Lucene search
K

129 matches found

ThreatPost
ThreatPost
added 2015/03/10 2:24 p.m.54 views

March 2015 Microsoft Patch Tuesday Security Bulletins

Windows IT shops figure to be in for some scrambling today. Not only was it revealed that a five-year-old patch for a vulnerability exploited by Stuxnet was incomplete and machines have been exposed since 2010, but today is also Patch Tuesday and the updated Stuxnet patch is one of 14 bulletins...

9.3CVSS9.7AI score0.99945EPSS
Exploits51References12
Opera Security Advisories
Opera Security Advisories
added 2015/03/10 12:0 a.m.8 views

Dealing with FREAK and SuperFish

Security Dealing with FREAK and SuperFish Share March 10th, 2015 The FREAK TLS attack Following the trend of memorable names for TLS attacks, FREAK was recently announced. This exploits a bug in some TLS libraries, combined with the support of ancient weak ciphers, to enable a MitM to force...

8.8CVSS7.3AI score0.01654EPSS
Exploits4References1
myhack58
myhack58
added 2015/03/06 12:0 a.m.15 views

CVE-2 0 1 5-0 2 0 4 OpenSSL FREAK Attack vulnerability detection methods and repair recommendations-vulnerability warning-the black bar safety net

0×0 1 Introduction Near the Lantern Festival on the occasion, OpenSSL and because of the FREAK attack(also known as the Factoring Attack on RSA-EXPORT Keys vulnerability or CVE-2 0 1 5-0 2 0 4. the vulnerability fights uproar. Apple and Google are in on Tuesday indicated that they are fixing the...

0.2AI score
Exploits0
FreeBSD
FreeBSD
added 2015/03/06 12:0 a.m.17 views

mono -- TLS bugs

The Mono project reports: Mono’s implementation of the SSL/TLS stack failed to check the order of the handshake messages. Which would allow various attacks on the protocol to succeed. Details of this vulnerability are discussed in SKIP-TLS post. Mono’s implementation of SSL/TLS also contained...

1.9AI score
Exploits0References1
CERT
CERT
added 2015/03/06 12:0 a.m.274 views

SSL/TLS implementations accept export-grade RSA keys (FREAK attack)

Overview Some implementations of SSL/TLS accept export-grade 512-bit or smaller RSA keys even when not specifically requesting export grade ciphers. An attacker able to act as a Man-in-The-Middle MiTM could factor weak temporary RSA keys, obtain session keys, and decrypt SSL/TLS trafflc. This iss...

4.3CVSS6.3AI score0.98685EPSS
Exploits0References5
ThreatPost
ThreatPost
added 2015/03/05 4:19 p.m.74 views

Microsoft Schannel Vulnerable to FREAK

Microsoft today issued an advisory warning Windows users that Secure Channel, or Schannel, the Windows implementation of SSL/TLS, is vulnerable to the FREAK attack. Disclosed this week, FREAK CVE-2015-1637 is the latest big Internet bug. It affects a number of SSL clients, including OpenSSL, and...

4.3CVSS1.3AI score0.13151EPSS
Exploits0References4
CheckPoint Security
CheckPoint Security
added 2015/03/04 12:0 a.m.29 views

Check Point Response to CVE-2015-0204 - TLS FREAK Attack

Symptoms - On Tuesday, March 3, 2015, researchers disclosed a new SSL/TLS vulnerability - the FREAK attack. The vulnerability allows attackers to intercept HTTPS connections between vulnerable clients and vulnerable servers and force them to use the "export-grade" cryptography, which can then be...

4.3CVSS7.4AI score0.99999EPSS
Exploits7
Fortinet
Fortinet
added 2015/03/04 12:0 a.m.64 views

TLS FREAK Attack

...

4.3CVSS6.5AI score0.98685EPSS
Exploits0
OSV
OSV
added 2015/01/08 12:0 a.m.5 views

UBUNTU-CVE-2015-0204

The ssl3getkeyexchange function in s3clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct RSA-to-EXPORTRSA downgrade attacks and facilitate brute-force decryption by offering a weak ephemeral RSA key in a noncompliant role, related to...

4.3CVSS7AI score0.98685EPSS
Exploits0References3
Rows per page
Query Builder