Password managers keep your passwords safe, unless…

I’m a big advocate of password managers. Granted, there are better alternatives for passwords like passkeys, but if a provider offers nothing but password options, which many do, you can’t do much about that. So, for the time being we seem to be stuck with passwords. Every reputable password...

EUVD-2021-1944

Malware in sbrugna...

EUVD-2012-4641

Malware in sbrugna...

EUVD-2022-4389

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2022-2031

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in Samba. The security vulnerability occurs when KDC and the kpasswd service share a single account and set of keys, allowing them to decrypt...

CVE-2024-47126

The goTenna Pro App does not use SecureRandom when generating passwords for sharing cryptographic keys. The random function in use makes it easier for attackers to brute force this password if the broadcasted encryption key is captured over RF. This only applies to the optional broadcast of an...

Linux Distros Unpatched Vulnerability : CVE-2021-40823

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A logic error in the room key sharing functionality of matrix-js-sdk aka Matrix Javascript SDK before 12.4.1 allows a malicious Matrix homeserver present in an...

Matrix JavaScript SDK's key history sharing could share keys to malicious devices

Impact In matrix-js-sdk versions 9.11.0 through 34.7.0, the method MatrixClient.sendSharedHistoryKeys is vulnerable to interception by malicious homeservers. The method implements functionality proposed in MSC3061 and can be used by clients to share historical message keys with newly invited user...

GHSA-4JF8-G8WP-CX7C Matrix JavaScript SDK's key history sharing could share keys to malicious devices

Impact In matrix-js-sdk versions 9.11.0 through 34.7.0, the method MatrixClient.sendSharedHistoryKeys is vulnerable to interception by malicious homeservers. The method implements functionality proposed in MSC3061 and can be used by clients to share historical message keys with newly invited user...

CVE-2024-47121

The goTenna Pro App uses a weak password for sharing encryption keys via the key broadcast method. If the broadcasted encryption key is captured over RF, and password is cracked via brute force attack, it is possible to decrypt it and use it to decrypt all future and past messages sent via...

CVE-2024-45374

The goTenna Pro ATAK plugin uses a weak password for sharing encryption keys via the key broadcast method. If the broadcasted encryption key is captured over RF, and password is cracked via brute force attack, it is possible to decrypt it and use it to decrypt all future and past messages sent vi...

PT-2024-31587 · Gotenna · Gotenna Pro Atak Plugin

Name of the Vulnerable Software and Affected Versions: goTenna Pro ATAK plugin affected versions not specified Description: The issue concerns the use of weak passwords for sharing encryption keys via the key broadcast method in the goTenna Pro ATAK plugin. If the broadcasted encryption key is...

PT-2024-32421 · Gotenna · Gotenna Pro App +2

Name of the Vulnerable Software and Affected Versions: goTenna Pro App affected versions not specified goTenna Pro X affected versions not specified goTenna Pro X2 affected versions not specified Description: The goTenna Pro App does not use SecureRandom when generating passwords for sharing...

PT-2024-31741 · Gotenna · Gotenna Pro Atak Plugin

Name of the Vulnerable Software and Affected Versions: goTenna Pro ATAK Plugin affected versions not specified Description: The issue is related to the generation of passwords for sharing cryptographic keys, where the goTenna Pro ATAK Plugin does not utilize SecureRandom. Instead, it uses a rando...

PT-2024-7453 · Unknown · Matrix-React-Sdk

Name of the Vulnerable Software and Affected Versions: matrix-react-sdk versions 3.18.0 through 3.101.9 Description: The issue is related to insufficient protection of service data, allowing a malicious homeserver to potentially steal message keys for a room when a user invites another user to th...

Matrix 日志信息泄露漏洞

Matrix is an ambitious new ecosystem for open federated instant messaging and VoIP. A log message disclosure vulnerability exists in Matrix versions prior to 0.7.1 that stems from key sharing between user devices and providing redundant copies in the event that all devices are lost...

Aruba Networks EdgeConnect SD-WAN Orchestrator 信任管理问题漏洞

Aruba Networks EdgeConnect is an edge connectivity management platform from Aruba Networks, USA. A security vulnerability exists in the Aruba Networks EdgeConnect SD-WAN Orchestrator that stems from the sharing of static SSH host keys across all instances...

CVE-2022-41568

LINE client for iOS before 12.17.0 might be crashed by sharing an invalid shared key of e2ee in group chat...

Logic error in Matrix SDK for Android

A logic error in the room key sharing functionality of Element Android before 1.2.2 and matrix-android-sdk2 aka Matrix SDK for Android before 1.2.2 leads to a situation where identity verification is inadequate and thus a key-requesting device can be impersonated...

GHSA-JJMC-4P83-PP26 Logic error in Matrix SDK for Android

A logic error in the room key sharing functionality of Element Android before 1.2.2 and matrix-android-sdk2 aka Matrix SDK for Android before 1.2.2 leads to a situation where identity verification is inadequate and thus a key-requesting device can be impersonated...