Internet Bug Bounty: Key Reinstallation Attacks: Breaking WPA2 by forcing nonce reuse

Full background information is at krackattacks.com and all detailed information can be found in our research paper. Key Reinstallation Attack: 4-way handshake example We use the 4-way handshake to illustrate the idea behind key reinstallation attacks CVE-2017-13077. Note that in practice, all...

Rockwell Automation Stratix 5100 (Update A)

1. EXECUTIVE SUMMARY CVSS v3 6.9 ATTENTION: Exploitable remotely/public exploits are available Vendor: Rockwell Automation Equipment: Stratix 5100 Wireless Access Point/Workgroup Bridge Vulnerability: Reusing a Nonce 2. UPDATE INFORMATION This updated advisory is a follow-up to the original...

Wi-Fi Protected Access (WPA) handshake traffic can be manipulated to induce nonce and session key reuse

Overview Wi-Fi Protected Access WPA, more commonly WPA2 handshake traffic can be manipulated to induce nonce and session key reuse, resulting in key reinstallation by a wireless access point AP or client. An attacker within range of an affected AP and client may leverage these vulnerabilities to...

WordPress Simple Login Log 1.1.1 SQL Injection Vulnerability

WordPress Simple Login Log plugin version 1.1.1 suffers from multiple remote SQL injection vulnerabilities. Advisory Title: WordPress Simple Login Log Plugin Multiple SQL A Injection Security Vulnerabilities Advisory URL:A A http://www.defensecode.com/advisories.php Software:A A A A A A WordPress...

WordPress Content Audit 1.9.1 Cross Site Request Forgery / Cross Site Scripting

Details ================ Software: Content Audit Version: 1.9.1 Homepage: https://wordpress.org/plugins/content-audit/ Advisory report: https://security.dxw.com/advisories/csrf-xss-content-audit/ CVE: Awaiting assignment CVSS: 5.8 Medium; AV:N/AC:M/Au:N/C:P/I:P/A:N Description ================...

WordPress Content Audit 1.9.1 Cross Site Request Forgery / Cross Site Scripting Vulnerabilities

WordPress Content Audit plugin version 1.9.1 suffers from cross site request forgery and cross site scripting vulnerabilities. Details ================ Software: Content Audit Version: 1.9.1 Homepage: https://wordpress.org/plugins/content-audit/ Advisory report:...

Moxa AWK-3131A Web Application Nonce Reuse Vulnerability(CVE-2016-8712)

Summary An exploitable nonce reuse vulnerability exists in the Web Application functionality of Moxa AWK-3131A Wireless AP running firmware 1.1. The device uses one nonce for all session authentication requests and only changes the nonce if the web application has been idle for 300 seconds. Teste...

CVE-2017-14423

htdocs/parentalcontrols/bind.php on D-Link DIR-850L REV. A with firmware through FW114WWb07h2abbeta1 devices does not prevent unauthenticated nonce-guessing attacks, which makes it easier for remote attackers to change the DNS configuration via a series of requests...

Code injection

htdocs/parentalcontrols/bind.php on D-Link DIR-850L REV. A with firmware through FW114WWb07h2abbeta1 devices does not prevent unauthenticated nonce-guessing attacks, which makes it easier for remote attackers to change the DNS configuration via a series of requests...

CVE-2017-14423

htdocs/parentalcontrols/bind.php on D-Link DIR-850L REV. A with firmware through FW114WWb07h2abbeta1 devices does not prevent unauthenticated nonce-guessing attacks, which makes it easier for remote attackers to change the DNS configuration via a series of requests...

CVE-2017-14423

htdocs/parentalcontrols/bind.php on D-Link DIR-850L REV. A with firmware through FW114WWb07h2abbeta1 devices does not prevent unauthenticated nonce-guessing attacks, which makes it easier for remote attackers to change the DNS configuration via a series of requests...

PT-2017-13467 · D Link · D-Link Dir-850L

Name of the Vulnerable Software and Affected Versions: D-Link DIR-850L REV. A versions through FW114WWb07 h2ab beta1 Description: The issue allows remote attackers to change the DNS configuration via a series of requests, due to the failure to prevent unauthenticated nonce-guessing attacks in the...

Updated dbus packages fix security vulnerabilities

A format string vulnerability in the reference bus implementation, dbus-daemon, could potentially allow local users to cause arbitrary code execution or denial of service. Symlink attack in nonce-tcp transport bsc1025950. Symlink attack in unit tests bsc1025951...

BSA-2017-383

Security Advisory ID : BSA-2017-383 Component : OpenSSL Revision : 2.0: Interim The signing function in crypto/ecdsa/ecdsaossl.c in certain OpenSSL versions and forks is vulnerable to timing attacks when signing with the standardized elliptic curve P-256 despite featuring constant-time curve...

WordPress Podlove Podcast Publisher 2.5.3 SQL Injection Vulnerability

Exploit for php platform in category web applications Advisory Title: WordPress Podlove Podcast Publisher Plugin Security Vulnerability Advisory URL: http://www.defensecode.com/advisories.php Software: WordPress Podlove Podcast Publisher plugin Language: PHP Version: 2.5.3 and below Vendor Status...

WordPress Podlove Podcast Publisher 2.5.3 SQL Injection

DefenseCode ThunderScan SAST Advisory WordPress Podlove Podcast Publisher Plugin Security Vulnerability Advisory ID: DC-2017-05-006 Advisory Title: WordPress Podlove Podcast Publisher Plugin Security Vulnerability Advisory URL: http://www.defensecode.com/advisories.php Software: WordPress Podlove...

Easy Modal <= 2.0.17 - Authenticated SQL Injection

This can only be exploited by a user who already has access to the admin with a valid nonce. During the security analysis, ThunderScan discovered SQL injection vulnerabilities in the Easy Modal WordPress Plugin. The easiest way to reproduce the vulnerability is to visit the provided URL while bei...

WordPress Podlove Podcast Publisher plugin <=2.5.3 - SQL injection (SQLi) vulnerability

SQL injection SQLi vulnerability found by Neven Biruski in WordPress Podlove Podcast Publisher plugin version 2.5.3 and earlier version. This vulnerability allows registered users to get access to the database even if they don't have full administrator rights. Moreover, Cross Site request forgery...

Podlove Podcast Publisher <= 2.5.3 - Authenticated SQL Injection

During the security analysis, ThunderScan discovered SQL injection vulnerability in Podlove Podcast Publisher WordPress plugin. The easiest way to reproduce the vulnerability is to visit the provided URL while being logged in as administrator or another user that is authorized to access the plugi...

CVE-2017-7902

A "Reusing a Nonce, Key Pair in Encryption" issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1100 programmable-logic controllers 1763-L16AWA, Series A and B, Version 16.00 and prior versions; 1763-L16BBB, Series A and B, Version 16.00 and prior versions; 1763-L16BWA, Series A...