SUSE CVE-2024-2467

A timing-based side-channel flaw exists in the perl-Crypt-OpenSSL-RSA package, which could be sufficient to recover plaintext across a network in a Bleichenbacher-style attack. To achieve successful decryption, an attacker would have to be able to send a large number of trial messages. The...

Mageia: Security Advisory (MGASA-2016-0196)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

You know in PHP public key encryption is wrong-vulnerability warning-the black bar safety net

Last year, our security team to confirm the CVE-2015-7503 vulnerability, aka ZF2015-10, which is a in using the RSA process, the emergence of functional vulnerability exists in Zend Framework cryptographic library. The actual vulnerability with PKCS1v1. 5 method of filling the RSA...

Updated php-ZendFramework2 packages fix CVE-2015-7503

Updated php-ZendFramework2 packages fix security vulnerability: Zend\Crypt\PublicKey\Rsa\PublicKey has a call to opensslpublicencrypt which uses PHP's default $padding argument, which specifies OPENSSLPKCS1PADDING, indicating usage of PKCS1v1.5 padding. This padding has a known vulnerability, the...

MGASA-2016-0196 Updated php-ZendFramework2 packages fix CVE-2015-7503

Updated php-ZendFramework2 packages fix security vulnerability: Zend\Crypt\PublicKey\Rsa\PublicKey has a call to opensslpublicencrypt which uses PHP's default $padding argument, which specifies OPENSSLPKCS1PADDING, indicating usage of PKCS1v1.5 padding. This padding has a known vulnerability, the...

GnuTLS: RSA Signature Forgery

Background GnuTLS is an implementation of SSL 3.0 and TLS 1.0. Description verify.c fails to properly handle excess data in digestAlgorithm.parameters field while generating a hash when using an RSA key with exponent 3. RSA keys that use exponent 3 are commonplace. Impact Remote attackers could...

Padding Oracle Vulnerability in RSA Encryption

Hi, https://github.com/pagarme/pagarme-php/blob/master/lib/Pagarme/CardHashCommon.php This class has a confusing name. CardHash implies a cryptographic hash e.g. SHA256 is being used, but you're encrypting with RSA. Interestingly, you're not specifying the padding client-side, so you're encryptin...

Padding Oracle Vulnerability in RSA Encryption

Hi, https://github.com/pagarme/pagarme-php/blob/master/lib/Pagarme/CardHashCommon.php This class has a confusing name. CardHash implies a cryptographic hash e.g. SHA256 is being used, but you're encrypting with RSA. Interestingly, you're not specifying the padding client-side, so you're encryptin...