268 matches found
Wodat - Windows Oracle Database Attack Toolkit
Simple port of the popular Oracle Database Attack Tool ODAT https://github.com/quentinhardy/odat to C .Net Framework. Credit to https://github.com/quentinhardy/odat as lots of the functionality are ported from his code. Perform password based attacks e.g. username as password, username list again...
GHSA-JV3G-J58F-9MQ9 JOSE vulnerable to resource exhaustion via specifically crafted JWE
The PBKDF2-based JWE key management algorithms expect a JOSE Header Parameter named p2c PBES2 Count, which determines how many PBKDF2 iterations must be executed in order to derive a CEK wrapping key. The purpose of this parameter is to intentionally slow down the key derivation function in order...
DEBIAN-CVE-2022-36083
JOSE is "JSON Web Almost Everything" - JWA, JWS, JWE, JWT, JWK, JWKS with no dependencies using runtime's native crypto in Node.js, Browser, Cloudflare Workers, Electron, and Deno. The PBKDF2-based JWE key management algorithms expect a JOSE Header Parameter named p2c PBES2 Count, which determine...
PT-2022-23172
Name of the Vulnerable Software and Affected Versions JOSE versions prior to v1.28.2 JOSE versions prior to v2.0.6 JOSE versions prior to v3.20.4 JOSE versions prior to v4.9.2 Description The PBKDF2-based JWE key management algorithms in JOSE expect a JOSE Header Parameter named p2c PBES2 Count,...
jose 资源管理错误漏洞
npm jose is an application from the U.S. company npm. Use native encryption runtime does not depend on the item JWA, JWS, JWE, JWT, JWK. A resource management error vulnerability exists in jose versions prior to v1.28.2, prior to v2.0.6, prior to v3.20.4, and prior to v4.9.2, which stems from the...
The vulnerabilities of the microprogramming software for the Desigo DXR2, PXC3, PXC4, and PXC5 station modules allow a intruder to cause service failures.
The vulnerability of the microprogramming software for the Desigo DXR2, PXC3, PXC4, and PXC5 stations is related to an exception handling error. Exploiting this vulnerability could allow a perpetrator to cause service failures by installing a key derived from PBKDF2...
Shadow Credentials
Microsoft has introduced Windows Hello for Business WHfB to replace traditional password based authentication with a key based trust model. This implementation uses PIN or… Continue reading - Shadow Credentials...
Mageia: Security Advisory (MGASA-2017-0460)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
EAP-pwd 加密问题漏洞
EAP-pwd is an EAP authentication method that uses a shared password for authentication. A cryptographic issue vulnerability exists in EAP-pwd that stems from a cache access mode error in the hostapd and wpa supplicant components of the product. An attacker could use this vulnerability to launch a...
SUSE: Security Advisory (SUSE-SU-2019:1088-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Git Authorization Problem Vulnerability
Git is a free, open source distributed version control system. Git version 1.7.3 suffers from an authorization issue vulnerability that stems from the ability to use passwords for unexpected resources. In order to exploit, a user must perform a git pull operation, decrypt the password, and use th...
Huawei EulerOS: Security Advisory for java-1.7.0-openjdk (EulerOS-SA-2017-1330)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Broadcom Brocade SANnav Encryption Issue Vulnerability
Broadcom Brocade SANnav is a suite of SAN management platforms from Broadcom USA. A security vulnerability exists in the encryption key generation process in the PBE algorithm of Broadcom Brocade SANnav versions prior to 2.0. An attacker can exploit this vulnerability to decrypt passwords...
CVE-2019-16208
Password-based encryption PBE algorithm, of Brocade SANnav versions before v2.0, has a weakness in generating cryptographic keys that may allow an attacker to decrypt passwords used with several services Radius, TACAS, etc...
CVE-2019-16208
Password-based encryption PBE algorithm, of Brocade SANnav versions before v2.0, has a weakness in generating cryptographic keys that may allow an attacker to decrypt passwords used with several services Radius, TACAS, etc...
CVE-2019-16208
Password-based encryption PBE algorithm, of Brocade SANnav versions before v2.0, has a weakness in generating cryptographic keys that may allow an attacker to decrypt passwords used with several services Radius, TACAS, etc...
CVE-2017-10356
It was discovered that the Security component of OpenJDK generated weak password-based encryption keys used to protect private keys stored in key stores. This made it easier to perform password guessing attacks to decrypt stored keys if an attacker could gain access to a key store...
CVE-2019-18199
An issue was discovered on Fujitsu Wireless Keyboard Set LX390 GK381 devices. Because of the lack of proper encryption of 2.4 GHz communication, and because of password-based authentication, they are vulnerable to replay attacks...
Design/Logic Flaw
An issue was discovered on Fujitsu Wireless Keyboard Set LX390 GK381 devices. Because of the lack of proper encryption of 2.4 GHz communication, and because of password-based authentication, they are vulnerable to replay attacks...
openSUSE: Security Advisory for wpa_supplicant (openSUSE-SU-2019:1345-1)
The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...