Ubuntu 4.10 / 5.04 : openldap2, libpam-ldap, libnss-ldap vulnerabilities (USN-152-1)

Andrea Barisani discovered a flaw in the SSL handling of pam-ldap and libnss-ldap. When a client connected to a slave LDAP server using SSL, the slave server did not use SSL as well when contacting the LDAP master server. This caused passwords and other confident information to be transmitted...

Using the MD5 transform algorithm to the anti-exhaustive(collision)to decipher a password-vulnerability warning-the black bar safety net

MD5 in Web applications in the most commonly used password encryption algorithm. Since MD5 is irreversible, and thus through the MD5 calculated after the ciphertext, not through the reverse algorithm to get the original. Review in Web applications to use the MD5 encrypted text of the password of...

Cisco routers weak password encryption

Password is encrypted with substitution table...

Ultimate PHP Board users.dat Multiple Vulnerabilities

The remote host is running Ultimate PHP Board UPB. The remote version of this software is prone to a weak password encryption vulnerability and may store the users.dat file under the web document root with insufficient access control. %NASLMINLEVEL 70300 This script was written by Josh...

Hummingbird FTP Weak Password Encryption

Hummingbird FTP Weak Password Encryption Critical: Less critical Impact: Exposure of sensitive information Where: Local system Solution Status: Unpatched Software: Hummingbird Connectivity 10.x http://connectivity.hummingbird.com/products/nc/cpia.html Description: A vulnerability has been...

CVE-2003-1226

BEA WebLogic Server and Express 7.0 and 7.0.0.1 stores certain secrets concerning password encryption insecurely in config.xml, filerealm.properties, and weblogic-rar.xml, which allows local users to learn those secrets and decrypt passwords...

CVE-2003-1226

The CVE-2003-1226 entry concerns BEA WebLogic Server and Express versions 7.0 and 7.0.0.1 where secrets used for password encryption are stored insecurely in config.xml, filerealm.properties, and weblogic-rar.xml. This storage flaw enables a local attacker to read those secrets and decrypt passwo...

CVE-2005-2281

CVE-2005-2281 affects WebEOC prior to version 6.0.2. The issue is a weak encryption scheme used for passwords, which could enable attackers to crack passwords. Red Hat and CVE aggregations, as well as CERT/PTSecurity references, confirm the scope to WebEOC with versions before 6.0.2. The remediat...

PT-2005-3209 · Esi · Webeoc

Name of the Vulnerable Software and Affected Versions: WebEOC versions prior to 6.0.2 Description: The issue is related to a weak encryption scheme used for passwords, making it easier for attackers to crack passwords. Recommendations: For versions prior to 6.0.2, update to version 6.0.2 or later...

CVE-2002-1946

The CVE-2002-1946 entry applies to Videsh Sanchar Nigam Limited (VSNL) Integrated Dialer Software version 1.2.000. The issue is that when the Save Password option is used, the password is stored in the registry using a weak, one-to-one encryption scheme, allowing local users to obtain and decrypt...

CVE-2002-1975

Sharp Zaurus PDA SL-5000D and SL-5500 uses a salt of "A0" to encrypt the screen-locking password as stored in the Security.conf file, which makes it easier for local users to guess the password via brute force methods...

CVE-2002-1975

Sharp Zaurus PDA SL-5000D and SL-5500 uses a salt of "A0" to encrypt the screen-locking password as stored in the Security.conf file, which makes it easier for local users to guess the password via brute force methods...

Ultimate PHP Board 1.8/1.9 - Weak Password Encryption

source: https://www.securityfocus.com/bid/13975/info Ultimate PHP Board is prone to a weak password encryption vulnerability. This issue is due to a failure of the application to protect passwords with a sufficiently effective encryption scheme. This issue may allow a malicious user to gain acces...

Ultimate PHP Board 1.81.9 - Weak Password Encryption

Ultimate PHP Board 1.81.9 - Weak Password Encryption source: https://www.securityfocus.com/bid/13975/info Ultimate PHP Board is prone to a weak password encryption vulnerability. This issue is due to a failure of the application to protect passwords with a sufficiently effective encryption scheme...

CVE-2005-1553

GeoVision Digital Video Surveillance System 6.04, 6.1 and 7.0 uses a weak encryption scheme to encrypt passwords, which allows remote attackers to obtain the password via sniffing...

My-forum.org cookies vulnerability - data bug

I discovered a security issue that affects the following my-forum.org release: FOROS v.3.2 - http://my-forum.org/index.php?id=Ingles When you are logged in with an account, you need edit the cookie of the site and change the value where your username is and replace it for the victim's username...

foros32.txt

I discovered a security issue that affects the following my-forum.org release: FOROS v.3.2 - http://my-forum.org/index.php?id=Ingles When you are logged in with an account, you need edit the cookie of the site and change the value where your username is and replace it for the victim's username...

SafeNet SoftRemote VPN client weak password encryption

Password is stored in registry in reversable encryption and in memory in cleartext...

Portcullis Security Advisory 05-002 Spectrum Cash Receipting System Weak Password Encryption

Portcullis Security Advisory Vulnerable System: Spectrum Cash Receipting System Vulnerability Title: Spectrum Cash Receipting System Weak Password Protection Vulnerability. Vulnerability discovery and development: Portcullis Security Testing Services. Affected systems: All known versions of...

PT-2004-3067 · Early Impact · Earlyimpact Productcart

Name of the Vulnerable Software and Affected Versions: EarlyImpact ProductCart affected versions not specified Description: The issue concerns a weak encryption scheme used to encrypt passwords, allowing remote attackers to obtain the password via a chosen plaintext attack. No information is...