163 matches found
VulnCheck KEV: CVE-2019-1040
A tampering vulnerability exists in Microsoft Windows when a man-in-the-middle attacker is able to successfully bypass the NTLM MIC Message Integrity Check protection. An attacker who successfully exploited this vulnerability could gain the ability to downgrade NTLM security features. To...
Design/Logic Flaw
NCR SelfServ ATMs running APTRA XFS 05.01.00 do not encrypt, authenticate, or verify the integrity of messages between the BNA and the host computer, which could allow an attacker with physical access to the internal components of the ATM to execute arbitrary code, including code that enables the...
CVE-2020-9062
Diebold Nixdorf ProCash 2100xe USB ATMs (Wincor Probase 1.1.30) are affected by CVE-2020-9062. The CCDM–host communication lacks encryption, authentication, and integrity verification, enabling a physically proximate attacker to intercept/modify deposit messages (e.g., amount/value) and commit de...
CVE-2020-10124
CVE-2020-10124 affects NCR SelfServ ATMs running APTRA XFS 05.01.00. The vulnerability is due to the BNA–host communications not being encrypted, authenticated, or integrity-checked, enabling a physically proximate attacker to potentially execute arbitrary code and commit deposit forgery. The doc...
CVE-2020-10124
NCR SelfServ ATMs running APTRA XFS 05.01.00 do not encrypt, authenticate, or verify the integrity of messages between the BNA and the host computer, which could allow an attacker with physical access to the internal components of the ATM to execute arbitrary code, including code that enables the...
The vulnerability of the wpa_supplicant function of the EAP-PWD protocol in wireless communication devices certified by WPA allows a hacker to gain unauthorized access to information.
The vulnerability of the wpasupplicant function in the EAP-PWD protocol for wireless communication devices certified by WPA is related to the lack of integrity checking for messages. Exploiting this vulnerability can allow a malicious actor to cause service failure remotely...
The vulnerability in the implementation of the NTLM protocol in Windows operating systems arises from insufficient authentication checks for NTLM packets during their processing. This allows attackers to compromise the security functions of the NTLM MIC (Message Integrity Check) mechanism.
The vulnerability in the implementation of the NTLM protocol in Windows operating systems is related to insufficient authentication checks for NTLM packets during their processing. Exploiting this vulnerability allows an attacker to compromise the security functions of the NTLM Message Integrity...
Verizon, AT&T, Sprint and T-Mobile to replace SMS with RCS Messaging in 2020
Mobile carriers in the United States will finally offer a universal cross-carrier communication standard for the next-generation RCS messaging service that is meant to replace SMS and has the potential to change the way consumers interact with brands for years to come. All major United States...
Windows NTLM Tampering Vulnerability
A tampering vulnerability exists in Microsoft Windows when a man-in-the-middle attacker is able to successfully bypass the NTLM MIC Message Integrity Check protection. An attacker who successfully exploited this vulnerability could gain the ability to downgrade NTLM security features. To exploit...
The vulnerability of the Windows operating system, related to the improper functioning of the NTLM MIC (Message Integrity Check) security mechanism, allows a hacker to compromise the security functions of the NTLM mechanism.
The vulnerability of the Windows operating system is related to the improper functioning of the NTLM MIC Message Integrity Check security mechanism. Exploiting this vulnerability allows a malicious actor to compromise the security functions of the NTLM mechanism from a remote location...
Microsoft Windows NTLM Tampering Security Bypass Vulnerability
Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation.Microsoft Windows is an operating system for personal devices.Microsoft Windows Server is a server operating system. A security vulnerability exists in Microsoft Windows. An attacker could exploit this...
CVE-2019-1040
A tampering vulnerability exists in Microsoft Windows when a man-in-the-middle attacker is able to successfully bypass the NTLM MIC Message Integrity Check protection. An attacker who successfully exploited this vulnerability could gain the ability to downgrade NTLM security features. To exploit...
Near-Ubiquitous Microsoft RCE Bugs Affect All Versions of Windows
UPDATE Two Microsoft vulnerabilities, CVE-2019-1040 and CVE-2019-1019, would allow attackers to remotely execute malicious code on any Windows machine or authenticate to any web server that supports Windows Integrated Authentication WIA such as Exchange or ADFS. According to researchers at Preemp...
PT-2019-2474
Name of the Vulnerable Software and Affected Versions Microsoft Windows affected versions not specified Description A tampering vulnerability exists in Microsoft Windows when a man-in-the-middle attacker is able to successfully bypass the NTLM MIC Message Integrity Check protection. This...
Directory traversal
Directory Traversal was discovered in University of Cambridge moducamwebauth before 2.0.2. The key identification field "kid" of the IdP's HTTP response message "WLS-Response" can be manipulated by an attacker. The "kid" field is not signed like the rest of the message, and manipulation is...
MGASA-2018-0348 Updated wpa_supplicant packages fix security vulnerability
Updated wpasupplicant packages fix security vulnerability: An issue was discovered in rsnsupp/wpa.c in wpasupplicant 2.0 through 2.6. Under certain conditions, the integrity of EAPOL-Key messages is not checked, leading to a decryption oracle. An attacker within range of the Access Point and clie...
CVE-2018-7295
The CVE affects ffxivlauncher.exe in Square Enix Final Fantasy XIV for Windows (versions 4.21 and 4.25). Root cause: Improper enforcement of message integrity during transmission in a communication channel, where a session retrieves global.js via http before proceeding to use https. This enables ...
DEBIAN-CVE-2017-17848
An issue was discovered in Enigmail before 1.9.9. In a variant of CVE-2017-17847, signature spoofing is possible for multipart/related messages because a signed message part can be referenced with a cid: URI but not actually displayed. In other words, the entire containing message appears to be...
RSI Video Technologies Frontel Data Authenticity Validation Vulnerability
RSI Video Technologies Frontel is a suite of receiver software for monitoring Videofied wireless video alarm systems from the French company RSI Video Technologies. A security vulnerability exists in RSI Video Technologies Frontel, which arises from the program's failure to protect the integrity ...
CVE-2006-2712
Secure Elements Class 5 AVR aka C5 EVM client and server before 2.8.1 do not verify the integrity of a message digest, which allows remote attackers to modify and replay messages...