84 matches found
BIT-LIBPYTHON-2022-48566
An issue was discovered in comparedigest in Lib/hmac.py in Python through 3.9.1. Constant-time-defeating optimisations were possible in the accumulator variable in hmac.comparedigest...
Linux Distros Unpatched Vulnerability : CVE-2024-42255
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: tpm: Use auth only after NULL check in tpmbufcheckhmacresponse Dereference auth after NULL...
Inadequate Encryption Strength
Overview Affected versions of this package are vulnerable to Inadequate Encryption Strength due to the HMAC and RSA key lengths used in the JSON Web Signature JWS implementation not meeting recommended security standards. Remediation Upgrade pyjwt to version 2.11.0 or higher. References - GitHub...
CVE-2023-22334
Use of password hash instead of password for authentication vulnerability in CONPROSYS HMI System CHS Ver.3.4.5 and earlier allows a remote authenticated attacker to obtain user credentials information via a man-in-the-middle attack...
kernel: ipv6: sr: fix out-of-bounds read when setting HMAC data.
An out-of-bounds read flaw was found when setting HMAC data in net/ipv6/seg6.c in the Linux kernel. This issue may lead to a crash...
UBUNTU-CVE-2024-42255
In the Linux kernel, the following vulnerability has been resolved: tpm: Use auth only after NULL check in tpmbufcheckhmacresponse Dereference auth after NULL check in tpmbufcheckhmacresponse. Otherwise, unless tpm2sessionsinit was called, a call can cause NULL dereference, when TCGTPM2HMAC is...
PT-2024-6943 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to the tpm buf check hmac response function in the Linux kernel's Trusted Platform Module TPM driver. It involves a null pointer dereference when TCG TPM2 HMAC is...
booth: specially crafted hash can lead to invalid HMAC being accepted by Booth server
A flaw was found in Booth, a cluster ticket manager. If a specially-crafted hash is passed to gcrymdgetalgodlen, it may allow an invalid HMAC to be accepted by the Booth server...
DEBIAN-CVE-2024-37568
lepture Authlib before 1.3.1 has algorithm confusion with asymmetric public keys. Unless an algorithm is specified in a jwt.decode call, HMAC verification is allowed with any asymmetric public key. This is similar to CVE-2022-29217 and CVE-2024-33663...
booth: specially crafted hash can lead to invalid HMAC being accepted by Booth server
A flaw was found in Booth, a cluster ticket manager. If a specially-crafted hash is passed to gcrymdgetalgodlen, it may allow an invalid HMAC to be accepted by the Booth server...
booth Data forgery vulnerability
booth is an open source ticket manager from ClusterLabs. Booth suffers from a Data Forgery Issue vulnerability that stems from the fact that a specially crafted hash, if passed to gcrymdgetalgodlen, could allow the Booth server to accept an invalid HMAC...
PT-2024-40101 · Typo3 · Typo3
Name of the Vulnerable Software and Affected Versions: TYPO3 affected versions not specified Description: The issue concerns insecure deserialization in Extbase request handling. It requires a user-submitted payload to be signed with a corresponding HMAC-SHA1 using the sensitive TYPO3 encryptionK...
SUSE CVE-2022-48687
In the Linux kernel, the following vulnerability has been resolved: ipv6: sr: fix out-of-bounds read when setting HMAC data. The SRv6 layer allows defining HMAC data that can later be used to sign IPv6 Segment Routing Headers. This configuration is realised via netlink through four attributes:...
PT-2024-2315 · Siemens · Cerberus Pro En Fire Panel Fc72X Ip7 +21
Name of the Vulnerable Software and Affected Versions: Cerberus PRO EN Engineering Tool versions prior to MP4 Cerberus PRO EN Fire Panel FC72x IP6 versions prior to IP8 SR4 Cerberus PRO EN Fire Panel FC72x IP7 versions prior to IP8 SR4 Cerberus PRO EN Fire Panel FC72x IP8 versions prior to IP8 SR...
CodeIgniter Shield Security Vulnerabilities
CodeIgniter Shield is the authentication and authorization module for CodeIgniter 4 from CodeIgniter, Inc. A security vulnerability exists in CodeIgniter Shield versions prior to 1.0.0-beta.8 that stems from the use of plaintext to store sensitive information in HMAC SHA256 authentication...
The vulnerability of the implementation of the HMAC (Hash-based Message Authentication Code) algorithm in Windows operating systems allows attackers to circumvent security restrictions and enhance their privileges.
The vulnerability of the HMAC Hash-based Message Authentication Code algorithm implementation in Windows operating systems is related to deficiencies in access control during key generation. Exploiting this vulnerability can allow attackers to circumvent security restrictions and enhance their...
The vulnerability of the hmac.compare_digest function in the Lib/hmac.py library of the Python interpreter allows a attacker to enhance their privileges.
The vulnerability of the hmac.comparedigest function in the Lib/hmac.py library of the Python interpreter is related to synchronization errors when using a shared resource “Race Condition”. Exploiting this vulnerability can allow an attacker to increase their privileges remotely...
Out-of-bounds read when setting hmac data
...
AMI MegaRAC 加密问题漏洞
AMI MegaRAC is a family of service processor products from AMI. Complete out-of-band or unlit remote management of computer systems independent of operating system state or location is available to troubleshoot computers and ensure service continuity. A security vulnerability exists in AMI MegaRA...
HashiCorp Vault 加密问题漏洞
HashiCorp Vault is a private key access management tool from HashiCorp USA. A security vulnerability exists in HashiCorp Vault Enterprise that stems from the Vault not properly applying HMAC to messages sent from the HSM when using a CBC-based encryption mechanism...