Security Bulletin: Multiple vulnerabilities in the IBM GSKit component of IBM Spectrum Protect for Workstations (formerly Tivoli Storage Manager FastBack for Workstations)

Summary There are multiple vulnerabilities in the IBM GSKit component of IBM Spectrum Protect for Workstations formerly Tivoli Storage Manager for Workstations. IBM Spectrum Protect for Workstations has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2016-0702 DESCRIPTION: OpenSSL...

Security Bulletin: Multiple vulnerabilities in the GSKit component of Tivoli Netcool/OMNIbus

Summary Multiple vulnerabilities has been addressed in the GSKit component of Tivoli Netcool/OMNIbus. Vulnerability Details CVEID: CVE-2018-1447 DESCRIPTION: The GSKit CMS KDB logic fails to salt the hash function resulting in weaker than expected protection of passwords. A weak password may be...

Security Bulletin: Multiple security vulnerabilities have been identified in GSKit shipped with IBM ClearQuest (CVE-2016-0702, CVE-2018-1447, CVE-2018-1427, CVE-2016-0705)

Summary Vulnerabilities have been addressed in the GSKit component of IBM Rational ClearQuest. Vulnerability Details CVEID: CVE-2016-0702 DESCRIPTION: OpenSSL could allow a local attacker to obtain sensitive information, caused by a side-channel attack against a system based on the Intel...

T-Mobile Employee Made Unauthorized ‘SIM Swap’ to Steal Instagram Account

T-Mobile is investigating a retail store employee who allegedly made unauthorized changes to a subscriber's account in an elaborate scheme to steal the customer's three-letter Instagram username. The modifications, which could have let the rogue employee empty bank accounts associated with the...

Microsoft Office 365 Gets Built-in Ransomware Protection and Enhanced Security Features

Ransomware has been around for a few years, but it has become an albatross around everyone's neck, targeting big businesses, hospitals, financial institutions and individuals worldwide and extorting millions of dollars. Last year, we saw some major ransomware outbreaks, including WannaCry and...

CVE-2018-1447

The GSKit IBM Spectrum Protect 7.1 and 7.2 and IBM Spectrum Protect Snapshot 4.1.3, 4.1.4, and 4.1.6 CMS KDB logic fails to salt the hash function resulting in weaker than expected protection of passwords. A weak password may be recovered. Note: After update the customer should change password to...

Default credentials

The GSKit IBM Spectrum Protect 7.1 and 7.2 and IBM Spectrum Protect Snapshot 4.1.3, 4.1.4, and 4.1.6 CMS KDB logic fails to salt the hash function resulting in weaker than expected protection of passwords. A weak password may be recovered. Note: After update the customer should change password to...

CVE-2018-1447

The GSKit IBM Spectrum Protect 7.1 and 7.2 and IBM Spectrum Protect Snapshot 4.1.3, 4.1.4, and 4.1.6 CMS KDB logic fails to salt the hash function resulting in weaker than expected protection of passwords. A weak password may be recovered. Note: After update the customer should change password to...

CVE-2018-1286

In Apache OpenMeetings 3.0.0 - 4.0.1, CRUD operations on privileged users are not password protected allowing an authenticated attacker to deny service for privileged users...

CVE-2018-1286

In Apache OpenMeetings 3.0.0 - 4.0.1, CRUD operations on privileged users are not password protected allowing an authenticated attacker to deny service for privileged users...

CVE-2018-1286

In Apache OpenMeetings 3.0.0 - 4.0.1, CRUD operations on privileged users are not password protected allowing an authenticated attacker to deny service for privileged users...

Papenmeier WiFi Baby Monitor Free Lite 2.02.2 - Remote Audio Record

Papenmeier WiFi Baby Monitor Free Lite 2.02.2 - Remote Audio Record Whilst analysing a number of free communication based applications on the Google Play Store, I took a look at WiFi Baby Monitor: Free & Lite the free version of WiFi Baby Monitor. Although the premium version offered users the...

How to Verify Password for an Encrypted SSL Certificate Key File

This article explains how to use OpenSSL to decrypt a keyfile that was encrypted by a password. Background On NetScaler, when creating an RSA Key, you can change the PEM Encoding Algorithm to DES3 and enter a permanent Passphrase. This encrypts the keyfile and protects it with a password or pass...

Authorization

Electrum Technologies GmbH Electrum Bitcoin Wallet version prior to version 3.0.5 contains a Missing Authorization vulnerability in JSONRPC interface that can result in Bitcoin theft, if the user's wallet is not password protected. This attack appear to be exploitable via The victim must visit a...

CVE-2018-1000022

Electrum Technologies GmbH Electrum Bitcoin Wallet version prior to version 3.0.5 contains a Missing Authorization vulnerability in JSONRPC interface that can result in Bitcoin theft, if the user's wallet is not password protected. This attack appear to be exploitable via The victim must visit a...

CVE-2018-1000022

CVE-2018-1000022 affects Electrum Bitcoin Wallet versions prior to 3.0.5, where a Missing Authorization vulnerability in the JSONRPC interface could lead to bitcoin theft if the wallet is not password protected. The issue is exploitable when a user visits a page with specially crafted JavaScript....

CVE-2018-1000022

Electrum Technologies GmbH Electrum Bitcoin Wallet version prior to version 3.0.5 contains a Missing Authorization vulnerability in JSONRPC interface that can result in Bitcoin theft, if the user's wallet is not password protected. This attack appear to be exploitable via The victim must visit a...

Linux/x86-64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Password (hell) Shellcode (147 bytes)

; =================================================================== ; Password Protected Bind Shell ; Author: SLAE64-1351 Keyman ; Date: 03/09/2014 ; ; Shellcode length: 147 bytes ; ; Description: ; ; Simple bind shell listens on port 4444 by default with 4 bytes ; password protection. Using a ...

Linux/x86-64 - Reverse TCP (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (hell) Shellcode (136 byt

; =================================================================== ; Password Protected Reverse Shell ; Author: SLAE64-1351 Keyman ; Date: 04/09/2014 ; ; Shellcode length: 136 bytes ; ; Description: ; ; Simple reverse shell listens on port 4444 by default with ; bytes password protection. Usin...

WP Site Protect 1.0 - Cross-Site Scripting (XSS)

The wp-site-protect allows to protect the access to a wordpress website with a global password. Passwords can be randomly generated or manually set, the "password" field is not properly sanitized, allowing some XSS in different views of the plugins in the administration section. It seems that the...