CVE-2006-0363

The "Remember my Password" feature in MSN Messenger 7.5 stores passwords in an encrypted format under the HKEYCURRENTUSER\Software\Microsoft\IdentityCRL\Creds registry key, which might allow local users to obtain the original passwords via a program that calls CryptUnprotectData, as demonstrated ...

CVE-2004-2642

Yeemp 0.9.9 and earlier does not properly encrypt inbound files, which allows remote attackers to spoof the identity of the sender...

Comersus Backoffice 4.x/5.0/6.0 - '/comersus/database/comersus.mdb' Direct Request Database Disclosure

source: https://www.securityfocus.com/bid/15251/info Comersus BackOfficePlus and BackOfficeLite are prone to multiple input validation and information disclosure vulnerabilities. The applications are prone to SQL injection attacks, information disclosure and multiple cross-site scripting attacks...

CVE-2004-1902

The Citrix MetaFrame Password Manager 2.0, when a central credential store is not configured, does not encrypt passwords entered immediately after executing the First Time User Wizards, which allows local users to gain sensitive information...

CVE-2004-1766

The default installation of NetScreen-Security Manager before Feature Pack 1 does not enable encryption for communication with devices running ScreenOS 5.0, which allows remote attackers to obtain sensitive information via sniffing...

CVE-2005-0322

CVE-2005-0322 affects MERAK Mail Server 7.6.0 with Icewarp Web Mail 5.3.0 and Mail Server 7.6.4r with Icewarp Mail Server 5.3.2. The issue is weak encryption in the configuration and data files (users.cfg, settings.cfg, users.dat, user.dat), which allows local users to extract stored passwords. T...

CVE-2002-1095

Cisco VPN 3000 Concentrator before 2.5.2F, with encryption enabled, allows remote attackers to cause a denial of service reload via a Windows-based PPTP client with the "No Encryption" option set...

NetScreen-Security Manager fails to encrypt communications with managed devices

Overview A vulnerability in the NetScreen-Security Manager software could expose sensitive information in cleartext over the network. Description NetScreen Technologies' NetScreen-Security Manager provides centralized management for control of device configuration, network settings and security...

CVE-2004-1766

The default installation of NetScreen-Security Manager before Feature Pack 1 does not enable encryption for communication with devices running ScreenOS 5.0, which allows remote attackers to obtain sensitive information via sniffing...

CVE-2001-1106

The default configuration of Sambar Server 5 and earlier uses a symmetric key that is compiled into the binary program for encrypting passwords, which could allow local users to break all user passwords by cracking the key or modifying a copy of the sambar program to call the decryption procedure...

Microsoft Security Bulletin MS03-003: Flaw in how Outlook 2002 handles V1 Exchange Server Security Certificates could lead to Information Disclosure (812262)

-----BEGIN PGP SIGNED MESSAGE----- - ---------------------------------------------------------------------- Title: Flaw in how Outlook 2002 handles V1 Exchange Server Security Certificates could lead to Information Disclosure 812262 Date: 22 January 2002 Software: Microsoft Outlook 2002 Impact:...

CVE-2002-1697

Electronic Code Book ECB mode in VTun 2.0 through 2.5 uses a weak encryption algorithm that produces the same ciphertext from the same plaintext blocks, which could allow remote attackers to gain sensitive information...

CVE-2002-0570

The encrypted loop device in Linux kernel 2.4.10 and earlier does not authenticate the entity that is encrypting data, which allows local users to modify encrypted data without knowing the key...

psyBNC 2.3 Beta - encrypted text "spoofable" in others' irc terminal

BACKGROUND: psyBNC http://www.psychoid.lam3rz.de is an IRC bouncer with a variety of fantastic features. one of these features in encryption of irc text, with keys set on a per-channel basis. SUMMARY: someone call them person A in an irc channel where psyBNC users are chatting encrypted can...

CVE-2001-0352

CVE-2001-0352 affects 3Com AirConnect AP-4111 and Symbol 41X1 APs. The vulnerability arises from SNMP queries that read WEP keys from the IEEE 802.11b MIB (dot11WEPDefaultKeyValue in dot11WEPDefaultKeysTable) or the Symbol MIB (ap128bWepKeyValue), where keys should be write-only. This permits rem...

CVE-2001-1106

The default configuration of Sambar Server 5 and earlier uses a symmetric key that is compiled into the binary program for encrypting passwords, which could allow local users to break all user passwords by cracking the key or modifying a copy of the sambar program to call the decryption procedure...

Strip Password Generator 0.3/0.4/0.5 - Limited Password-Space

// source: https://www.securityfocus.com/bid/2567/info Strip is a password generation utility made freely available by Zetetic Enterprises. Strip is a PalmOS based application designed to generate and store important passwords. A problem with Strip makes it possible for a user that has attained a...

CVE-1999-0757

The ColdFusion CFCRYPT program for encrypting CFML templates has weak encryption, allowing attackers to decrypt the templates...

CVE-2001-0133

The web administration interface for Interscan VirusWall 3.6.x and earlier does not use encryption, which could allow remote attackers to obtain the administrator password to sniff the administrator password via the setpasswd.cgi program or other HTTP GET requests that contain base64 encoded...

CVE-2001-0161

Cisco 340-series Aironet access point using firmware 11.01 does not use 6 of the 24 available IV bits for WEP encryption, which makes it easier for remote attackers to mount brute force attacks...