58 matches found
CVE-2016-7959
Siemens SIMATIC STEP 7 TIA Portal before 14 improperly stores pre-shared key data in TIA project files, which makes it easier for local users to obtain sensitive information by leveraging access to a file and conducting a brute-force attack...
CVE-2015-4171
strongSwan 4.3.0 through 5.x before 5.3.2 and strongSwan VPN Client before 1.4.6, when using EAP or pre-shared keys for authenticating an IKEv2 connection, does not enforce server authentication restrictions until the entire authentication process is complete, which allows remote servers to obtai...
Authentication flaw
strongSwan 4.3.0 through 5.x before 5.3.2 and strongSwan VPN Client before 1.4.6, when using EAP or pre-shared keys for authenticating an IKEv2 connection, does not enforce server authentication restrictions until the entire authentication process is complete, which allows remote servers to obtai...
CVE-2015-4171
strongSwan 4.3.0 through 5.x before 5.3.2 and strongSwan VPN Client before 1.4.6, when using EAP or pre-shared keys for authenticating an IKEv2 connection, does not enforce server authentication restrictions until the entire authentication process is complete, which allows remote servers to obtai...
CVE-2015-4171
strongSwan 4.3.0 through 5.x before 5.3.2 and strongSwan VPN Client before 1.4.6, when using EAP or pre-shared keys for authenticating an IKEv2 connection, does not enforce server authentication restrictions until the entire authentication process is complete, which allows remote servers to obtai...
Ubuntu 8.10 / 9.04 : network-manager-applet vulnerabilities (USN-883-1)
It was discovered that NetworkManager did not ensure that the Certification Authority CA certificate file remained present when using WPA Enterprise or 802.1x networks. A remote attacker could use this flaw to spoof the identity of a wireless network and view sensitive information. CVE-2009-4144 ...
Ubuntu: Security Advisory (USN-883-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
USN-883-1: network-manager-applet vulnerabilities
It was discovered that NetworkManager did not ensure that the Certification Authority CA certificate file remained present when using WPA Enterprise or 802.1x networks. A remote attacker could use this flaw to spoof the identity of a wireless network and view sensitive information. CVE-2009-4144 ...
NetworkManager: GetSecrets disclosure
nm-applet.conf in GNOME NetworkManager before 0.7.0.99 contains an incorrect deny setting, which allows local users to discover 1 network connection passwords and 2 pre-shared keys via calls to the GetSecrets method in the dbus request handler...
NetworkManager: GetSecrets disclosure
nm-applet.conf in GNOME NetworkManager before 0.7.0.99 contains an incorrect deny setting, which allows local users to discover 1 network connection passwords and 2 pre-shared keys via calls to the GetSecrets method in the dbus request handler...
Design/Logic Flaw
nm-applet.conf in GNOME NetworkManager before 0.7.0.99 contains an incorrect deny setting, which allows local users to discover 1 network connection passwords and 2 pre-shared keys via calls to the GetSecrets method in the dbus request handler...
CVE-2009-0365
The CVE-2009-0365 entry concerns nm-applet.conf in GNOME NetworkManager prior to 0.7.0.99, where an incorrect deny setting allows local users to disclose sensitive data via the GetSecrets DBus handler (network connection passwords and pre-shared keys). The connected sources confirm this is an inf...
CVE-2009-0365
nm-applet.conf in GNOME NetworkManager before 0.7.0.99 contains an incorrect deny setting, which allows local users to discover 1 network connection passwords and 2 pre-shared keys via calls to the GetSecrets method in the dbus request handler...
racoon fails to verify signature during Phase 1
Ralf Spenneberg discovered a serious flaw in racoon. When using Phase 1 main or aggressive mode, racoon does not verify the client's RSA signature. Any installations using X.509 authentication are strongly urged to upgrade. Installations using pre-shared keys are believed to be unaffected...
CVE-2001-0376
SonicWALL Tele2 and SOHO firewalls with 6.0.0.0 firmware using IPSEC with IKE pre-shared keys do not allow for the use of full 128 byte IKE pre-shared keys, which is the intended design of the IKE pre-shared key, and only support 48 byte keys. This allows a remote attacker to brute force attack t...
Tele2 CVE-2001-0376 Remote Security Vulnerability
SonicWALL Tele2 and SOHO firewalls with 6.0.0.0 firmware using IPSEC with IKE pre-shared keys do not allow for the use of full 128 byte IKE pre-shared keys, which is the intended design of the IKE pre-shared key, and only support 48 byte keys. This allows a remote attacker to brute force attack t...
CVE-2001-0376
SonicWALL Tele2 and SOHO firewalls with 6.0.0.0 firmware using IPSEC with IKE pre-shared keys do not allow for the use of full 128 byte IKE pre-shared keys, which is the intended design of the IKE pre-shared key, and only support 48 byte keys. This allows a remote attacker to brute force attack t...
CVE-2001-0376
CVE-2001-0376 affects SonicWALL Tele2 and SOHO firewalls running firmware 6.0.0.0 when using IPsec with IKE pre-shared keys. The root cause is that the implementation supports only 48-byte IKE PSKs instead of the full 128-byte length, reducing the effective key space. This enables a remote attack...