4352 matches found
CVE-2006-3415
Tor before 0.1.1.20 uses improper logic to validate the "OR" destination, which allows remote attackers to perform a man-in-the-middle MITM attack via unspecified vectors...
CVE-2006-3415
Summary: CVE-2006-3415 affects Tor before 0.1.1.20 due to an improper validation of the \
CVE-2006-3415
Tor before 0.1.1.20 uses improper logic to validate the "OR" destination, which allows remote attackers to perform a man-in-the-middle MITM attack via unspecified vectors...
Authentication flaw
The RedCarpet command-line client rug does not verify SSL certificates from a server, which allows remote attackers to read network traffic and execute commands via a man-in-the-middle MITM attack...
CVE-2006-2703
The RedCarpet command-line client rug does not verify SSL certificates from a server, which allows remote attackers to read network traffic and execute commands via a man-in-the-middle MITM attack...
CVE-2006-2703
The RedCarpet command-line client rug does not verify SSL certificates from a server, which allows remote attackers to read network traffic and execute commands via a man-in-the-middle MITM attack...
CVE-2005-4046
Unspecified vulnerability in Reverse SSL Proxy Plug-in for Sun Java System Application Server Standard Edition 7 2004Q2, Application Server Enterprise Edition 8.1 2005Q1, and Sun ONE Application Server 7 Standard Edition, as used in multiple web servers, allows remote attackers to conduct...
CVE-2005-3402
The SMTP client in Mozilla Thunderbird 1.0.5 BETA, 1.0.7, and possibly other versions, does not notify users when it cannot establish a secure channel with the server, which allows remote attackers to obtain authentication information without detection via a man-in-the-middle MITM attack that...
CVE-2005-3402
The SMTP client in Mozilla Thunderbird 1.0.5 BETA, 1.0.7, and possibly other versions, does not notify users when it cannot establish a secure channel with the server, which allows remote attackers to obtain authentication information without detection via a man-in-the-middle MITM attack that...
CVE-2005-3402
CVE-2005-3402 affects Mozilla Thunderbird SMTP client (notably 1.0.5 BETA and 1.0.7). The issue is that Thunderbird does not notify users when it cannot establish a secure channel with the SMTP server, enabling a MITM to obtain authentication information by bypassing TLS or downgrading CRAM-MD5 t...
[Full-disclosure] Mozilla Thunderbird SMTP down-negotiation weakness
MOZILLA THUNDERBIRD SMTP DOWN-NEGOTIATION WEAKNESS Thomas Henlich [email protected] SUMMARY Mozilla Thunderbird SMTP down-negotiation behaviour allows a man- in-the-middle MITM attack to bypass TLS initialization and/or downgrade CRAM-MD5 to PLAIN authentication, leading to exposure of...
JVN#23632449: OpenSSL version rollback vulnerability
Impact When performing communication through a path controlled by an attacker using OpenSSL, the attacker conducting a man-in-the-middle MITM attack can force a client and a server to negotiate the SSL 2.0 protocol even if these parties both support SSL 3.0 or TLS 1.0 to intercept or alter data...
CVE-2005-2779
The iTAN Online-Banking Security System allows remote attackers to obtain TAN numbers via a man-in-the-middle MITM attack while the transaction is taking place, which facilitates a "phishing" attack...
CVE-2005-2779
The iTAN Online-Banking Security System allows remote attackers to obtain TAN numbers via a man-in-the-middle MITM attack while the transaction is taking place, which facilitates a "phishing" attack...
CVE-2005-2779
The CVE-2005-2779 entry concerns the iTAN Online-Banking Security System. According to the provided documents, remote attackers can obtain TAN numbers through a man-in-the-middle (MITM) during a transaction, facilitating a phishing-style attack. The NVD description confirms the vulnerability exis...
CVE-2005-1982
Unknown vulnerability in the PKINIT Protocol for Microsoft Windows 2000, Windows XP, and Windows Server 2003 could allow a local user to obtain information and spoof a server via a man-in-the-middle MITM attack between a client and a domain controller when PKINIT smart card authentication is bein...
CVE-2005-1982
Unknown vulnerability in the PKINIT Protocol for Microsoft Windows 2000, Windows XP, and Windows Server 2003 could allow a local user to obtain information and spoof a server via a man-in-the-middle MITM attack between a client and a domain controller when PKINIT smart card authentication is bein...
CVE-2005-1982
CVE-2005-1982 is a PKINIT vulnerability in Kerberos used by smart card logon on Windows 2000/XP/Server 2003. The flaw allows information disclosure and spoofing by injecting into an authentication session between a client and a domain controller, potentially enabling a malicious server to imperso...
Microsoft ActiveSync clear text password
Microsoft ActiveSync clear text password Microsoft ActiveSync is widely used to synchronies Windows based PDAs and smartphones with desktop computer. PDA can connect to PC via COM/USB/IR or LAN. Before synchronization user on PC must setup "partnership" to allow synchronization. If PDA is protect...
Messenger/hotmail MITM exploit
hello, this a little sploit i wrote for Linux to test a man in the middle attack against Messenger/Hotmail. A kind of swiss army knife that: / use the messenger scrambler bug to get passwords hashes / spoof hotmail site to retrieve plaintext passwords since protocol is not enciphered when users...