The vulnerability in the implementation of the SHA-1 cryptographic algorithm in Google Chrome’s browser allows attackers to perform spoofing attacks.

The vulnerability of the SHA-1 cryptographic algorithm implementation in Google Chrome browsers is related to the use of a weak encryption mechanism. Exploiting this vulnerability allows a remote attacker to perform rainbow attacks...

crypto-es PBKDF2 1,000 times weaker than specified in 1993 and 1.3M times weaker than current standard

Impact Summary Crypto-js PBKDF2 is 1,000 times weaker than originally specified in 1993, and at least 1,300,000 times weaker than current industry standardOWASP PBKDF2 Cheatsheet. This is because it both 1 defaults to SHA1SHA1 wiki, a cryptographic hash algorithm considered insecure since at leas...

CVE-2023-46133 crypto-es PBKDF2 1,000 times weaker than specified in 1993 and 1.3M times weaker than current standard

CryptoES is a cryptography algorithms library compatible with ES6 and TypeScript. Prior to version 2.1.0, CryptoES PBKDF2 is 1,000 times weaker than originally specified in 1993, and at least 1,300,000 times weaker than current industry standard. This is because it both defaults to SHA1, a...

Duplicate Advisory: EVE Doesn't Measure Config Partition From 2 Fronts

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-phcg-h58r-gmcq. This link is maintained to preserve external references. Original Description PCR14 is not in the list of PCRs that seal/unseal the “vault” key, but due to the change that was implemented in comm...

Duplicate Advisory: EVE Seals Vault Key With SHA1 PCRs

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-wc42-fcjp-v8vq. This link is maintained to preserve external references. Original Description Vault Key Sealed With SHA1 PCRs The measured boot solution implemented in EVE OS leans on a PCR locking mechanism...

PT-2023-28891

Name of the Vulnerable Software and Affected Versions EVE OS affected versions not specified Description The measured boot solution in EVE OS uses a PCR locking mechanism to protect the "vault" directory, which is the most sensitive point in the system. However, the key used to encrypt/decrypt th...

EVE OS Encryption Problem Vulnerability

EVE OS is a general-purpose, open Linux-based operating system for distributed edge computing open-sourced by IF Edge. EVE OS suffers from a security vulnerability that stems from the use of an insecure SHA1 PCR algorithm to seal vault keys, resulting in a reduced complexity of unsealing the keys...

Cleartext Signed Message Signature Spoofing in openpgp

Impact OpenPGP Cleartext Signed Messages are cryptographically signed messages where the signed text is readable without special tools: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 This text is signed. -----BEGIN PGP SIGNATURE----- wnUEARMIACcFgmTkrNAJkInXCgj0fgcIFiEE1JlKzzDGQxZmmHkYidcKCPR+...

CVE-2023-41037 Cleartext Signed Message Signature Spoofing in openpgpjs

OpenPGP.js is a JavaScript implementation of the OpenPGP protocol. In affected versions OpenPGP Cleartext Signed Messages are cryptographically signed messages where the signed text is readable without special tools. These messages typically contain a "Hash: ..." header declaring the hash algorit...

CVE-2023-34433

PiiGAB M-Bus stores passwords using a weak hash algorithm...

CVE-2023-34433 PiiGAB M-Bus Use of Password Hash With Insufficient Computational Effort

PiiGAB M-Bus stores passwords using a weak hash algorithm...

CVE-2023-34433

PiiGAB M-Bus stores passwords using a weak hash algorithm (CVE-2023-34433). Affected product area: M-Bus SoftwarePack 900S. Root cause: password storage using an insufficient computational hash. Impact is substantial (confidentiality, integrity, and availability concerns) per documented CVSS vect...

PT-2023-24875 · Unknown · Piigab M-Bus

Name of the Vulnerable Software and Affected Versions: PiiGAB M-Bus affected versions not specified Description: The issue concerns the use of a weak hash algorithm for storing passwords. Recommendations: At the moment, there is no information about a newer version that contains a fix for this...

The vulnerability of Backup Exec’s software for backup and data restoration lies in its lack of authentication procedures. This allows attackers to elevate their privileges and execute arbitrary commands.

The vulnerability of Backup Exec’s backup and recovery software is related to deficiencies in authentication procedures when using the SHA cryptographic algorithm. Exploiting this vulnerability allows a malicious actor to enhance their privileges and execute arbitrary commands...

Security Bulletin: Vulnerability in MD5 Signature and Hash Algorithm affects IBM Integrated Management Module II (IMM2) for BladeCenter, System x and FLEX Systems (CVE-2015-7575)

Summary The MD5 "SLOTH" vulnerability on TLS 1.2 affects IBM Integrated Management Module II IMM2 for BladeCenter, System x, and FLEX Systems. Vulnerability Details Summary The MD5 "SLOTH" vulnerability on TLS 1.2 affects IBM Integrated Management Module II IMM2 for BladeCenter, System x, and FLE...

VulnCheck KEV: CVE-2021-27877

Veritas Backup Exec BE Agent contains an improper authentication vulnerability that could allow an attacker unauthorized access to the BE Agent via SHA authentication scheme...

openssl: NULL dereference during PKCS7 data verification

A NULL pointer vulnerability was found in OpenSSL, which can be dereferenced when signatures are being verified on PKCS7 signed or signedAndEnveloped data. In case the hash algorithm used for the signature is known to the OpenSSL library but the implementation of the hash algorithm is not...

The vulnerability of the password reset mechanism of the Automation Education System Apex-VUZ allows a hacker to obtain the user’s password.

The vulnerability of the user password reset mechanism in the Apex-VUZ automation system is related to the use of the SHA-1 encryption algorithm, which lacks sufficient robustness. Exploiting this vulnerability could allow an attacker operating remotely to obtain the user’s password...

SUSE CVE-2006-7239

The gnutlsx509oid2macalgorithm function in lib/gnutlsalgorithms.c in GnuTLS before 1.4.2 allows remote attackers to cause a denial of service crash via a crafted X.509 certificate that uses a hash algorithm that is not supported by GnuTLS, which triggers a NULL pointer dereference...

SUSE CVE-2021-45696

An issue was discovered in the sha2 crate 0.9.7 before 0.9.8 for Rust. Hashes of long messages may be incorrect when the AVX2-accelerated backend is used...