Ipswitch IMail 5.0/5.0.5/5.0.6/5.0.7/5.0.8/6.0 Weak Password Encryption Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/880/info IMail keeps the encrypted passwords for email accounts in a registry key, HKLM\SOFTWARE\Ipswitch\Imail\Domains\DomainName\Users\UserName, in a string value called Password. The encryption scheme used is weak and...

IBM WebSphere 2.0/3.0 ikeyman Weak Encrypted Password Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/1763/info IBM WebSphere ships with a tool called 'ikeyman' that encrypts server certificates/key pairs when the IBM HTTP Server and SSL connections are enabled. Ikeyman stores the password in a stash file which can be...

WorkforceROI Xpede 4.1/7.0 Weak Password Encryption Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/4344/info An issue has been reported in Xpede, which could lead to a compromise of user authentication information. Reportedly, Xpede cookies containing username and password data is stored using a weak encryption method...

NetWin DMail 2.x,SurgeFTP 1.0/2.0 Weak Password Encryption Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/3075/info The Netwin Authentication module, or NWAuth, is an external authentication module used by several Netwin products. A simple one-way hash function is used by NWAuth to perform password encryption operations. As a...

Jenkins HP Application Automation Tools Plugin Password Encryption Security Weakness

The remote host is using the Jenkins HP Application Automation tools plugin. Nessus was able to remotely access one or more unprotected files in the Jenkins build system and decrypt the HP Application Lifecycle Management password. These passwords are currently encrypted with a known, hard-coded...

Encrypt password variables

All variables are currently stored in the database with no encryption Exceptions are repository passwords and Bamboo passwords which are irreversibly hashed/salted. ex. : Deployment variables that contain passwords are stored in the database with no encryption. So anyone with access to the databa...

Cisco WebEx One-Click Client Password Encryption - Information Disclosure

// source: https://www.securityfocus.com/bid/61304/info Cisco WebEx One-Click Client is prone to an information disclosure vulnerability. Successful exploits may allow an attacker to disclose sensitive information such as stored passwords; this may aid in further attacks. / WebEx One-Click Regist...

Cisco WebEx One-Click Client Password Encryption - Information Disclosure

Cisco WebEx One-Click Client Password Encryption - Information Disclosure // source: https://www.securityfocus.com/bid/61304/info Cisco WebEx One-Click Client is prone to an information disclosure vulnerability. Successful exploits may allow an attacker to disclose sensitive information such as...

LivingSocial Ups its Password Encryption After Breach

The popular daily deal site LivingSocial announced Monday it has abandoned the SHA1 hash for Blowfish’s bcrypt following a massive data breach that impacted 50 million customers. The company confirmed last weekend that its computer systems were attacked and thieves gained access to names, e-mail...

D-Link DIR-600 DIR-300 (Rev B) - Multiple Vulnerabilities

D-Link DIR-600 DIR-300 Rev B - Multiple Vulnerabilities Device Name: DIR-600 / DIR 300 - HW rev B1 Vendor: D-Link ============ Vulnerable Firmware Releases - DIR-300: ============ Firmware Version : 2.12 - 18.01.2012 Firmware Version : 2.13 - 07.11.2012 ============ Vulnerable Firmware Releases -...

CVE-2012-4571

Python Keyring 0.9.1 does not securely initialize the cipher when encrypting passwords for CryptedFileKeyring files, which makes it easier for local users to obtain passwords via a brute-force attack...

CVE-2012-4946

Agile FleetCommander and FleetCommander Kiosk before 4.08 use an XOR format for password encryption, which makes it easier for context-dependent attackers to obtain sensitive information by reading a key file and the encrypted strings...

CVE-2012-4946

Agile FleetCommander and FleetCommander Kiosk before 4.08 use an XOR format for password encryption, which makes it easier for context-dependent attackers to obtain sensitive information by reading a key file and the encrypted strings...

CVE-2012-4946

Agile FleetCommander and FleetCommander Kiosk before 4.08 store passwords with a reversible XOR encryption, enabling an attacker who can read the password key file and encrypted strings to obtain sensitive information. This CVE is documented by NVD and CVE records; CERT notes updates to 4.08/4.08...

Weak password encryption on Huawei products

Weak password encryption on Huawei products =========================================== ADVISORY INFORMATION Title: Weak password encryption on Huawei products Release date: 13/11/2012 Credits: Roberto Paleari, Emaze Networks [email protected] Ivan Speziale, Emaze Networks...

Huawei Quidway / Huawei CX600 Weak Password Encryption

Various Huawei products use DES without any salt to encrypt passwords. Included vulnerable are the Huawei Quidway series and Huawei CX600. Weak password encryption on Huawei products =========================================== ADVISORY INFORMATION Title: Weak password encryption on Huawei product...

Huawei (Multiple Products) - Password Encryption

source: https://www.securityfocus.com/bid/56510/info Multiple Huawei products are prone to a weak password encryption weakness. Successful exploits may allow an attacker to decrypt stored passwords; this may aid in further attacks. The following are vulnerable: Huawei Quidway series Huawei CX600...

Huawei (Multiple Products) - Password Encryption

Huawei Multiple Products - Password Encryption source: https://www.securityfocus.com/bid/56510/info Multiple Huawei products are prone to a weak password encryption weakness. Successful exploits may allow an attacker to decrypt stored passwords; this may aid in further attacks. The following are...

Fedora Update for gnome-keyring FEDORA-2012-12368

Check for the Version of gnome-keyring OpenVAS Vulnerability Test Fedora Update for gnome-keyring FEDORA-2012-12368 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it...

Being the top academic system in the latest sql injection vulnerability fix-bug warning-the black bar safety net

You also again for the exam hanging branches and trouble? you also then for College how to sister phone and tangled? -, do you want to quickly find a school of nice girl?, then please see below 1. Classroom query at sql injection, as shown in Figure ! 1 union select NULL,owner from alltables brok...