Lucene search
K

1429 matches found

Tenable Nessus
Tenable Nessus
added 2003/01/25 12:0 a.m.45 views

MS02-070: Flaw in SMB Signing Could Enable Group Policy to be Modified (329170)

The remote version of Windows contains a flaw in the SMB signing implementation. SMB signing is used to sign each packets sent between a client and a server to protect them against man-in-the-middle attacks. If the Domain policy is configured to force usage of SMB signing, it is possible for an...

5CVSS5.5AI score0.05385EPSS
Exploits0References2
NVD
NVD
added 2002/12/31 5:0 a.m.24 views

CVE-2002-1824

Microsoft Internet Explorer 6.0, when handling an expired CA-CERT in a webserver's certificate chain during a SSL/TLS handshake, does not prompt the user before searching for and finding a newer certificate, which may allow attackers to perform a man-in-the-middle attack. NOTE: it is not clear...

5CVSS6.4AI score0.02583EPSS
Exploits0References3
securityvulns
securityvulns
added 2002/10/04 12:0 a.m.26 views

SSL certificate validation problems in Ximian Evolution

Discovered: 2002-09-08, Ximian has been informed on 2002-09-09. Impact: medium, if SSL IMAPS, SMTPS, POP3S used none, if not Affected: Ximian Evolution 1.0.x and earlier Description: Due to missing SSL validation code, Evolution's camel component is vulnerable to common SSL man-in-the-middle...

0.8AI score
Exploits0
securityvulns
securityvulns
added 2002/05/23 12:0 a.m.45 views

Multiple Vulnerabilities in CISCO VoIP Phones

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Abstract - -------- The 7900 line of VoIP phones from Cisco contain remote-accessible code which can be exploited to cause a denial of service, and possibly leak information; the phones are also weak in ways that facilitate man-in-the-middle attacks...

Exploits0
securityvulns
securityvulns
added 2002/03/20 12:0 a.m.37 views

Potential vulnerabilities of the Microsoft RVP-based Instant Messaging

The Encode Security Labs performed an empirical analysis of the Microsoft Instant Messaging implementation based on Exchange 2000 and using the MSN Messenger Service v3.6 client. The most important findings about the IM service are: -it does not offer any confidentiality -it is vulnerable to...

0.7AI score
Exploits0
securityvulns
securityvulns
added 2002/03/20 12:0 a.m.31 views

Microsoft RVP protocol weakness

Leak of server authentication allows variety of Man-In-The-Middle attacks...

3.5AI score
Exploits0References1
CERT
CERT
added 2002/02/04 12:0 a.m.15 views

Kerberos Telnet protocol does not adequately protect authentication and encryption options

Overview A vulnerability exists in the Telnet Authentication Option and Telnet Data Encryption Option specifications. An ordered list of authentication and encryption options sent from the server to client during negotiation is not cryptographically protected. As a result, an attacker may be able...

7AI score
Exploits0References10
Packet Storm
Packet Storm
added 2001/12/26 12:0 a.m.27 views

ie.cert.attack.txt

e-matters GmbH www.e-matters.de -= Security Advisory =- Advisory: Interner Explorer HTTPS certificate attack Release Date: 2001/12/22 Author: Stefan Esser [email protected] Application: Microsoft Internet Explorer 5.0/5.5/6.0 Severity: Vulnerability in IE's SSL Certificate handling allows...

7.4AI score
Exploits0
security_vulns
security_vulns
added 2001/11/22 12:0 a.m.29 views

Outlook Express and SPA (Secure Password Authentication)

Topic: Outlook Express and SPA Secure Password Authentication Author: 3APA3A Affected Software: Internet Explorer 5.5, 6.0 Vendor: Microsoft Status: Informational 1. Background: Outlook Express doesn't support CRAM-MD5 or APOP and there is only one way to authenticate user on POP3/IMAP/SMTP serve...

7.4AI score
Exploits0
Rows per page
Query Builder