101 matches found
NTP 'ntp-keygen.c' Predictable Random Number Generation Vulnerability
NTP Network Time Protocol is a protocol for synchronizing computer clocks over a network. A predictable random number generation vulnerability exists in NTP. An attacker can exploit this vulnerability to guess the MD5 key and spoof the client or server...
UBUNTU-CVE-2017-7888
Dolibarr ERP/CRM 4.0.4 stores passwords with the MD5 algorithm, which makes brute-force attacks easier...
OpenJDK: MD5 allowed for jar verification (Security, 8171121)
It was discovered that the Security component of OpenJDK did not allow users to restrict the set of algorithms allowed for Jar integrity verification. This flaw could allow an attacker to modify content of the Jar file that used weak signing key or hash algorithm...
OpenJDK: MD5 allowed for jar verification (Security, 8171121)
It was discovered that the Security component of OpenJDK did not allow users to restrict the set of algorithms allowed for Jar integrity verification. This flaw could allow an attacker to modify content of the Jar file that used weak signing key or hash algorithm...
TLS 1.2 Transcipt Collision attacks against MD5 in key exchange protocol (SLOTH)
A flaw was found in the way TLS 1.2 could use the MD5 hash function for signing ServerKeyExchange and Client Authentication packets during a TLS handshake. A man-in-the-middle attacker able to force a TLS connection to use the MD5 hash function could use this flaw to conduct collision attacks to...
USN-2904-1 thunderbird vulnerabilities
Karthikeyan Bhargavan and Gaetan Leurent discovered that NSS incorrectly allowed MD5 to be used for TLS 1.2 connections. If a remote attacker were able to perform a machine-in-the-middle attack, this flaw could be exploited to view sensitive information. CVE-2015-7575 Yves Younan discovered that...
TLS 1.2 Transcipt Collision attacks against MD5 in key exchange protocol (SLOTH)
A flaw was found in the way TLS 1.2 could use the MD5 hash function for signing ServerKeyExchange and Client Authentication packets during a TLS handshake. A man-in-the-middle attacker able to force a TLS connection to use the MD5 hash function could use this flaw to conduct collision attacks to...
TLS 1.2 Transcipt Collision attacks against MD5 in key exchange protocol (SLOTH)
A flaw was found in the way TLS 1.2 could use the MD5 hash function for signing ServerKeyExchange and Client Authentication packets during a TLS handshake. A man-in-the-middle attacker able to force a TLS connection to use the MD5 hash function could use this flaw to conduct collision attacks to...
TLS 1.2 Transcipt Collision attacks against MD5 in key exchange protocol (SLOTH)
A flaw was found in the way TLS 1.2 could use the MD5 hash function for signing ServerKeyExchange and Client Authentication packets during a TLS handshake. A man-in-the-middle attacker able to force a TLS connection to use the MD5 hash function could use this flaw to conduct collision attacks to...
TLS 1.2 Transcipt Collision attacks against MD5 in key exchange protocol (SLOTH)
A flaw was found in the way TLS 1.2 could use the MD5 hash function for signing ServerKeyExchange and Client Authentication packets during a TLS handshake. A man-in-the-middle attacker able to force a TLS connection to use the MD5 hash function could use this flaw to conduct collision attacks to...
TLS 1.2 Transcipt Collision attacks against MD5 in key exchange protocol (SLOTH)
A flaw was found in the way TLS 1.2 could use the MD5 hash function for signing ServerKeyExchange and Client Authentication packets during a TLS handshake. A man-in-the-middle attacker able to force a TLS connection to use the MD5 hash function could use this flaw to conduct collision attacks to...
CVE-2016-0201
GSKit in IBM Security Network Protection 5.3.1 before 5.3.1.7 and 5.3.2 allows remote attackers to discover credentials by triggering an MD5 collision...
USN-2866-1 firefox vulnerability
Karthikeyan Bhargavan and Gaetan Leurent discovered that NSS incorrectly allowed MD5 to be used for TLS 1.2 connections. If a remote attacker were able to perform a machine-in-the-middle attack, this flaw could be exploited to view sensitive information...
USN-2864-1 nss vulnerability
Karthikeyan Bhargavan and Gaetan Leurent discovered that NSS incorrectly allowed MD5 to be used for TLS 1.2 connections. If a remote attacker were able to perform a machine-in-the-middle attack, this flaw could be exploited to view sensitive information...
TLS 1.2 Transcipt Collision attacks against MD5 in key exchange protocol (SLOTH)
A flaw was found in the way TLS 1.2 could use the MD5 hash function for signing ServerKeyExchange and Client Authentication packets during a TLS handshake. A man-in-the-middle attacker able to force a TLS connection to use the MD5 hash function could use this flaw to conduct collision attacks to...
subversion: credentials leak via MD5 collision
It was discovered that Subversion clients retrieved cached authentication credentials using the MD5 hash of the server realm string without also checking the server's URL. A malicious server able to provide a realm that triggers an MD5 collision could possibly use this flaw to obtain the...
CVE-2004-2761
The MD5 Message-Digest Algorithm is not collision resistant, which makes it easier for context-dependent attackers to conduct spoofing attacks, as demonstrated by attacks on the use of MD5 in the signature algorithm of an X.509 certificate...
PT-2007-6075 · Linden · Second Life
Name of the Vulnerable Software and Affected Versions: Linden Lab Second Life affected versions not specified Description: The issue concerns the login to simulator method, which sends an MD5 hash in cleartext in the passwd field. This allows remote attackers to login to an account by sniffing th...
DEBIAN-CVE-2007-2294
The Manager Interface in Asterisk before 1.2.18 and 1.4.x before 1.4.3 allows remote attackers to cause a denial of service crash by using MD5 authentication to authenticate a user that does not have a password defined in manager.conf, resulting in a NULL pointer dereference...
DEBIAN-CVE-2005-2946
The default configuration on OpenSSL before 0.9.8 uses MD5 for creating message digests instead of a more cryptographically strong algorithm, which makes it easier for remote attackers to forge certificates with a valid certificate authority signature...