99 matches found
wpa_supplicant: Reinstallation of the group key in the 4-way handshake
A new exploitation technique called key reinstallation attacks KRACK affecting WPA2 has been discovered. A remote attacker within Wi-Fi range could exploit this attack to decrypt Wi-Fi traffic or possibly inject forged Wi-Fi packets by reinstalling a previously used group key GTK during a 4-way...
wpa_supplicant: reinstallation of the group key (GTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame
A new exploitation technique called key reinstallation attacks KRACK affecting WPA2 has been discovered. A remote attacker within Wi-Fi range could exploit this attack to decrypt Wi-Fi traffic or possibly inject forged Wi-Fi packets by reinstalling a previously used group key GTK during a Wireles...
DEBIAN-CVE-2017-13081
Wi-Fi Protected Access WPA and WPA2 that supports IEEE 802.11w allows reinstallation of the Integrity Group Temporal Key IGTK during the group key handshake, allowing an attacker within radio range to spoof frames from access points to clients...
WPA2 wireless network IGTK group key reloading vulnerability (CNVD-2017-30402)
WPA Wi-Fi Protected Access is a system for securing wireless computer networks Wi-Fi. An IGTK group key reload vulnerability exists in WPA2 wireless networks. The vulnerability is due to the fact that Wi-Fi Protected Access II WPA2 handshake traffic can be manipulated to cause random number and...
WPA2 Wireless Network GTK Group Key Reinstallation Vulnerability
WPA Wi-Fi Protected Access is a system for securing wireless computer networks Wi-Fi. WPA2 wireless networks suffer from a GTK group key reload vulnerability in the fourth handshake. The vulnerability is due to the fact that Wi-Fi Protected Access II WPA2 handshake traffic can be manipulated to...
WPA2 Wireless Network STK Key Reinstallation Vulnerability
WPA Wi-Fi Protected Access is a system for securing wireless computer networks Wi-Fi. WPA2 wireless networks suffer from a group key reload vulnerability in the PeerKey handshake. The vulnerability is due to the fact that Wi-Fi Protected Access II WPA2 handshake traffic can be manipulated to caus...
WPA2 Wireless Network PTK-TK Encryption Key Reinstallation Vulnerability
WPA Wi-Fi Protected Access is a system for securing wireless computer networks Wi-Fi. A PTK-TK encryption key reloading vulnerability exists in WPA2 wireless networks when receiving and processing retransmitted fast BSS transition re-association requests. The vulnerability is due to the fact that...
WPA2 Wireless Network Hibernation Mode Group Key Reinstallation Vulnerability
WPA Wi-Fi Protected Access is a system for securing wireless computer networks Wi-Fi. A group key reload vulnerability exists in the WPA2 wireless network hibernation mode. The vulnerability is due to the fact that Wi-Fi Protected Access II WPA2 handshake traffic can be manipulated to cause rando...
Wi-Fi Protected Access (WPA) handshake traffic can be manipulated to induce nonce and session key reuse
Overview Wi-Fi Protected Access WPA, more commonly WPA2 handshake traffic can be manipulated to induce nonce and session key reuse, resulting in key reinstallation by a wireless access point AP or client. An attacker within range of an affected AP and client may leverage these vulnerabilities to...
USN-3270-1 nss vulnerabilities
Karthik Bhargavan and Gaetan Leurent discovered that the DES and Triple DES ciphers were vulnerable to birthday attacks. A remote attacker could possibly use this flaw to obtain clear text data from long encrypted sessions. This update causes NSS to limit use of the same symmetric key...
CVE-2016-0904
Avamar Data Store ADS and Avamar Virtual Edition AVE in EMC Avamar Server before 7.3.0-233 use the same encryption key across different customers' installations, which allows remote attackers to defeat cryptographic protection mechanisms and obtain sensitive client-server traffic information by...
OpenSSL high-risk vulnerabilities allow hackers to decrypt HTTPS traffic(CVE-2 0 1 6-0 7 0 1-a vulnerability warning-the black bar safety net
! The OpenSSL encryption code library defenders are declared fixes a high risk vulnerability. The vulnerability could allow a hacker to access in HTTPS and other secure transport layer, for the encrypted communication to decrypt the key. OpenSSL vulnerability details When various conditions are...
CVE-2015-7923
Westermo WeOS before 4.19.0 uses the same SSL private key across different customers' installations, which makes it easier for man-in-the-middle attackers to defeat cryptographic protection mechanisms by leveraging knowledge of a key...
Komodia SDK for Komodia Redirector with SSL Digestor Information Disclosure Vulnerability
Komodia SDK for Komodia Redirector with SSL Digestor is a suite of redirection platform tools for executing data using SSL encryption and dynamic SSL decryption from Komodia, Israel. An information disclosure vulnerability exists in Komodia SDK for Komodia Redirector with SSL Digestor, which aris...
CVE-2015-2077
The SDK for Komodia Redirector with SSL Digestor, as used in Lavasoft Ad-Aware Web Companion 1.1.885.1766 and Ad-Aware AdBlocker alpha 1.3.69.1, Qustodio for Windows, Atom Security, Inc. StaffCop 5.8, and other products, uses the same X.509 certificate private key for a root CA certificate across...
CVE-2014-8779
Pexip Infinity before 8 uses the same SSH host keys across different customers' installations, which allows man-in-the-middle attackers to spoof Management and Conferencing Nodes by leveraging these keys...
DEBIAN-CVE-2014-3616
nginx 0.5.6 through 1.7.4, when using the same shared sslsessioncache or sslsessionticketkey for multiple servers, can reuse a cached SSL session for an unrelated context, which allows remote attackers with certain privileges to conduct "virtual host confusion" attacks...
HP Helion Cloud Development Platform restriction bypass
Same key is used in different installations...
CVE-2006-2711
CVE-2006-2711 affects Secure Elements Class 5 AVR (C5 EVM) version 2.8.1 and earlier (and possibly later 2.8.x), where the same initialization vector (IV) and key are reused for each message session. This is the underlying root cause stated in the CVE description, enabling remote attackers over a...