57 matches found
samba: Smb signing not required by default when smb client connection is used for ipc usage
It was found that Samba did not enable integrity protection for IPC traffic by default. A man-in-the-middle attacker could use this flaw to view and modify the data sent between a Samba server and a client...
IBM Security QRadar Incident Forensics中间人攻击漏洞(CNVD-2015-07484)
No description provided by source...
IBM Security QRadar Incident Forensics中间人攻击漏洞(CVE-2015-1993)
No description provided by source...
VMware vCenter Server LDAP Certificate Validation Bypass Vulnerability
VMware vCenter Server provides centralized visibility, proactive management and extensibility into virtual infrastructures. VMware vCenter Server fails to validate TLS certificates when binding to LDAP servers, allowing an attacker to intercept communications between an LDAP server and a target...
Microsec e-Szigno XML Digital Signature Forgery Security Bypass Vulnerability
Microsec e-Szigno is a suite of electronic signature authentication applications. Microsec e-Szigno does not validate the signature of specially crafted XML files, allowing attackers to bypass XML digital signature validation by performing man-in-the-middle attacks to forge XML file content and...
“Legacy”vulnerability: analysis of the new SSL/TLS vulnerability FREAK-vulnerability warning-the black bar safety net
Recently security researchers discovered a new SSL/TLS vulnerability. Expected within ten years, millions of Apple, Android users to access the HTTPS site will likely suffer from the middleman and then the stolen account and password, even if these sites use the encrypted transmission, also to no...
The sword refers to the Android and iOS system DoubleDirect middle attack-vulnerability warning-the black bar safety net
A security researcher found a new man in the middle attack technique, it targets mostly run of the Android system and iOS system of smartphone and tablets. This is called DoubleDirect of art belonging to the middleman(MITM attack. An attacker can use this technique to put the victim to visit...
Combined with the middleman attack, the Pidgin tasteless vulnerability becomes waste into treasure-vulnerability warning-the black bar safety net
The latest version of the open source instant messaging clientPidgin 2.10.10 all this time to fix a series of vulnerabilities, wherein the SSL/TLS certificate validation issue can be exploited by hackers to make MiTM attacks. As a result, some slightly tasteless the vulnerability with man in the...
The ASUS RT-series of wireless routers vulnerable, may suffer from the middleman attack-a vulnerability warning-the black bar safety net
! USA security researchers found that the ASUS RT wireless router to download and Update service is via unencrypted HTTP Protocol, and thus may be subject to MiTM attacks. Security researchers Longenecker in his blog pointed out, the ASUS RT series routers only according to a relatively simple...
Amazing exposure Netcore routers exist back door, anyone can be a remote access-vulnerability warning-the black bar safety net
The Trend Micro researchers said yesterday at the official website shows, the Chinese manufacturers produce a series of routers contain a severe vulnerability, the hacker through the loopholes in monitoring user's Internet traffic. Router in China the Brand Name Netcore in foreign countries the...
rhev: remote-viewer spice tls-stripping issue
The remote-viewer in Red Hat Enterprise Virtualization Manager RHEV-M before 3.3, when using a native SPICE client invocation method, initially makes insecure connections to the SPICE server, which allows man-in-the-middle attackers to spoof the SPICE server...
TLS: MITM attacks via session renegotiation
The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services IIS 7.0, modssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services NSS 3.12.4 and earlier, multiple Cis...
TLS protocol vulnerable to Man In The Middle attack – Opera Security Advisories
TLS protocol vulnerable to Man In The Middle attack – Opera Security Advisories OPCOM Team | June 29, 2010 Summary A vulnerability has been discovered in all current versions of the SSL and TLS protocols, that may allow an attacker to inject data and instructions into the HTTPS connection and tri...
MySQL Connector/NET缺少SSL证书验证漏洞
BUGTRAQ ID: 35514 MySQL Connector/Net是MySQL数据库的ADO.NET驱动。 MySQL Connector/Net在使用加密的时候没有对服务器的证书执行验证。在NativeDriver.cs文件中,StartSSL函数依赖于名为 NoServerCheckValidation的验证函数,而该函数没有执行任何验证。此外还有另一个名为ServerCheckValidation 的函数,而该函数被标注掉。 能够对连接执行中间人攻击的攻击者可以通过利用这个漏洞绕过加密验证,从而破坏SSL所提供的安全性。 MySQL AB MySQL Connector/N...
evolution-data-server: S/MIME signatures are considered to be valid even for modified messages (MITM)
Evolution 2.22.3.1 checks S/MIME signatures against a copy of the e-mail text within a signed-data blob, not the copy of the e-mail text displayed to the user, which allows remote attackers to spoof a signature by modifying the latter copy, a different vulnerability than CVE-2008-5077...
Port interception with port hidden sniffing attacks-vulnerability warning-the black bar safety net
In WINDOWS SOCKET Server Application Programming, the following statement perhaps than than are: s=socketAFINET,SOCKSTREAM,IPPROTOTCP; saddr. sinfamily = AFINET; saddr. sinaddr. serveraddress = htonlINADDRANY; binds,SOCKADDR &saddr,sizeofsaddr; In fact, this which exists in a very big security...
DEBIAN-CVE-2006-5867
fetchmail before 6.3.6-rc4 does not properly enforce TLS and may transmit cleartext passwords over unsecured links if certain circumstances occur, which allows remote attackers to obtain sensitive information via man-in-the-middle MITM attacks...