Lucene search
+L

99 matches found

RedHat Linux
RedHat Linux
added 2017/10/18 4:12 p.m.8 views

wpa_supplicant: Reinstallation of the group key in the 4-way handshake

A new exploitation technique called key reinstallation attacks KRACK affecting WPA2 has been discovered. A remote attacker within Wi-Fi range could exploit this attack to decrypt Wi-Fi traffic or possibly inject forged Wi-Fi packets by reinstalling a previously used group key GTK during a 4-way...

5.3CVSS6.7AI score0.0207EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2017/10/18 4:12 p.m.9 views

wpa_supplicant: reinstallation of the group key (GTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame

A new exploitation technique called key reinstallation attacks KRACK affecting WPA2 has been discovered. A remote attacker within Wi-Fi range could exploit this attack to decrypt Wi-Fi traffic or possibly inject forged Wi-Fi packets by reinstalling a previously used group key GTK during a Wireles...

5.3CVSS7.3AI score0.01742EPSS
Exploits0References7
OSV
OSV
added 2017/10/17 1:29 p.m.3 views

DEBIAN-CVE-2017-13081

Wi-Fi Protected Access WPA and WPA2 that supports IEEE 802.11w allows reinstallation of the Integrity Group Temporal Key IGTK during the group key handshake, allowing an attacker within radio range to spoof frames from access points to clients...

5.3CVSS9.4AI score0.02003EPSS
Exploits0References1
CNVD
CNVD
added 2017/10/17 12:0 a.m.3 views

WPA2 wireless network IGTK group key reloading vulnerability (CNVD-2017-30402)

WPA Wi-Fi Protected Access is a system for securing wireless computer networks Wi-Fi. An IGTK group key reload vulnerability exists in WPA2 wireless networks. The vulnerability is due to the fact that Wi-Fi Protected Access II WPA2 handshake traffic can be manipulated to cause random number and...

5.3CVSS7.2AI score0.02003EPSS
Exploits0References1
CNVD
CNVD
added 2017/10/17 12:0 a.m.3 views

WPA2 Wireless Network GTK Group Key Reinstallation Vulnerability

WPA Wi-Fi Protected Access is a system for securing wireless computer networks Wi-Fi. WPA2 wireless networks suffer from a GTK group key reload vulnerability in the fourth handshake. The vulnerability is due to the fact that Wi-Fi Protected Access II WPA2 handshake traffic can be manipulated to...

5.3CVSS7.2AI score0.0207EPSS
Exploits0References1
CNVD
CNVD
added 2017/10/17 12:0 a.m.5 views

WPA2 Wireless Network STK Key Reinstallation Vulnerability

WPA Wi-Fi Protected Access is a system for securing wireless computer networks Wi-Fi. WPA2 wireless networks suffer from a group key reload vulnerability in the PeerKey handshake. The vulnerability is due to the fact that Wi-Fi Protected Access II WPA2 handshake traffic can be manipulated to caus...

6.8CVSS7.5AI score0.02205EPSS
Exploits0References1
CNVD
CNVD
added 2017/10/17 12:0 a.m.5 views

WPA2 Wireless Network PTK-TK Encryption Key Reinstallation Vulnerability

WPA Wi-Fi Protected Access is a system for securing wireless computer networks Wi-Fi. A PTK-TK encryption key reloading vulnerability exists in WPA2 wireless networks when receiving and processing retransmitted fast BSS transition re-association requests. The vulnerability is due to the fact that...

8.1CVSS8.3AI score0.04575EPSS
Exploits1References1
CNVD
CNVD
added 2017/10/17 12:0 a.m.3 views

WPA2 Wireless Network Hibernation Mode Group Key Reinstallation Vulnerability

WPA Wi-Fi Protected Access is a system for securing wireless computer networks Wi-Fi. A group key reload vulnerability exists in the WPA2 wireless network hibernation mode. The vulnerability is due to the fact that Wi-Fi Protected Access II WPA2 handshake traffic can be manipulated to cause rando...

5.3CVSS7.2AI score0.01742EPSS
Exploits0References1
CERT
CERT
added 2017/10/16 12:0 a.m.819 views

Wi-Fi Protected Access (WPA) handshake traffic can be manipulated to induce nonce and session key reuse

Overview Wi-Fi Protected Access WPA, more commonly WPA2 handshake traffic can be manipulated to induce nonce and session key reuse, resulting in key reinstallation by a wireless access point AP or client. An attacker within range of an affected AP and client may leverage these vulnerabilities to...

