CVE-2011-4108

The DTLS implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f performs a MAC check only if certain padding is valid, which makes it easier for remote attackers to recover plaintext via a padding oracle attack...

New Version of OpenSSL Fixes Six Flaws

A new version of the OpenSSL package has been released, fixing six vulnerabilities, including a plaintext recovery attack on the DTLS implementation. There are two other cryptographic flaws fixed in OpenSSL 1.0.0f, and a few other less-serious problems. The most problematic of the vulnerabilities...

CVE-2011-4108

The DTLS implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f performs a MAC check only if certain padding is valid, which makes it easier for remote attackers to recover plaintext via a padding oracle attack...

SuSE 11.1 Security Update : Mono (SAT Patch Number 4260)

The following security bugs have been fixed : - Mono was vulnerable to a padding oracle attack. CVE-2010-3332 - Mono loaded shared libraries from the current directory. CVE-2010-4159 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were...

ASP.NET Hack

There were a lot of excellent talks at conferences this year, but perhaps the most interesting and far-reaching presentation was one given by researchers Thai Duong and Juliano Rizzo at Ekoparty on a crypto attack against ASP.NET applications. The “padding oracle” attack that the pair implemented...

CGI Generic Padding Oracle

By manipulating the padding on an encrypted string, Nessus was able to generate an error message that indicates a likely 'padding oracle' vulnerability. Such a vulnerability can affect any application or framework that uses encryption improperly, such as some versions of ASP.net, Java Server Face...

CVE-2010-4007

Oracle Mojarra uses an encrypted View State without a Message Authentication Code MAC, which makes it easier for remote attackers to perform successful modifications of the View State via a padding oracle attack, a related issue to CVE-2010-2057...

CVE-2010-2057

shared/util/StateUtils.java in Apache MyFaces 1.1.x before 1.1.8, 1.2.x before 1.2.9, and 2.0.x before 2.0.1 uses an encrypted View State without a Message Authentication Code MAC, which makes it easier for remote attackers to perform successful modifications of the View State via a padding oracl...

Authentication flaw

shared/util/StateUtils.java in Apache MyFaces 1.1.x before 1.1.8, 1.2.x before 1.2.9, and 2.0.x before 2.0.1 uses an encrypted View State without a Message Authentication Code MAC, which makes it easier for remote attackers to perform successful modifications of the View State via a padding oracl...

Sql injection

Oracle Mojarra uses an encrypted View State without a Message Authentication Code MAC, which makes it easier for remote attackers to perform successful modifications of the View State via a padding oracle attack, a related issue to CVE-2010-2057...

CVE-2010-2057

CVE-2010-2057 affects Apache MyFaces: shared/util/StateUtils.java uses an encrypted View State without a Message Authentication Code (MAC) in MyFaces 1.1.x before 1.1.8, 1.2.x before 1.2.9, and 2.0.x before 2.0.1. The underlying issue is lack of MAC protection on the serialized View State, enabli...

CVE-2010-2057

shared/util/StateUtils.java in Apache MyFaces 1.1.x before 1.1.8, 1.2.x before 1.2.9, and 2.0.x before 2.0.1 uses an encrypted View State without a Message Authentication Code MAC, which makes it easier for remote attackers to perform successful modifications of the View State via a padding oracl...

CVE-2010-4007

Oracle Mojarra uses an encrypted View State without a Message Authentication Code MAC, which makes it easier for remote attackers to perform successful modifications of the View State via a padding oracle attack, a related issue to CVE-2010-2057...

CVE-2010-4007

Oracle Mojarra uses an encrypted View State without a Message Authentication Code MAC, which makes it easier for remote attackers to perform successful modifications of the View State via a padding oracle attack, a related issue to CVE-2010-2057...

MS10-070 ASP.NET Padding Oracle File Download

Exploit for asp platform in category remote exploits ============================================= MS10-070 ASP.NET Padding Oracle File Download ============================================= !/usr/bin/ruby -w aspxpochotextattack.rb Copyright c 2010 AmpliaSECURITY. All rights reserved...

MS10-070 ASP.NET Padding Oracle File Download

MS10-070 ASP.NET Padding Oracle信息泄露漏洞 1.漏洞描述。 ASP.NET由于加密填充验证过程中处理错误不当，导致存在一个信息泄漏漏洞。成功利用此漏洞的攻击者可以读取服务器加密的数据，例如视图状态。 此漏洞还可以用于数据篡改，如果成功利用，可用于解密和篡改服务器加密的数据。 虽然攻击者无法利用此漏洞来执行恶意攻击代码或直接提升他们的用户权限，但此漏洞可用于信息搜集，这些信息可用于进一步攻击受影响的系统。 也就是说虽然不能直接getshell，但是理论上可以读取任意文件，包括数据库配置文件。 2.漏洞标识符： CVE： CVE-2010-3332 3.受影响...

Microsoft ASP.NET - Padding Oracle File Download (MS10-070)

Microsoft ASP.NET - Padding Oracle File Download MS10-070 !/usr/bin/ruby -w aspxpochotextattack.rb Copyright c 2010 AmpliaSECURITY. All rights reserved http://www.ampliasecurity.com Agustin Azubel - [email protected] MS10-070 ASPX proof of concept Decrypt data using Vaudenay's...

Microsoft ASP.NET - Padding Oracle File Download (MS10-070)

!/usr/bin/ruby -w aspxpochotextattack.rb Copyright c 2010 AmpliaSECURITY. All rights reserved http://www.ampliasecurity.com Agustin Azubel - [email protected] MS10-070 ASPX proof of concept Decrypt data using Vaudenay's cbc-padding-oracle-side-channel Encrypt data using Rizzo-Duong CBC-R...

ASP.NET Padding Oracle Vulnerability (MS10-070)

No description provided by source. Source: http://blog.mindedsecurity.com/2010/10/breaking-net-encryption-with-or-without.html !/usr/bin/perl Webconfig Bruter - exploit tool for downloading Web.config FOr use this script you need Pudbuster. Padbuster is a great tool and Brian Holyfield deserve al...

ASP.NET Padding Oracle Vulnerability (MS10-070)

Exploit for windows platform in category remote exploits =============================================== ASP.NET Padding Oracle Vulnerability MS10-070 =============================================== Source: http://blog.mindedsecurity.com/2010/10/breaking-net-encryption-with-or-without.html...