Lucene search
+L

200 matches found

Prion
Prion
added 2018/09/05 1:29 p.m.15 views

Information disclosure

A plaintext recovery of encrypted messages or a Man-in-the-middle MiTM attack on RSA PKCS 1 v1.5 encryption may be possible without knowledge of the server's private key. Fortinet FortiOS 5.4.6 to 5.4.9, 6.0.0 and 6.0.1 are vulnerable by such attack under SSL Deep Inspection feature when CPx bein...

4.3CVSS5.7AI score0.01124EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2018/09/05 1:29 p.m.17 views

Code injection

A plaintext recovery of encrypted messages or a Man-in-the-middle MiTM attack on RSA PKCS 1 v1.5 encryption may be possible without knowledge of the server's private key. Fortinet FortiOS 5.4.6 to 5.4.9, 6.0.0 and 6.0.1 are vulnerable by such attack under VIP SSL feature when CPx being used...

4.3CVSS5.7AI score0.01134EPSS
Exploits0References3Affected Software1
Kitploit
Kitploit
added 2018/08/25 1:7 p.m.36 views

Crypton - Library Consisting Of Explanation And Implementation Of All The Existing Attacks On Various Encryption Systems, Digital Signatures, Hashing Algorithms

Crypton is an educational library to learn and practice Offensive and Defensive Cryptography. It is basically a collection of explanation and implementation of all the existing vulnerabilities and attacks on various Encryption Systems Symmetric and Asymmetric, Digital Signatures, Message...

7.5AI score
Exploits0References116
ThreatPost
ThreatPost
added 2018/08/20 8:42 p.m.17 views

Side-Channel PoC Attack Lifts Private RSA Keys from Mobile Phones

Researchers have developed a proof-of-concept side-channel attack that allows them to pull encryption keys from a single decryption for a modern version of OpenSSL. The attack impacts mobile devices — without physical access to the handsets. A group of researchers at Georgia Tech were able to...

0.6AI score
Exploits0References1
Prion
Prion
added 2018/08/15 6:29 p.m.24 views

Code injection

The IKEv1 implementation in Clavister cOS Core before 11.00.11, 11.20.xx before 11.20.06, and 12.00.xx before 12.00.09 allows remote attackers to decrypt RSA-encrypted nonces by leveraging a Bleichenbacher attack...

4.3CVSS5.8AI score0.01634EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2018/08/15 6:0 p.m.44 views

CVE-2018-8753

CVE-2018-8753 affects the IKEv1 implementation in Clavister cOS Core (versions before 11.00.11, 11.20.xx before 11.20.06, and 12.00.xx before 12.00.09). The root cause is a Bleichenbacher RSA padding oracle that allows remote attackers to decrypt RSA-encrypted nonces during IKEv1 authentication, ...

5.9CVSS5.7AI score0.01634EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2018/08/14 4:29 p.m.16 views

Design/Logic Flaw

A vulnerability in the implementation of RSA-encrypted nonces in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to obtain the encrypted nonces of an Internet Key Exchange Version 1 IKEv1 session. The vulnerability exists because the affected software...

4.3CVSS5.7AI score0.01722EPSS
Exploits0References3Affected Software2
Vulnrichment
Vulnrichment
added 2018/07/26 1:0 p.m.1 views

CVE-2017-7526

libgcrypt before version 1.7.8 is vulnerable to a cache side-channel attack resulting into a complete break of RSA-1024 while using the left-to-right method for computing the sliding-window expansion. The same attack is believed to work on RSA-2048 with moderately more computation. This...

6.1CVSS6.5AI score0.03885EPSS
Exploits0References12
Prion
Prion
added 2018/04/18 2:29 p.m.26 views

Buffer overflow

In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear, and Small Cell SoC FSM9055, IPQ4019, MDM9206, MDM9607, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD...

10CVSS8.2AI score0.00995EPSS
Exploits0References2
Cvelist
Cvelist
added 2018/04/18 2:0 p.m.29 views

CVE-2015-9138

In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear, and Small Cell SoC FSM9055, IPQ4019, MDM9206, MDM9607, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD...

9.7AI score0.00995EPSS
Exploits0References2
CVE
CVE
added 2018/04/18 2:0 p.m.62 views

CVE-2015-9138

CVE-2015-9138 affects Android devices with Qualcomm-based SoCs. The issue arises when performing RSA encryption: the ce_util_to_unsigned_bin function uses the input address (c) instead of the buffer size, which can cause a logic overrun and potentially a buffer overflow. The vulnerability is desc...