8.1CVSS8AI score0.04575EPSS
Exploits1References3
OSV
OSV
added 2017/04/27 4:47 p.m.11 views

USN-3270-1 nss vulnerabilities

Karthik Bhargavan and Gaetan Leurent discovered that the DES and Triple DES ciphers were vulnerable to birthday attacks. A remote attacker could possibly use this flaw to obtain clear text data from long encrypted sessions. This update causes NSS to limit use of the same symmetric key...

9.8CVSS7AI score0.95707EPSS
Exploits7References3
OSV
OSV
added 2016/09/21 2:59 a.m.6 views

CVE-2016-0904

Avamar Data Store ADS and Avamar Virtual Edition AVE in EMC Avamar Server before 7.3.0-233 use the same encryption key across different customers' installations, which allows remote attackers to defeat cryptographic protection mechanisms and obtain sensitive client-server traffic information by...

8.6CVSS5.8AI score0.01431EPSS
Exploits0References3
myhack58
myhack58
added 2016/02/01 12:0 a.m.19 views

OpenSSL high-risk vulnerabilities allow hackers to decrypt HTTPS traffic(CVE-2 0 1 6-0 7 0 1-a vulnerability warning-the black bar safety net

! The OpenSSL encryption code library defenders are declared fixes a high risk vulnerability. The vulnerability could allow a hacker to access in HTTPS and other secure transport layer, for the encrypted communication to decrypt the key. OpenSSL vulnerability details When various conditions are...

7.3AI score
Exploits0
ATTACKERKB
ATTACKERKB
added 2016/01/30 12:59 p.m.6 views

CVE-2015-7923

Westermo WeOS before 4.19.0 uses the same SSL private key across different customers' installations, which makes it easier for man-in-the-middle attackers to defeat cryptographic protection mechanisms by leveraging knowledge of a key...

9.3CVSS5.5AI score0.01206EPSS
Exploits0References2
CNVD
CNVD
added 2015/02/28 12:0 a.m.37 views

Komodia SDK for Komodia Redirector with SSL Digestor Information Disclosure Vulnerability

Komodia SDK for Komodia Redirector with SSL Digestor is a suite of redirection platform tools for executing data using SSL encryption and dynamic SSL decryption from Komodia, Israel. An information disclosure vulnerability exists in Komodia SDK for Komodia Redirector with SSL Digestor, which aris...

5CVSS6.4AI score0.02775EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2015/02/24 11:59 p.m.7 views

CVE-2015-2077

The SDK for Komodia Redirector with SSL Digestor, as used in Lavasoft Ad-Aware Web Companion 1.1.885.1766 and Ad-Aware AdBlocker alpha 1.3.69.1, Qustodio for Windows, Atom Security, Inc. StaffCop 5.8, and other products, uses the same X.509 certificate private key for a root CA certificate across...

5CVSS5.5AI score0.02775EPSS
Exploits1References17
Cvelist
Cvelist
added 2015/02/03 4:0 p.m.21 views

CVE-2014-8779

Pexip Infinity before 8 uses the same SSH host keys across different customers' installations, which allows man-in-the-middle attackers to spoof Management and Conferencing Nodes by leveraging these keys...

6.4AI score0.01406EPSS
Exploits1References4
OSV
OSV
added 2014/12/08 11:59 a.m.6 views

DEBIAN-CVE-2014-3616

nginx 0.5.6 through 1.7.4, when using the same shared sslsessioncache or sslsessionticketkey for multiple servers, can reuse a cached SSL session for an unrelated context, which allows remote attackers with certain privileges to conduct "virtual host confusion" attacks...

4.3CVSS7AI score0.05654EPSS
Exploits0References1
securityvulns
securityvulns
added 2014/12/01 12:0 a.m.53 views

HP Helion Cloud Development Platform restriction bypass

Same key is used in different installations...

10CVSS1.6AI score0.10349EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2006/05/31 10:0 p.m.46 views

CVE-2006-2711

CVE-2006-2711 affects Secure Elements Class 5 AVR (C5 EVM) version 2.8.1 and earlier (and possibly later 2.8.x), where the same initialization vector (IV) and key are reused for each message session. This is the underlying root cause stated in the CVE description, enabling remote attackers over a...

5CVSS6.3AI score0.01929EPSS
Exploits0References6Affected Software1
Rows per page
Query Builder