Unintended API key generation

Description The API keys sections are vulnerable to CSRF. The aggressor can generate the key on the admin's account without prior knowledge of admin credentials. The successful CSRF will generate new keys on the admin's account. Proof of Concept history.pushState'', '', '/' document.forms0.submit...

Security Bulletin: Multiple Vulnerabilities in node.js

Summary Security Vulnerabilities in node.js affect IBM Watson Assistant for IBM Cloud Pak for Data. Refer to details for additional information.. Vulnerability Details CVEID:CVE-2022-35255 DESCRIPTION: Node.js could provide weaker than expected security, caused by the failure to check the return...

Exploit for Improper Authentication in Fortinet Fortiproxy

CVE-2022-40684 CVE-2022-40684单独或者批量exp 食用方法 生成公钥 !imageh...

Node.js 安全特征问题漏洞

Node.js is an open source, cross-platform JavaScript runtime environment. A security vulnerability exists in Node.js that stems from weak randomness in the WebCrypto keygen...

nodejs: weak randomness in WebCrypto keygen

A vulnerability was found in NodeJS due to weak randomness in the WebCrypto keygen within the SecretKeyGenTraits::DoKeyGen in src/crypto/cryptokeygen.cc. Node.js made calls to EntropySource in SecretKeyGenTraits::DoKeyGen. However, it does not check the return value and assumes the EntropySource...

CVE-2022-34746

An insufficient entropy vulnerability caused by the improper use of randomness sources with low entropy for RSA key pair generation was found in Zyxel GS1900 series firmware versions prior to V2.70. This vulnerability could allow an unauthenticated attacker to retrieve a private key by factoring...

CVE-2022-34746

An insufficient entropy vulnerability caused by the improper use of randomness sources with low entropy for RSA key pair generation was found in Zyxel GS1900 series firmware versions prior to V2.70. This vulnerability could allow an unauthenticated attacker to retrieve a private key by factoring...

Zyxel GS1900 安全特征问题特征问题漏洞

The Zyxel GS1900 is a managed switch from Taiwan, China-based Hopkins Zyxel. A security signature issue vulnerability exists in the Zyxel GS1900 series prior to version V2.70, which stems from incorrectly generating RSA keys using a low entropy random source. An attacker exploits this vulnerabili...

PT-2022-22313 · Zyxel · Zyxel Gs1900

Name of the Vulnerable Software and Affected Versions: Zyxel GS1900 series firmware versions prior to V2.70 Description: An insufficient entropy issue, caused by the improper use of randomness sources with low entropy for RSA key pair generation, affects the web administration interface. This cou...

CVE-2022-40306

The login form /Login in ECi Printanista Hub formerly FMAudit Printscout before 5.5.2 July 2023 performs expensive RSA key-generation operations, which allows attackers to cause a denial of service DoS by requesting that form repeatedly...

CVE-2022-40306

The login form /Login in ECi Printanista Hub formerly FMAudit Printscout before 5.5.2 July 2023 performs expensive RSA key-generation operations, which allows attackers to cause a denial of service DoS by requesting that form repeatedly...

CVE-2022-40306

The login form /Login in ECi Printanista Hub formerly FMAudit Printscout before 5.5.2 July 2023 performs expensive RSA key-generation operations, which allows attackers to cause a denial of service DoS by requesting that form repeatedly...

Design/Logic Flaw

The login form /Login in ECi Printanista Hub formerly FMAudit Printscout through 2022-06-27 performs expensive RSA key-generation operations, which allows attackers to cause a denial of service DoS by requesting that form repeatedly...

CVE-2022-40306

The login form /Login in ECi Printanista Hub formerly FMAudit Printscout before 5.5.2 July 2023 performs expensive RSA key-generation operations, which allows attackers to cause a denial of service DoS by requesting that form repeatedly...

PT-2022-25339 · Eci · Eci Printanista Hub

Name of the Vulnerable Software and Affected Versions: ECi Printanista Hub formerly FMAudit Printscout versions prior to 5.5.2 Description: The login form "/Login" performs expensive RSA key-generation operations, which allows attackers to cause a denial of service DoS by requesting that form...

ECi Software Solutions Printanista Hub 安全漏洞

ECi Software Solutions Printanista Hub is a hosted print service software from ECi Software Solutions. A security vulnerability exists in ECi Software Solutions Printanista Hub versions prior to 2022-06-27 that stems from the login form/Login performing an expensive RSA key generation operation,...

The vulnerability of RSA key-generation functions in microprogramming-based network interface controllers of Cisco Adaptive Security Appliances (ASA) and Cisco Firepower Threat Defense (FTD) allows attackers to calculate secret RSA keys.

The vulnerability of RSA key exchange functions in microprogramming-based network interface controllers of Cisco Adaptive Security Appliances ASA and Cisco Firepower Threat Defense FTD is related to the use of strictly encrypted credentials. Exploiting this vulnerability allows a malicious actor ...

pki-core 安全漏洞

pki-core is a library that provides an API for PKI operations. A security vulnerability exists in pki-core that stems from the use of the caServerKeygenDirUserCert profile, which allows a user to obtain the certificates of other UIDs by entering a name in the subject field...

Design/Logic Flaw

A vulnerability in Cisco Unified IP Phones could allow an unauthenticated, remote attacker to impersonate another user's phone if the Cisco Unified Communications Manager CUCM is in secure mode. This vulnerability is due to improper key generation during the manufacturing process that could resul...

CVE-2021-30339

Reading PRNG output may lead to improper key generation due to lack of buffer validation in Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking...