CVE-2017-9326

The keystore password for the Spark History Server may be exposed in unsecured files under the /var/run/cloudera-scm-agent directory managed by Cloudera Manager. The keystore file itself is not exposed...

CVE-2017-9326

The CVE-2017-9326 issue concerns the Spark History Server keystore password potentially being exposed in unsecured files under /var/run/cloudera-scm-agent (Cloudera Manager managed). The keystore itself is not exposed. Connected sources consistently describe the exposure of the keystore password ...

Brocade Network Advisor 14.4.1 - Unauthenticated Remote Code Execution Exploit

Exploit for java platform in category web applications / Exploit Title: Brocade Network Advisor - Unauthenticated Remote Code Execution Date: 2017-03-29 Exploit Author: Jakub Palaczynski Vendor Homepage: https://www.broadcom.com/ CVE: CVE-2018-6443 Version: Tested on Brocade Network Advisor 14.X....

Qualcomm Critical Flaw Exposes Private Keys For Android Devices

Researchers have uncovered a side-channel attack that enables a bad actor to extract sensitive data from Qualcomm’s secure keystore. The critical flaw impacts most modern Android devices that use Qualcomm chips. The issue stems from an issue in Qualcomm technology, dubbed the Qualcomm Secure...

Oracle MAF store bypass, a how-to

On a recent assignment I was asked to look at the security of a cloud-based solution for expenses, the Oracle® ExpensesCloud with Fusion applications. It was being used for employees to create/save/edit/submit claims to the employer. TL;DR Having default hardcoded credentials allows an attacker...

Bruteforce Attack

java is vulnerable to brute force attacks. The vulnerability exists as IBM Java Runtime Environment JRE 7 R1 before SR1 FP1 7.1.1.1, 7 before SR7 FP1 7.0.7.1, 6 R1 before SR8 FP1 6.1.8.1, 6 before SR16 FP1 6.0.16.1, and before 5.0 SR16 FP7 5.0.16.7 allows attackers to obtain the private key from ...

SUSE SLES15 Security Update : java-1_8_0-openjdk (SUSE-SU-2018:1938-1)

This update for java-180-openjdk to version 8u171 fixes the following issues: These security issues were fixed : - S8180881: Better packaging of deserialization - S8182362: Update CipherOutputStream Usage - S8183032: Upgrade to LittleCMS 2.9 - S8189123: More consistent classloading - S8189969,...

SUSE SLES15 Security Update : java-1_8_0-openjdk (SUSE-SU-2018:1938-2)

This update for java-180-openjdk to version 8u171 fixes the following issues: These security issues were fixed : - S8180881: Better packaging of deserialization - S8182362: Update CipherOutputStream Usage - S8183032: Upgrade to LittleCMS 2.9 - S8189123: More consistent classloading - S8189969,...

Google Beefs Up Android Key Security for Mobile Apps

Google is making a few tweaks to its tools for Android mobile developers to boost the security of their wares – an apropos announcement against the backdrop of recent security issues stemming from poor development practices. Cryptographical changes this week for Android Keystore give developers...

SAP NetWeaver AS Java Information Disclosure Vulnerability

SAP NetWeaver is a service-oriented integrated application platform from SAP, which provides a development and runtime environment for SAP applications. SAP NetWeaver AS Application Server Java is an application server that runs on NetWeaver and is based on the Java programming language. keystore...

CVE-2018-2503

By default, the SAP NetWeaver AS Java keystore service does not sufficiently restrict the access to resources that should be protected. This has been fixed in SAP NetWeaver AS Java ServerCore versions 7.11, 7.20, 7.30, 7.31, 7.40, 7.50...

CVE-2018-2503

The CVE-2018-2503 entry concerns SAP NetWeaver AS Java keystore service, where access to protected resources was not sufficiently restricted, enabling information disclosure. Public documents confirm this vulnerability exists in the SAP NetWeaver AS Java keystore service and that the issue has be...

CVE-2018-2503

By default, the SAP NetWeaver AS Java keystore service does not sufficiently restrict the access to resources that should be protected. This has been fixed in SAP NetWeaver AS Java ServerCore versions 7.11, 7.20, 7.30, 7.31, 7.40, 7.50...

Design/Logic Flaw

By default, the SAP NetWeaver AS Java keystore service does not sufficiently restrict the access to resources that should be protected. This has been fixed in SAP NetWeaver AS Java ServerCore versions 7.11, 7.20, 7.30, 7.31, 7.40, 7.50...

CVE-2018-2503

By default, the SAP NetWeaver AS Java keystore service does not sufficiently restrict the access to resources that should be protected. This has been fixed in SAP NetWeaver AS Java ServerCore versions 7.11, 7.20, 7.30, 7.31, 7.40, 7.50...

Security Bulletin: Weaker than expected security in WebSphere Application Server shipped with Jazz for Service Management (CVE-2018-1719)

Summary There is a potential for weaker than expected security in WebSphere Application Server which could result in TLS downgrade under certain conditions. This only applies if FIPS is enabled and the keystores/truststores are configured by the JVM property com.ibm.ssl.protocol. Vulnerability...

SUSE SLES12 Security Update : java-1_8_0-openjdk (SUSE-SU-2018:1690-2)

This update for java-180-openjdk to version 8u171 fixes the following issues : These security issues were fixed : S8180881: Better packaging of deserialization S8182362: Update CipherOutputStream Usage S8183032: Upgrade to LittleCMS 2.9 S8189123: More consistent classloading S8189969,...

SUSE-SU-2018:1690-2 Security update for java-1_8_0-openjdk

This update for java-180-openjdk to version 8u171 fixes the following issues: These security issues were fixed: - S8180881: Better packaging of deserialization - S8182362: Update CipherOutputStream Usage - S8183032: Upgrade to LittleCMS 2.9 - S8189123: More consistent classloading - S8189969,...

Security Bulletin: IBM Security Guardium is affected by a Bouncy Castle vulnerability

Summary IBM Security Guardium has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2018-5382 DESCRIPTION: Bouncy Castle could allow a local attacker to obtain sensitive information, caused by an error in the BKS version 1 keystore files. By utilizing an HMAC that is only 16...

Vboxdie-Cracker - VirtualBox Disk Image Encryption Password Cracker

Virtual Box Disk Image Encryption password cracker Requirements 1. PHP = 5.5.0 2. OpenSSL = 1.0.1 XTS support Algorithm description User password is stored using a combination of PBKDF2 and AES-XTS as following shown values are fixed at the moment, but they can be controlled inside the file forma...