1429 matches found
MS02-070: Flaw in SMB Signing Could Enable Group Policy to be Modified (329170)
The remote version of Windows contains a flaw in the SMB signing implementation. SMB signing is used to sign each packets sent between a client and a server to protect them against man-in-the-middle attacks. If the Domain policy is configured to force usage of SMB signing, it is possible for an...
CVE-2002-1824
Microsoft Internet Explorer 6.0, when handling an expired CA-CERT in a webserver's certificate chain during a SSL/TLS handshake, does not prompt the user before searching for and finding a newer certificate, which may allow attackers to perform a man-in-the-middle attack. NOTE: it is not clear...
SSL certificate validation problems in Ximian Evolution
Discovered: 2002-09-08, Ximian has been informed on 2002-09-09. Impact: medium, if SSL IMAPS, SMTPS, POP3S used none, if not Affected: Ximian Evolution 1.0.x and earlier Description: Due to missing SSL validation code, Evolution's camel component is vulnerable to common SSL man-in-the-middle...
Multiple Vulnerabilities in CISCO VoIP Phones
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Abstract - -------- The 7900 line of VoIP phones from Cisco contain remote-accessible code which can be exploited to cause a denial of service, and possibly leak information; the phones are also weak in ways that facilitate man-in-the-middle attacks...
Potential vulnerabilities of the Microsoft RVP-based Instant Messaging
The Encode Security Labs performed an empirical analysis of the Microsoft Instant Messaging implementation based on Exchange 2000 and using the MSN Messenger Service v3.6 client. The most important findings about the IM service are: -it does not offer any confidentiality -it is vulnerable to...
Microsoft RVP protocol weakness
Leak of server authentication allows variety of Man-In-The-Middle attacks...
Kerberos Telnet protocol does not adequately protect authentication and encryption options
Overview A vulnerability exists in the Telnet Authentication Option and Telnet Data Encryption Option specifications. An ordered list of authentication and encryption options sent from the server to client during negotiation is not cryptographically protected. As a result, an attacker may be able...
ie.cert.attack.txt
e-matters GmbH www.e-matters.de -= Security Advisory =- Advisory: Interner Explorer HTTPS certificate attack Release Date: 2001/12/22 Author: Stefan Esser [email protected] Application: Microsoft Internet Explorer 5.0/5.5/6.0 Severity: Vulnerability in IE's SSL Certificate handling allows...
Outlook Express and SPA (Secure Password Authentication)
Topic: Outlook Express and SPA Secure Password Authentication Author: 3APA3A Affected Software: Internet Explorer 5.5, 6.0 Vendor: Microsoft Status: Informational 1. Background: Outlook Express doesn't support CRAM-MD5 or APOP and there is only one way to authenticate user on POP3/IMAP/SMTP serve...