256 matches found
Exposure of Sensitive Information to an Unauthorized Actor in TYPO3 CMS
Meta CVSS: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 7.5 CWE-20, CWE-200 Problem In case an attacker manages to generate a valid cryptographic message authentication code HMAC-SHA1 - either by using a different existing vulnerability or in case the internal encryptionKey was...
CVE-2020-15099 Exposure of Sensitive Information to an Unauthorized Actor in TYPO3 CMS
In TYPO3 CMS greater than or equal to 9.0.0 and less than 9.5.20, and greater than or equal to 10.0.0 and less than 10.4.6, in a case where an attacker manages to generate a valid cryptographic message authentication code HMAC-SHA1 - either by using a different existing vulnerability or in case t...
Potential Privilege Escalation
In case an attacker manages to generate a valid cryptographic message authentication code HMAC-SHA1 - either by using a different existing vulnerability or in case the internal encryptionKey was exposed - it is possible to retrieve arbitrary files of a TYPO3 installation. This includes the...
Critical vulnerability in legacy versions of TYPO3 CMS
It has been discovered that an internal verification mechanism can be used to generate arbitrary checksums. This allows to inject arbitrary data having a valid cryptographic message authentication code HMAC-SHA1 and can lead to various attack chains as described below...
Sensitive Information Disclosure in extension "Media Content Element" (mediace)
It has been discovered that an internal verification mechanism can be used to generate arbitrary checksums. This allows to inject arbitrary data having a valid cryptographic message authentication code HMAC-SHA1 and can lead to various attack chains as described below...
bind: A logic error in code which checks TSIG validity can be used to trigger an assertion failure in tsig.c
An assertion failure was found in BIND, which checks the validity of messages containing TSIG resource records. This flaw allows an attacker that knows or successfully guesses the name of the TSIG key used by the server to use a specially-crafted message, potentially causing a BIND server to reac...
PT-2020-10763 · Trustwave +1 · Opendmarc +1
Name of the Vulnerable Software and Affected Versions: OpenDMARC versions 1.3.2 and 1.4.x Description: The issue allows attacks to bypass SPF and DMARC authentication when the HELO field is inconsistent with the MAIL FROM field, specifically when OpenDMARC is used with pypolicyd-spf 2.0.2...
CVE-2019-19092
ABB eSOMS versions 4.0 to 6.0.3 use ASP.NET Viewstate without Message Authentication Code MAC. Alterations to Viewstate might thus not be noticed...
CVE-2019-19092
ABB eSOMS versions 4.0 to 6.0.3 use ASP.NET Viewstate without Message Authentication Code MAC. Alterations to Viewstate might thus not be noticed...
CVE-2019-19092
CVE-2019-19092 affects ABB eSOMS versions 4.0 to 6.0.3, where the ASP.NET Viewstate is used without a MAC, allowing alterations to go unnoticed. The Red Hat, NVD, CVE lists consistently describe this external-state data issue; ENISA/EUVD entries also reference related ABB eSOMS risks. Public deta...
CVE-2019-19092 ABB eSOMS: Viewstate without MAC Signature
ABB eSOMS versions 4.0 to 6.0.3 use ASP.NET Viewstate without Message Authentication Code MAC. Alterations to Viewstate might thus not be noticed...
jenkins: Non-constant time HMAC comparison
Jenkins 2.218 and earlier, LTS 2.204.1 and earlier used a non-constant time comparison function when validating an HMAC...
openssl: 0-byte record padding oracle
If an application encounters a fatal protocol error and then calls SSLshutdown twice once to send a closenotify, and once to receive one then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received...
Fedora Update for opendmarc FEDORA-2019-24b3f84f6e
The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Nextcloud: Message Authentication Codes calculated by the Default Encryption Module allow an attacker to silently overwrite blocks in a file
First: The default encryption module bundled with the Nextcloud Server creates SHA256-HMAC based message authentication codes for each individual 6072 byte-sized block of data. These are the steps to calculate the MAC: Take the user password and harden it with SHA256-PBKDF2 denoted as $passPhrase...
EulerOS Virtualization 3.0.1.0 : ntp (EulerOS-SA-2019-1557)
According to the versions of the ntp packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - It was found that ntpd did not check whether a Message Authentication Code MAC was present in a received packet when ntpd was...
Insufficient Entropy In Key Generation Algorithm
The Network Time Protocol NTP is used to synchronize a computer's time with another referenced time source. It was found that because NTP's access control was based on a source IP address, an attacker could bypass source IP restrictions and send malicious control and configuration packets by...
A Go implementation of Poly1305 that makes sense
Poly1305 is a Message Authentication Code--a cryptographic primitive for authenticating a message with a shared secret key, like HMAC. Although its really a fraction of the complexity of e.g. elliptic curves, most of the implementations Ive read look decidedly like magic, mysteriously multiplying...
Sensitive Data Exposure
Overview All versions of rails-session-decoder are missing verification of the Message Authentication Code appended to the cookies. This may lead to decryption of cipher text thus exposing encrypted information. Recommendation No fix is currently available. Consider using an alternative module...
The vulnerability of the FortiOS operating system’s SSL-VPN implementation, caused by errors in processing input data, allows a hacker to replace encrypted traffic with malicious data.
The vulnerability of the SSL-VPN implementation in the FortiOS operating system arises due to errors in processing input data. Exploiting this vulnerability allows a malicious actor to replace encrypted traffic using a specially generated MAC...