10CVSS8.5AI score0.00995EPSS
Exploits0References2Affected Software1
Malwarebytes
Malwarebytes
added 2018/02/28 4:0 p.m.76 views

Encryption 101: ShiOne ransomware case study

In part one of this series, Encryption 101: a malware analyst's primer, we introduced some of the basic encryption concepts used in malware. If you haven't read it, we suggest going back for a review, as it's necessary in order to be able to fully follow part two, our case study. In this study, w...

6.8AI score
Exploits0
RedHat Linux
RedHat Linux
added 2018/02/13 7:20 p.m.5 views

erlang: TLS server vulnerable to Adaptive Chosen Ciphertext attack allowing plaintext recovery or MITM attack

An erlang TLS server configured with cipher suites using RSA key exchange, may be vulnerable to an Adaptive Chosen Ciphertext attack AKA Bleichenbacher attack against RSA. This may result in plain-text recovery of encrypted messages and/or a man-in-the-middle MiTM attack, despite the attacker not...

5.9CVSS6.4AI score0.22098EPSS
Exploits0References4
seebug.org
seebug.org
added 2017/12/26 12:0 a.m.47 views

Tplink Interface Authenticated RCE

Tested product: TL-WVR450L Hardware version:V1.0 Firmware version: 20161125 The RSAEncryptionForTplink.js is use for Rsa Encryption to the password when login the web manager. You can download the RSAEncryptionForTplink.js by...

7.3AI score
Exploits0
ATTACKERKB
ATTACKERKB
added 2017/12/13 4:29 p.m.3 views

CVE-2017-17427

Radware Alteon devices with a firmware version between 31.0.0.0-31.0.3.0 are vulnerable to an adaptive-chosen ciphertext attack "Bleichenbacher attack". This allows an attacker to decrypt observed traffic that has been encrypted with the RSA cipher and to perform other private key operations...

5.9CVSS5.5AI score0.15577EPSS
Exploits0References7
ThreatPost
ThreatPost
added 2017/12/13 2:33 p.m.36 views

19-Year-Old TLS Vulnerability Weakens Website Crypto

A vulnerability called ROBOT, first identified in 1998, has resurfaced. Impacted are leading websites ranging from Facebook to Paypal, which are vulnerable to attackers that could decrypt encrypted data and sign communications using the sites’ own private encryption key. The vulnerability is foun...

10CVSS0.3AI score0.95707EPSS
Exploits15References7
The Hacker News
The Hacker News
added 2017/12/12 6:4 a.m.32 views

ROBOT Attack: 19-Year-Old Bleichenbacher Attack On Encrypted Web Reintroduced

A 19-year-old vulnerability has been re-discovered in the RSA implementation from at least 8 different vendors—including F5, Citrix, and Cisco—that can give man-in-the-middle attackers access to encrypted messages. Dubbed ROBOT Return of Bleichenbacher's Oracle Attack, the attack allows an attack...

6.3AI score
Exploits0
Mageia
Mageia
added 2017/12/07 8:54 p.m.36 views

Updated tor packages fix security vulnerability

When checking for replays in the INTRODUCE1 cell data for a legacy onion service, Tor didn't correctly detect replays in the RSA- encrypted part of the cell. It was previously checking for replays on the entire cell, but those can be circumvented due to the malleability of Tor's legacy hybrid...

8.1CVSS0.9AI score0.01956EPSS
Exploits0References2
GitLab Advisory Database
GitLab Advisory Database
added 2017/11/20 12:0 a.m.13 views

Padding Oracle Vulnerability in RSA Encryption

Padding Oracle Vulnerability in RSA Encryption...

3.8AI score
Exploits0References1Affected Software1
The Hacker News
The Hacker News
added 2017/10/16 9:53 p.m.55 views

Serious Crypto-Flaw Lets Hackers Recover Private RSA Keys Used in Billions of Devices

If you think KRACK attack for WiFi is the worst vulnerability of this year, then hold on… ...we have got another one for you which is even worse. Microsoft, Google, Lenovo, HP and Fujitsu are warning their customers of a potentially serious vulnerability in widely used RSA cryptographic library...

4.3CVSS6.4AI score0.09825EPSS
Exploits0
Rows per page
Query Builder