue as weak encryption that allows an attacker to decrypt the encrypted templates. The affected component is CFCRYPT, and the underlying impact ...

CVE-1999-0757

The ColdFusion CFCRYPT program for encrypting CFML templates has weak encryption, allowing attackers to decrypt the templates...

CVE-2000-1158

NAI Sniffer Agent uses base64 encoding for authentication, which allows attackers to sniff the network and easily decrypt usernames and passwords...

Decrypting passwords for SmartServer 3

Product: Smart Server 3 by NetCPlus Version: 3.75 others? OS: Windows NT/2000/9x Description: SmartServer3 SS3 is a small business email server from NetCPlus. It installs by default in C:Program Filessmartserver3 . In this folder it stores a configuration file called 'dialsrv.ini' . This file is...

CVE-2000-0678

PGP 5.5.x through 6.5.3 does not properly check if an Additional Decryption Key ADK is stored in the signed portion of a public certificate, which allows an attacker who can modify a victim's public certificate to decrypt any data that has been encrypted with the modified certificate...

CVE-2000-0678

PGP 5.5.x through 6.5.3 does not properly check if an Additional Decryption Key ADK is stored in the signed portion of a public certificate, which allows an attacker who can modify a victim's public certificate to decrypt any data that has been encrypted with the modified certificate...

CVE-2000-0678

CVE-2000-0678 affects PGP 5.5.x through 6.5.3. The flaw: ADKs are not checked in the signed portion of a public certificate, so an attacker who modifies a victim’s certificate can decrypt data encrypted with that modified certificate. Exploitation requires a modified certificate and a sender usin...

CVE-2000-0789

The CVE-2000-0789 entry targets WinU 5.x and earlier. The vulnerability arises because the product stores its configuration password with weak encryption, enabling local users to decrypt the password and gain privileges. This is based on the NVD/CVE descriptions indicating weak encryption used fo...

Advisory CA-2000-18

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CERT Advisory CA-2000-18 PGP May Encrypt Data With Unauthorized ADKs Original release date: August 24, 2000 Last revised: -- Source: CERT/CC A complete revision history is at the end of this file. Systems Affected PGP versions 5.5.x through 6.5.3,...

Переполнение буфера в gopherd

Переполнения буфера в подпрограмме дешифрации DES и в других местах...

CVE-2000-0625

CVE-2000-0625 refers to NetZero 3.0 and earlier, which stores login credentials using weak encryption. The underlying issue is insecure storage that allows a local user to decrypt the password. No remediation details are provided in the sources; the impact is partial confidentiality and integrity...

CVE-2000-0492

PassWD 1.2 uses weak encryption trivial encoding to store passwords, which allows an attacker who can read the password file to easliy decrypt the passwords...

CVE-2000-0492

CVE-2000-0492 concerns PassWD 1.2, where passwords are stored with weak, trivially decodable encryption. The vulnerability occurs because the password file can be read and the stored passwords decrypted due to the weak encoding. Affected component: PassWD 1.2 password storage. Root cause: use of ...