Lucene search
K

268 matches found

Kitploit
Kitploit
added 2022/11/19 11:30 a.m.85 views

Wodat - Windows Oracle Database Attack Toolkit

Simple port of the popular Oracle Database Attack Tool ODAT https://github.com/quentinhardy/odat to C .Net Framework. Credit to https://github.com/quentinhardy/odat as lots of the functionality are ported from his code. Perform password based attacks e.g. username as password, username list again...

7.5AI score
Exploits0References6
OSV
OSV
added 2022/09/16 5:44 p.m.1 views

GHSA-JV3G-J58F-9MQ9 JOSE vulnerable to resource exhaustion via specifically crafted JWE

The PBKDF2-based JWE key management algorithms expect a JOSE Header Parameter named p2c PBES2 Count, which determines how many PBKDF2 iterations must be executed in order to derive a CEK wrapping key. The purpose of this parameter is to intentionally slow down the key derivation function in order...

5.3CVSS7.2AI score0.01112EPSS
Exploits1References5
OSV
OSV
added 2022/09/07 10:15 p.m.1 views

DEBIAN-CVE-2022-36083

JOSE is "JSON Web Almost Everything" - JWA, JWS, JWE, JWT, JWK, JWKS with no dependencies using runtime's native crypto in Node.js, Browser, Cloudflare Workers, Electron, and Deno. The PBKDF2-based JWE key management algorithms expect a JOSE Header Parameter named p2c PBES2 Count, which determine...

5.3CVSS6.4AI score0.01112EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2022/09/07 12:0 a.m.6 views

PT-2022-23172

Name of the Vulnerable Software and Affected Versions JOSE versions prior to v1.28.2 JOSE versions prior to v2.0.6 JOSE versions prior to v3.20.4 JOSE versions prior to v4.9.2 Description The PBKDF2-based JWE key management algorithms in JOSE expect a JOSE Header Parameter named p2c PBES2 Count,...

5.3CVSS6.6AI score0.01112EPSS
Exploits1References16
CNNVD
CNNVD
added 2022/09/07 12:0 a.m.6 views

jose 资源管理错误漏洞

npm jose is an application from the U.S. company npm. Use native encryption runtime does not depend on the item JWA, JWS, JWE, JWT, JWK. A resource management error vulnerability exists in jose versions prior to v1.28.2, prior to v2.0.6, prior to v3.20.4, and prior to v4.9.2, which stems from the...

5.3CVSS6.8AI score0.01112EPSS
Exploits1References4
BDU FSTEC
BDU FSTEC
added 2022/07/08 12:0 a.m.7 views

The vulnerabilities of the microprogramming software for the Desigo DXR2, PXC3, PXC4, and PXC5 station modules allow a intruder to cause service failures.

The vulnerability of the microprogramming software for the Desigo DXR2, PXC3, PXC4, and PXC5 stations is related to an exception handling error. Exploiting this vulnerability could allow a perpetrator to cause service failures by installing a key derived from PBKDF2...

6.8CVSS6.5AI score0.00798EPSS
Exploits0References2Affected Software4
Penetration Testing Lab
Penetration Testing Lab
added 2022/02/07 10:55 a.m.24 views

Shadow Credentials

Microsoft has introduced Windows Hello for Business WHfB to replace traditional password based authentication with a key based trust model. This implementation uses PIN or… Continue reading - Shadow Credentials...

2.3AI score
Exploits0
OpenVAS
OpenVAS
added 2022/01/28 12:0 a.m.38 views

Mageia: Security Advisory (MGASA-2017-0460)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.6CVSS7.7AI score0.16181EPSS
Exploits2References5
CNNVD
CNNVD
added 2022/01/17 12:0 a.m.4 views

EAP-pwd 加密问题漏洞

EAP-pwd is an EAP authentication method that uses a shared password for authentication. A cryptographic issue vulnerability exists in EAP-pwd that stems from a cache access mode error in the hostapd and wpa supplicant components of the product. An attacker could use this vulnerability to launch a...

