CVE-2014-2362 OleumTech WIO Use of Cryptographically Weak Pseudo-Random Number Generator

OleumTech WIO DH2 Wireless Gateway and Sensor Wireless I/O Modules rely exclusively on a time value for entropy in key generation, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by predicting the time of project creation...

CRYPTOCard CRYPTOAdmin 4.1 Weak Encryption Vulnerability (1)

No description provided by source. source: http://www.securityfocus.com/bid/1097/info CRYPTOCard CRYPTOAdmin is a network authentication application for use with the Palm OS platform. CRYPTOAdmin generates a .pdb file which contains the username, PIN number, serial number, and key in encrypted or...

openSUSE Security Update : python-crypto (openSUSE-SU-2012:0830-1)

fixes bnc764127 CVE-2012-2417 insecure ElGamal key generation %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update openSUSE-2012-367. The text description of this plugin is C SUSE LLC...

DEBIAN-CVE-2013-7295

Tor before 0.2.4.20, when OpenSSL 1.x is used in conjunction with a certain HardwareAccel setting on Intel Sandy Bridge and Ivy Bridge platforms, does not properly generate random numbers for 1 relay identity keys and 2 hidden-service identity keys, which might make it easier for remote attackers...

CVE-2013-3710

SUSE Lifecycle Management Server SLMS before 1.3.7 does not generate a new secret key when the service starts, which allows remote attackers to defeat intended cryptographic protection mechanisms by leveraging knowledge of this key from a product installation elsewhere...

Information disclosure

SUSE Lifecycle Management Server SLMS before 1.3.7 does not generate a new secret key when the service starts, which allows remote attackers to defeat intended cryptographic protection mechanisms by leveraging knowledge of this key from a product installation elsewhere...

CVE-2013-3710

SUSE Lifecycle Management Server SLMS before 1.3.7 does not generate a new secret key when the service starts, which allows remote attackers to defeat intended cryptographic protection mechanisms by leveraging knowledge of this key from a product installation elsewhere...

Insecure CHIASMUS encryption in GSTOOL

== Insecure CHIASMUS encryption in GSTOOL == GSTOOL versions 3.0 to 4.7 inclusive contain an insecure encryption feature using the non-public CHIASMUS block cipher. Due to the use of an insecure PRNG for key generation, files encrypted using the encryption feature of this tool can be decrypted...

Fedora Update for perl-Crypt-DSA FEDORA-2013-15786

Check for the Version of perl-Crypt-DSA OpenVAS Vulnerability Test Fedora Update for perl-Crypt-DSA FEDORA-2013-15786 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify ...

[SECURITY] Fedora 18 Update: perl-Crypt-DSA-1.17-10.fc18

Crypt::DSA is an implementation of the DSA Digital Signature Algorithm signature verification system. This package provides DSA signing, signature verification, and key generation...

Cryptocat Key Generation Vulnerability Put Chats at Risk

Cryptocat, an open source encrypted Web-based chat application, is taking heat from numerous places after a vulnerability was discovered that put chats at risk for relatively simple decryption, experts say. Worse, says researcher Steve Thomas who found the flaw, is that it likely was present in t...

Some Highway Traffic Systems Open to Man-in-the-Middle Attack

Highway traffic systems deployed across the United States could be open exploit via what a group of researchers has deemed an “insufficient entropy vulnerability” in the systems’ software. According to an advisory .PDF issued late last week by the U.S. Industrial Control System Computer Emergency...

Design/Logic Flaw

Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid MRG 2.0, uses predictable random numbers to generate session keys, which makes it easier for remote attackers to guess the session key...

Debian Security Advisory DSA 2502-1 (python-crypto)

The remote host is missing an update to python-crypto announced via advisory DSA 2502-1. OpenVAS Vulnerability Test $Id: deb25021.nasl 6612 2017-07-07 12:08:03Z cfischer $ Description: Auto-generated from advisory DSA 2502-1 python-crypto Authors: Thomas Reinke Copyright: Copyright c 2012 E-Soft...

Debian: Security Advisory (DSA-2502-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Tropos Wireless Mesh Routers

Overview This advisory is a follow-up to the original advisory titled ICSA-12-297-01P—Tropos Wireless Mesh Routers Insufficient Entropy Vulnerability that was published October 23, 2012, on the ICS-CERT secure Portal library. This advisory provides mitigation details for a vulnerability that...

Debian DSA-2502-1 : python-crypto - programming error

It was discovered that that the ElGamal code in PythonCrypto, a collection of cryptographic algorithms and protocols for Python used insecure insufficient prime numbers in key generation, which lead to a weakened signature or public key space, allowing easier brute-force attacks on such keys...

FreeBSD : pycrypto -- vulnerable ElGamal key generation (f45c0049-be72-11e1-a284-0023ae8e59f0)

Dwayne C. Litzenberger of PyCrypto reports : In the ElGamal schemes for both encryption and signatures, g is supposed to be the generator of the entire Z^p group. However, in PyCrypto 2.5 and earlier, g is more simply the generator of a random sub-group of Z^p. The result is that the signature...

GLSA-201206-23 : PyCrypto: Weak key generation

The remote host is affected by the vulnerability described in GLSA-201206-23 PyCrypto: Weak key generation An error in the generate function in ElGamal.py causes PyCrypto to generate weak ElGamal keys. Impact : A remote attacker might be able to derive private keys. Workaround : There is no known...

[SECURITY] [DSA 2502-1] python-crypto security update

------------------------------------------------------------------------- Debian Security Advisory DSA-2502-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff June 24, 2012 http://www.debian.org/security/faq -...