15 matches found
EUVD-2021-26824
Malware in sbrugna...
CVE-2024-31033
JJWT aka Java JWT through 0.12.5 ignores certain characters and thus a user might falsely conclude that they have a strong key. The impacted code is the setSigningKey method within the DefaultJwtParser class and the signWith method within the DefaultJwtBuilder class. NOTE: the vendor disputes thi...
GHSA-R65J-6H5F-4F92 Withdrawn: JJWT improperly generates signing keys
Withdrawn Advisory This advisory has been withdrawn because it has been found to be disputed. Please see the issue here for more information. Original Description JJWT aka Java JWT through 0.12.5 ignores certain characters and thus a user might falsely conclude that they have a strong key. The...
Metasploit Weekly Wrap-Up
ADCS - ESC Vulnerable certificate template finder Our very own Grant Willcox has developed a new module which allows users to query a LDAP server for vulnerable Active Directory Certificate Services AD CS certificate templates. The module will print the detected certificate details, and the attac...
SSL/TLS Version Detection
Check if a server supports a given version of SSL/TLS and cipher suites. The certificate is stored in loot, and any known vulnerabilities against that SSL version and cipher suite combination are checked. These checks include POODLE, deprecated protocols, expired/not valid certs, low key strength...
CVE-2021-3505
A flaw was found in libtpms in versions before 0.8.0. The TPM 2 implementation returns 2048 bit keys with 1984 bit strength due to a bug in the TCG specification. The bug is in the key creation algorithm in RsaAdjustPrimeCandidate, which is called before the prime number check. The highest threat...
golang: crypto/elliptic: incorrect operations on the P-224 curve
A flaw detected in golang: crypto/elliptic, in which P-224 keys as generated can return incorrect inputs, reducing the strength of the cryptography. The highest threat from this vulnerability is confidentiality and integrity...
Moderate: Red Hat Bug Fix Advisory: OpenShift Container Platform 3.10 bug fix update
Red Hat OpenShift Container Platform release 3.10.127 is now available with updates to packages and images that fix several bugs. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This...
bouncycastle: flaw in the low-level interface to RSA key pair generator
A vulnerability was found in BouncyCastle. The number of iterations of the Miller-Rabin primality test was incorrectly calculated according to FIPS 186-4 C.3. Under some circumstances, this could lead to the generation of weak RSA key pairs...
OpenJDK: insufficient strength of key agreement (JCE, 8185292)
It was discovered that the key agreement implementations in the JCE component of OpenJDK did not guarantee sufficient strength of used keys to adequately protect generated shared secret. This could make it easier to break data encryption by attacking key agreement rather than the encryption using...
Vulnerability in TPM could allow Security Feature Bypass
Executive Summary This advisory addresses CVE-2017-15361, also referred to as "Return of Coppersmith's Attack" ROCA. A security vulnerability exists in certain Trusted Platform Module TPM chipsets. The vulnerability weakens key strength. It is important to note that this is a firmware...
OpenJDK: insufficient DSA key parameters checks (Security, 8138593)
It was discovered that the Security component in OpenJDK failed to check the digest algorithm strength when generating DSA signatures. The use of a digest weaker than the key strength could lead to the generation of signatures that were weaker than expected...
OpenJDK: insufficient DSA key parameters checks (Security, 8138593)
It was discovered that the Security component in OpenJDK failed to check the digest algorithm strength when generating DSA signatures. The use of a digest weaker than the key strength could lead to the generation of signatures that were weaker than expected...
OpenJDK: insufficient DSA key parameters checks (Security, 8138593)
It was discovered that the Security component in OpenJDK failed to check the digest algorithm strength when generating DSA signatures. The use of a digest weaker than the key strength could lead to the generation of signatures that were weaker than expected...
OpenJDK: insufficient DSA key parameters checks (Security, 8138593)
It was discovered that the Security component in OpenJDK failed to check the digest algorithm strength when generating DSA signatures. The use of a digest weaker than the key strength could lead to the generation of signatures that were weaker than expected...