9.8CVSS7.3AI score0.01903EPSS
Exploits0References7
OpenVAS
OpenVAS
added 2021/04/19 12:0 a.m.20 views

SUSE: Security Advisory (SUSE-SU-2019:1088-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.5CVSS6.6AI score0.01476EPSS
Exploits0References5
CNNVD
CNNVD
added 2020/12/09 12:0 a.m.8 views

Git Authorization Problem Vulnerability

Git is a free, open source distributed version control system. Git version 1.7.3 suffers from an authorization issue vulnerability that stems from the ability to use passwords for unexpected resources. In order to exploit, a user must perform a git pull operation, decrypt the password, and use th...

7.5CVSS7.1AI score0.00586EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2020/01/23 12:0 a.m.33 views

Huawei EulerOS: Security Advisory for java-1.7.0-openjdk (EulerOS-SA-2017-1330)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.6CVSS7.2AI score0.16181EPSS
Exploits2References2
CNVD
CNVD
added 2019/11/15 12:0 a.m.2 views

Broadcom Brocade SANnav Encryption Issue Vulnerability

Broadcom Brocade SANnav is a suite of SAN management platforms from Broadcom USA. A security vulnerability exists in the encryption key generation process in the PBE algorithm of Broadcom Brocade SANnav versions prior to 2.0. An attacker can exploit this vulnerability to decrypt passwords...

7.5CVSS6.8AI score0.00405EPSS
Exploits0References1
NVD
NVD
added 2019/11/08 6:15 p.m.32 views

CVE-2019-16208

Password-based encryption PBE algorithm, of Brocade SANnav versions before v2.0, has a weakness in generating cryptographic keys that may allow an attacker to decrypt passwords used with several services Radius, TACAS, etc...

7.5CVSS7.5AI score0.00405EPSS
Exploits0References1
OSV
OSV
added 2019/11/08 6:15 p.m.3 views

CVE-2019-16208

Password-based encryption PBE algorithm, of Brocade SANnav versions before v2.0, has a weakness in generating cryptographic keys that may allow an attacker to decrypt passwords used with several services Radius, TACAS, etc...

7.5CVSS7.1AI score0.00405EPSS
Exploits0References1
Cvelist
Cvelist
added 2019/11/08 5:3 p.m.33 views

CVE-2019-16208

Password-based encryption PBE algorithm, of Brocade SANnav versions before v2.0, has a weakness in generating cryptographic keys that may allow an attacker to decrypt passwords used with several services Radius, TACAS, etc...

7.5AI score0.00405EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2019/11/06 10:21 a.m.48 views

CVE-2017-10356

It was discovered that the Security component of OpenJDK generated weak password-based encryption keys used to protect private keys stored in key stores. This made it easier to perform password guessing attacks to decrypt stored keys if an attacker could gain access to a key store...

6.2CVSS2.4AI score0.00754EPSS
Exploits0References1
NVD
NVD
added 2019/10/24 2:15 p.m.19 views

CVE-2019-18199

An issue was discovered on Fujitsu Wireless Keyboard Set LX390 GK381 devices. Because of the lack of proper encryption of 2.4 GHz communication, and because of password-based authentication, they are vulnerable to replay attacks...

6.9CVSS6.5AI score0.00356EPSS
Exploits1References3
Prion
Prion
added 2019/10/24 2:15 p.m.18 views

Design/Logic Flaw

An issue was discovered on Fujitsu Wireless Keyboard Set LX390 GK381 devices. Because of the lack of proper encryption of 2.4 GHz communication, and because of password-based authentication, they are vulnerable to replay attacks...

6.9CVSS6.5AI score0.00356EPSS
Exploits1References3
OpenVAS
OpenVAS
added 2019/05/09 12:0 a.m.31 views

openSUSE: Security Advisory for wpa_supplicant (openSUSE-SU-2019:1345-1)

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

6.5CVSS6.5AI score0.01476EPSS
Exploits0References2
Rows per page
Query Builder