176 matches found
Advisory ROSA-SA-2025-2889
Software: krb5 1.18.2 OS: ROSA Virtualization 3.0 packageevrstring: krb5-1.18.2-32.0.1.rv30 CVE-ID: CVE-2025-3576 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the MIT Kerberos implementation allows an attacker to spoof messages protected by GSSAPI using RC4-HMAC-MD5 due to...
krb5: Kerberos RC4-HMAC-MD5 Checksum Vulnerability Enabling Message Spoofing via MD5 Collisions
A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes. This ma...
Moderate: Red Hat Security Advisory: krb5 security update
An update for krb5 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the C...
ALSA-2025:8411 Moderate: krb5 security update
Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending passwords over the network in unencrypted form. It allows clients and servers to authenticate to each other with the help of a trusted third party, the...
Moderate: krb5 security update
Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending passwords over the network in unencrypted form. It allows clients and servers to authenticate to each other with the help of a trusted third party, the...
AlmaLinux 8 : krb5 (ALSA-2025:8411)
The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2025:8411 advisory. krb5: Kerberos RC4-HMAC-MD5 Checksum Vulnerability Enabling Message Spoofing via MD5 Collisions CVE-2025-3576 Tenable has extracted the preceding description block...
RHEL 8 : krb5 (RHSA-2025:8411)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:8411 advisory. Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending passwords...
[SECURITY] [DLA 4206-1] asterisk security update
Debian LTS Advisory DLA-4206-1 [email protected] https://www.debian.org/lts/security/ Markus Koschany June 02, 2025 https://wiki.debian.org/LTS Package : asterisk Version : 1:16.28.0dfsg-0+deb11u7 CVE ID : CVE-2025-47779 CVE-2025-47780 Debian Bug : 1106528 1106530 Two security...
CVE-2023-33981
Briar before 1.4.22 allows attackers to spoof other users' messages in a blog, forum, or private group, but each spoofed message would need to be an exact duplicate of a legitimate message displayed alongside the spoofed one...
CVE-2022-47930
An issue was discovered in IO FinNet tss-lib before 2.0.0. The parameter ssid for defining a session id is not used through the MPC implementation, which makes replaying and spoofing of messages easier. In particular, the Schnorr proof of knowledge implemented in sch.go does not utilize a session...
DEBIAN-CVE-2025-47779
Asterisk is an open-source private branch exchange PBX. Prior to versions 18.26.2, 20.14.1, 21.9.1, and 22.4.1 of Asterisk and versions 18.9-cert14 and 20.7-cert5 of certified-asterisk, SIP requests of the type MESSAGE RFC 3428 authentication do not get proper alignment. An authenticated attacker...
CVE-2025-47934 OpenPGP.js's message signature verification can be spoofed
OpenPGP.js is a JavaScript implementation of the OpenPGP protocol. Startinf in version 5.0.1 and prior to versions 5.11.3 and 6.1.1, a maliciously modified message can be passed to either openpgp.verify or openpgp.decrypt, causing these functions to return a valid signature verification result...
CVE-2025-3576 Krb5: kerberos rc4-hmac-md5 checksum vulnerability enabling message spoofing via md5 collisions
A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes. This ma...
CVE-2025-3576
CVE-2025-3576 affects MIT Kerberos (krb5) with RC4-HMAC-MD5, enabling message spoofing via MD5 collisions in GSSAPI-protected messages. Public advisories (Red Hat, Debian, Amazon Linux, AlmaLinux, etc.) indicate the vulnerability exists in krb5 and provide remediation guidance. Impact is limited ...
CVE-2025-3576 Krb5: kerberos rc4-hmac-md5 checksum vulnerability enabling message spoofing via md5 collisions
A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes. This ma...
CVE-2021-37624
FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.10.7, FreeSWITCH does not authenticate SIP MESSAGE requests, leading to spam and message...
CVE-2022-39255
Matrix iOS SDK allows developers to build iOS apps compatible with Matrix. Prior to version 0.23.19, an attacker cooperating with a malicious homeserver can construct messages that legitimately appear to have come from another person, without any indication such as a grey shield. Additionally, a...
CVE-2022-39257
Matrix iOS SDK allows developers to build iOS apps compatible with Matrix. Prior to version 0.23.19, an attacker cooperating with a malicious homeserver can construct messages appearing to have come from another person. Such messages will be marked with a grey shield on some platforms, but this m...
CVE-2022-39248
matrix-android-sdk2 is the Matrix SDK for Android. Prior to version 1.5.1, an attacker cooperating with a malicious homeserver can construct messages that legitimately appear to have come from another person, without any indication such as a grey shield. Additionally, a sophisticated attacker...
GO-2022-0454 Login screen allows message spoofing if SSO is enabled in github.com/argoproj/argo-cd
Login screen allows message spoofing if SSO is enabled in github.com/argoproj/argo-cd...