271 matches found
“Legacy”vulnerability: analysis of the new SSL/TLS vulnerability FREAK-vulnerability warning-the black bar safety net
Recently security researchers discovered a new SSL/TLS vulnerability. Expected within ten years, millions of Apple, Android users to access the HTTPS site will likely suffer from the middleman and then the stolen account and password, even if these sites use the encrypted transmission, also to no...
CVE-2014-0897
The Configuration Patterns component in IBM Flex System Manager FSM 1.2.0.x, 1.2.1.x, 1.3.0.x, and 1.3.1.x uses a weak algorithm in an encryption step during Chassis Management Module CMM account creation, which makes it easier for remote authenticated users to defeat cryptographic protection...
FlashFXP 1.4 User Password Encryption Weakness
No description provided by source. source: http://www.securityfocus.com/bid/7499/info FlashFXP uses a trivially reversible algorithm to encrypt FTP user credentials. Local attackers with access to the sites.data may exploit this weakness to gain unauthorized access to FTP user credentials for...
Web Protector 2.0 Trivial Encryption Weakness
No description provided by source. source: http://www.securityfocus.com/bid/7409/info Web protector has been reported prone to a trivial encryption weakness. It has been reported that the method used to obfuscate and protect the HTML source of web pages implementing Web Protector is flawed and ma...
MS14-030: Vulnerability in Remote Desktop Could Allow Tampering (2969259)
The remote Windows host is affected by a tampering vulnerability due to an encryption weakness in the Remote Desktop Protocol RDP. An attacker could exploit this vulnerability to modify the traffic content of an active RDP session. C Tenable Network Security, Inc. include"compat.inc"; if...
Schneider Electric Wonderware Vulnerabilities
OVERVIEW Timur Yunusov, Ilya Karpov, Sergey Gordeychik, Alexey Osipov, and Dmitry Serebryannikov of the Positive Technologies Research Team have identified four vulnerabilities in the Schneider Electric Wonderware Information Server WIS. Schneider Electric has produced an update that mitigates...
Yahoo Mail turns on HTTPS encryption by default to protect users
After the release of NSA Secret spying over Internet communications, I am expecting from all tech companies to make surveillance significantly harder. Yahoo has HTTPS encryption support since late 2012, but users had to opt in to use the feature. Documents revealed by the Edward Snowden shows tha...
Bitcoins - Secured by NSA designed Encryption or Backdoored ?
It's been nearly three months since Edward Snowden started telling the world about the National Security Agency's mass surveillance of global communications. After the last week report that the National Security Agency has leveraged its cooperative relationships with specific industry partners to...
apache-cxf: XML encryption backwards compatibility attacks
Apache CXF 2.5.x before 2.5.10, 2.6.x before CXF 2.6.7, and 2.7.x before CXF 2.7.4 does not verify that a specified cryptographic algorithm is allowed by the WS-SecurityPolicy AlgorithmSuite definition before decrypting, which allows remote attackers to force CXF to use weaker cryptographic...
Google AD Sync Tool - Exposure of Sensitive Information
Google AD Sync Tool - Exposure of Sensitive Information Sense of Security - Security Advisory - SOS-13-001 Release Date. 03-Apr-2013 Last Update. - Vendor Notification Date. 03-Sep-2012 Product. Google Active Directory Sync GADS Tool Platform. Windows, Linux, Solaris Affected versions. All versio...
Adobe Acrobat 9 PDF Document Encryption Weakness Vulnerability - Windows
Adobe Acrobat is prone to an encryption weakness vulnerability. SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Adobe Acrobat 9 PDF Document Encryption Weakness Vulnerability (Windows)
This host has Adobe Acrobat installed and is prone to encryption weakness vulnerability. OpenVAS Vulnerability Test $Id: gbadobeacrobatpdfvulnwin.nasl 5370 2017-02-20 15:24:26Z cfi $ Adobe Acrobat 9 PDF Document Encryption Weakness Vulnerability Windows Authors: Chandan S Copyright: Copyright c...
Crack MSSQL HASH password-vulnerability warning-the black bar safety net
Original name :Microsoft SQL Server Passwords Cracking the password hashes Original address :http://www.ngssoftware.com/papers/cracking-sql-passwords.pdf Author :David Litchfield [email protected] Term : FreeXploiT Author : ALLyeSNO Date : 2005-3-25 Translation:ALLyeSNO [email protected]...
IM Lock 2006 - Insecure Registry Permission Vulnerability
IM Lock 2006 - Insecure Registry Permission Vulnerability --------------------------------------------------------- Application: IM Lock 2006 Vendor: www.comvigo.com Corporation: Comvigo, Inc. Version: Latest: 2 March 2006 - Home Edition, Enterprise & Professional Description: IM Lock 2006...
CVE-2006-0898
Crypt::CBC Perl module 2.16 and earlier, when running in RandomIV mode, uses an initialization vector IV of 8 bytes, which results in weaker encryption when used with a cipher that requires a larger block size than 8 bytes, such as Rijndael...
netsupport.txt
To the moderator, this is my first bugtraq posting, feel free to make any changes you feel nessessary to make this more helpful. Thank you very much Vendor : NetSupport URL : http://www.netsupport-inc.com/ Version : Invision NetSupport School Pro Risk : Password protection weakness Description:...
MSIE->WsBASEjpu
WsBASEjpu tested Browser Ver MS Internet Explorer: 6.0.2600.0000.xpclntqfe.021108-2107; Encryption: 128-bit; Patch:; Q810847; So, it's far from fully patched. OS Ver: "Windows XP Cn ver" demo http://www.safecenter.net/liudieyu/WsBASEjpu/WsBASEjpu-MyPage.HTM or http://umbrella.mx.tc --- WsBASEjpu...
Pure Secure weak encryption
Passwords for log access are stored in cleartext...
FlashFXP 1.4 - User Password Encryption
// source: https://www.securityfocus.com/bid/7499/info FlashFXP uses a trivially reversible algorithm to encrypt FTP user credentials. Local attackers with access to the sites.data may exploit this weakness to gain unauthorized access to FTP user credentials for remote sites. / Flashfxp sites.dat...
Web Protector 2.0 - Trivial Encryption
source: https://www.securityfocus.com/bid/7409/info Web protector has been reported prone to a trivial encryption weakness. It has been reported that the method used to obfuscate and protect the HTML source of web pages implementing Web Protector is flawed and may be easily reversed. This weaknes...