TronLink Wallet Trust Management Issues Vulnerability

TronLink Wallet is a cryptocurrency wallet application. A trust management issue vulnerability exists in TronLink Wallet version 2.2.0, which can be exploited to read and use a user's keystore to gain unauthorized access with /data/data/com.tronlink.wallet/sharedprefs/.xml...

CVE-2019-13096

TronLink Wallet 2.2.0 stores user wallet keystore in plaintext and places them in insecure storage. An attacker can read and reuse the user keystore of a valid user via /data/data/com.tronlink.wallet/sharedprefs/.xml to gain unauthorized access...

CVE-2019-13096

TronLink Wallet 2.2.0 stores user wallet keystore in plaintext and places them in insecure storage. An attacker can read and reuse the user keystore of a valid user via /data/data/com.tronlink.wallet/sharedprefs/.xml to gain unauthorized access...

Design/Logic Flaw

TronLink Wallet 2.2.0 stores user wallet keystore in plaintext and places them in insecure storage. An attacker can read and reuse the user keystore of a valid user via /data/data/com.tronlink.wallet/sharedprefs/.xml to gain unauthorized access...

CVE-2019-13096

TronLink Wallet 2.2.0 stores user wallet keystore in plaintext and places them in insecure storage. An attacker can read and reuse the user keystore of a valid user via /data/data/com.tronlink.wallet/sharedprefs/.xml to gain unauthorized access...

CVE-2019-13096

CVE-2019-13096 affects TronLink Wallet 2.2.0. The vulnerability arises from storing the user keystore in plaintext in insecure storage, allowing an attacker to read and reuse a valid user’s keystore via /data/data/com.tronlink.wallet/shared_prefs/.xml and gain unauthorized access. Publicly availa...

Unable to secure remote agents via automatic keystore management

h3. Issue Summary It is not possible to secure the remote agents to connect to the Bamboo Server using SSL through the automatic keystore management feature. h3. Steps to Reproduce Configure Bamboo to use SSL in Broker URL and Broker Client URL Securing your remote...

Unable to secure remote agents via automatic keystore management

h3. Issue Summary It is not possible to secure the remote agents to connect to the Bamboo Server using SSL through the automatic keystore management feature. h3. Steps to Reproduce Configure Bamboo to use SSL in Broker URL and Broker Client URL Securing your remote...

CVE-2017-9326

The keystore password for the Spark History Server may be exposed in unsecured files under the /var/run/cloudera-scm-agent directory managed by Cloudera Manager. The keystore file itself is not exposed...

CVE-2017-9326

The keystore password for the Spark History Server may be exposed in unsecured files under the /var/run/cloudera-scm-agent directory managed by Cloudera Manager. The keystore file itself is not exposed...

Design/Logic Flaw

The keystore password for the Spark History Server may be exposed in unsecured files under the /var/run/cloudera-scm-agent directory managed by Cloudera Manager. The keystore file itself is not exposed...

CVE-2017-9326

The CVE-2017-9326 issue concerns the Spark History Server keystore password potentially being exposed in unsecured files under /var/run/cloudera-scm-agent (Cloudera Manager managed). The keystore itself is not exposed. Connected sources consistently describe the exposure of the keystore password ...

CVE-2017-9326

The keystore password for the Spark History Server may be exposed in unsecured files under the /var/run/cloudera-scm-agent directory managed by Cloudera Manager. The keystore file itself is not exposed...

Brocade Network Advisor 14.4.1 - Unauthenticated Remote Code Execution Exploit

Exploit for java platform in category web applications / Exploit Title: Brocade Network Advisor - Unauthenticated Remote Code Execution Date: 2017-03-29 Exploit Author: Jakub Palaczynski Vendor Homepage: https://www.broadcom.com/ CVE: CVE-2018-6443 Version: Tested on Brocade Network Advisor 14.X....

Qualcomm Critical Flaw Exposes Private Keys For Android Devices

Researchers have uncovered a side-channel attack that enables a bad actor to extract sensitive data from Qualcomm’s secure keystore. The critical flaw impacts most modern Android devices that use Qualcomm chips. The issue stems from an issue in Qualcomm technology, dubbed the Qualcomm Secure...

Oracle MAF store bypass, a how-to

On a recent assignment I was asked to look at the security of a cloud-based solution for expenses, the Oracle® ExpensesCloud with Fusion applications. It was being used for employees to create/save/edit/submit claims to the employer. TL;DR Having default hardcoded credentials allows an attacker...

Bruteforce Attack

java is vulnerable to brute force attacks. The vulnerability exists as IBM Java Runtime Environment JRE 7 R1 before SR1 FP1 7.1.1.1, 7 before SR7 FP1 7.0.7.1, 6 R1 before SR8 FP1 6.1.8.1, 6 before SR16 FP1 6.0.16.1, and before 5.0 SR16 FP7 5.0.16.7 allows attackers to obtain the private key from ...

SUSE SLES15 Security Update : java-1_8_0-openjdk (SUSE-SU-2018:1938-2)

This update for java-180-openjdk to version 8u171 fixes the following issues: These security issues were fixed : - S8180881: Better packaging of deserialization - S8182362: Update CipherOutputStream Usage - S8183032: Upgrade to LittleCMS 2.9 - S8189123: More consistent classloading - S8189969,...

SUSE SLES15 Security Update : java-1_8_0-openjdk (SUSE-SU-2018:1938-1)

This update for java-180-openjdk to version 8u171 fixes the following issues: These security issues were fixed : - S8180881: Better packaging of deserialization - S8182362: Update CipherOutputStream Usage - S8183032: Upgrade to LittleCMS 2.9 - S8189123: More consistent classloading - S8189969,...

Google Beefs Up Android Key Security for Mobile Apps

Google is making a few tweaks to its tools for Android mobile developers to boost the security of their wares – an apropos announcement against the backdrop of recent security issues stemming from poor development practices. Cryptographical changes this week for Android Keystore give developers...