1545 matches found
Format string
The default BKS keystore use an HMAC that is only 16 bits long, which can allow an attacker to compromise the integrity of a BKS keystore. Bouncy Castle release 1.47 changes the BKS format to a format which uses a 160 bit HMAC instead. This applies to any BKS keystore generated prior to BC 1.47...
CVE-2018-5382
The default BKS keystore use an HMAC that is only 16 bits long, which can allow an attacker to compromise the integrity of a BKS keystore. Bouncy Castle release 1.47 changes the BKS format to a format which uses a 160 bit HMAC instead. This applies to any BKS keystore generated prior to BC 1.47...
UBUNTU-CVE-2018-5382
The default BKS keystore use an HMAC that is only 16 bits long, which can allow an attacker to compromise the integrity of a BKS keystore. Bouncy Castle release 1.47 changes the BKS format to a format which uses a 160 bit HMAC instead. This applies to any BKS keystore generated prior to BC 1.47...
CVE-2018-5382 Bouncy Castle BKS-V1 keystore files vulnerable to trivial hash collisions
The default BKS keystore use an HMAC that is only 16 bits long, which can allow an attacker to compromise the integrity of a BKS keystore. Bouncy Castle release 1.47 changes the BKS format to a format which uses a 160 bit HMAC instead. This applies to any BKS keystore generated prior to BC 1.47...
CVE-2018-5382
CVE-2018-5382 involves Bouncy Castle where the default BKS keystore uses an HMAC only 16 bits long, enabling brute-force attempts to compromise keystore integrity. Technical details from connected docs show that BC 1.47 updated the BKS format to use a 160-bit HMAC, addressing the issue for keysto...
CVE-2018-5382
The default BKS keystore use an HMAC that is only 16 bits long, which can allow an attacker to compromise the integrity of a BKS keystore. Bouncy Castle release 1.47 changes the BKS format to a format which uses a 160 bit HMAC instead. This applies to any BKS keystore generated prior to BC 1.47...
PT-2018-16936 · Legion Of The Bouncy Castle · Bouncy Castle
Name of the Vulnerable Software and Affected Versions: Bouncy Castle versions prior to 1.47 Description: The default BKS keystore uses an HMAC that is only 16 bits long, which can allow an attacker to compromise the integrity of a BKS keystore. This issue applies to any BKS keystore generated pri...
Jenkins Coverity Plugin Information Disclosure Vulnerability
Jenkins is an open source software project , is based on Java development of a continuous integration tool . A security vulnerability exists in the CIMInstance.java file in Jenkins Coverity Plugin 1.10.0 and earlier versions, which stems from the program storing passwords in plaintext. An attacke...
LeakVM - Research & Pentesting Framework For Android, Run Security Tests Instantly
LeakVM: Run security tests instantly. Why LeakVM : LeakVM fast security test on Android, by skipping the time-consuming build pen-testing laboratories, you can test on real devices or virtual devices. LeakVM makes researchers and pen-testers more productive since they can run the test on real tim...
Hash Collision
Bouncy Castle is vulnerable to hash collision attacks. The library keystore files uses a HMAC hash that is only 16 bits long, allowing a malicious user to retrieve the password used for keystore integrity verification checks. This vulnerability only affects users of the BKS-V1 keystore format,...
Bouncy Castle BKS-V1 keystore files vulnerable to trivial hash collisions
Overview Bouncy Castle BKS version 1 keystore files use an HMAC that is only 16 bits long, which can allow an attacker to compromise the integrity of a BKS-V1 keystore. Description Bouncy Castle is a cryptographic library for C and Java applications, including Android applications. BKS is a...
MyCrypto: HTML Injection on https://www.mycrypto.com/
A vulnerability was reported by t-pwn that allowed arbitrary HTML injection via the notifier functionality. After a keystore file was uploaded, the filename would be shown without first sanitizing it. MyCrypto has since fixed our notification to no longer display the unsanitized filename...
CVE-2018-1000104
A plaintext storage of a password vulnerability exists in Jenkins Coverity Plugin 1.10.0 and earlier in CIMInstance.java that allows an attacker with local file system access or control of a Jenkins administrator's web browser e.g. malicious extension to retrieve the configured keystore and priva...
CVE-2018-1000104
A plaintext storage of a password vulnerability exists in Jenkins Coverity Plugin 1.10.0 and earlier in CIMInstance.java that allows an attacker with local file system access or control of a Jenkins administrator's web browser e.g. malicious extension to retrieve the configured keystore and priva...
CVE-2018-1000104
A plaintext storage of a password vulnerability exists in Jenkins Coverity Plugin 1.10.0 and earlier in CIMInstance.java that allows an attacker with local file system access or control of a Jenkins administrator's web browser e.g. malicious extension to retrieve the configured keystore and priva...
CVE-2018-2372
A plain keystore password is written to a system log file in SAP HANA Extended Application Services, 1.0, which could endanger confidentiality of SSL communication...
Design/Logic Flaw
A plain keystore password is written to a system log file in SAP HANA Extended Application Services, 1.0, which could endanger confidentiality of SSL communication...
CVE-2018-2372
A plain keystore password is written to a system log file in SAP HANA Extended Application Services, 1.0, which could endanger confidentiality of SSL communication...
CVE-2018-2372
A plain keystore password is written to a system log file in SAP HANA Extended Application Services, 1.0, which could endanger confidentiality of SSL communication...
PT-2018-15505 · Sap · Sap Hana Extended Application Services
Name of the Vulnerable Software and Affected Versions: SAP HANA Extended Application Services version 1.0 Description: A plain keystore password is written to a system log file, which could endanger the confidentiality of SSL communication. Recommendations: For SAP HANA Extended Application...