Lucene search
+L

200 matches found

ThreatPost
ThreatPost
added 2017/10/16 2:5 p.m.34 views

Factorization Flaw in TPM Chips Makes Attacks on RSA Private Keys Feasible

A flawed Infineon Technology chipset used on PC motherboards to securely store passwords, certificates and encryption keys risks undermining the security of government and corporate computers protected by RSA encryption keys. In a nutshell, the bug makes it possible for an attacker to calculate a...

4.3CVSS0.09825EPSS
Exploits0References11
NVD
NVD
added 2017/08/01 2:29 p.m.16 views

CVE-2017-11136

An issue was discovered in heinekingmedia StashCat through 1.7.5 for Android, through 0.0.80w for Web, and through 0.0.86 for Desktop. It uses RSA to exchange a secret for symmetric encryption of messages. However, the private RSA key is not only stored on the client but transmitted to the backen...

6.5CVSS6.4AI score0.00504EPSS
Exploits0References1
Hacker One
Hacker One
added 2017/04/26 1:1 a.m.16 views

U.S. Dept Of Defense: Multiple cryptographic vulnerabilities in login page on ███████

Summary: I realize that this report's title may not make sense yet. In one sentence: users logging in to the ███████ Server REST API Login page can have their passwords stolen by an attacker on the same LAN or WiFi as the victim trying to log in. Description: To save the reader any confusion, I'l...

6.8AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2017/02/13 12:0 a.m.12 views

The developer’s code set vulnerability in Cavium’s SDK, allowing attackers to obtain encrypted RSA keys.

The vulnerability of the RSA-CRT implementation in the developer’s toolkit for devices based on Cavium processors is related to the lack of protection for sensitive data. Exploiting this vulnerability allows a malicious actor to obtain encrypted RSA keys by launching attacks through external...

7.8CVSS6.6AI score0.02425EPSS
Exploits0References4Affected Software1
ThreatPost
ThreatPost
added 2017/01/18 7:0 a.m.12 views

Spora Ransomware Offers Unique Payment Options

Researchers are keeping close tabs on a new ransomware strain called Spora that offers victims unique payment options and comes with top-notch encryption. Spora was spotted last week by ransomware experts at BleepingComputer, who said after Spora encrypts files on your computer, it offers four...

0.1AI score
Exploits0References2
RedHat Linux
RedHat Linux
added 2016/03/22 4:48 p.m.10 views

SSL/TLS: Cross-protocol attack on TLS using SSLv2 (DROWN)

A padding oracle flaw was found in the Secure Sockets Layer version 2.0 SSLv2 protocol. An attacker could potentially use this flaw to decrypt RSA-encrypted cipher text from a connection using a newer SSL/TLS protocol version, allowing them to decrypt such connections. This cross-protocol attack ...

5.9CVSS6.8AI score0.82112EPSS
Exploits2References7
RedHat Linux
RedHat Linux
added 2016/03/14 8:0 p.m.8 views

SSL/TLS: Cross-protocol attack on TLS using SSLv2 (DROWN)

A padding oracle flaw was found in the Secure Sockets Layer version 2.0 SSLv2 protocol. An attacker could potentially use this flaw to decrypt RSA-encrypted cipher text from a connection using a newer SSL/TLS protocol version, allowing them to decrypt such connections. This cross-protocol attack ...

5.9CVSS6.8AI score0.82112EPSS
Exploits2References7
RedHat Linux
RedHat Linux
added 2016/03/09 4:8 a.m.5 views

SSL/TLS: Cross-protocol attack on TLS using SSLv2 (DROWN)

A padding oracle flaw was found in the Secure Sockets Layer version 2.0 SSLv2 protocol. An attacker could potentially use this flaw to decrypt RSA-encrypted cipher text from a connection using a newer SSL/TLS protocol version, allowing them to decrypt such connections. This cross-protocol attack ...

5.9CVSS6.8AI score0.82112EPSS
Exploits2References7
myhack58
myhack58
added 2015/11/17 12:0 a.m.34 views

The first Linux ransomware 马失前蹄: encryption vulnerabilities can be compromised-the vulnerability warning-the black bar safety net

In Windows have long had ransomware(ransom ransomware, until Linux in Linux. Encoder. 1, which is the first linux ransomware. This software acts with CryptoWall And TorLocker and other infamous Trojan horse software is very similar. Hackers use ransomware cases In hack remote use of popular...

7.6AI score
Exploits0
ThreatPost
ThreatPost
added 2015/06/24 11:27 a.m.16 views

PITA Side-Channel Crypto Key Attack

It’s unlikely that anyone envisioned the evolution of cryptographic key thievery to include leavened flatbread, but that’s where we’ve arrived. Researchers from Tel Aviv University in Israel are expected in September to present a paper at the Workshop on Cryptographic Hardware and Embedded System...

Exploits0References3
ThreatPost
ThreatPost
added 2014/01/22 1:3 p.m.8 views

U.S. Oil, Gas Targeted by Espionage Malware Campaign

American gas and oil companies have been targeted by a hacking group with ties to the Russian Federation for close to 18 months, a new research report indicates. The attackers have leveraged watering hole attacks to infect users inside the critical infrastructure organizations to spread a remote...

1.1AI score
Exploits0References1
The Hacker News
The Hacker News
added 2014/01/16 5:44 a.m.10 views

Cyber criminals targeting another cryptocurrency 'Primecoin' with malicious miners

Like Bitcoin, There are numerous other cryptocurrency similar in nature, including MasterCoin, ProtoShares, Litecoin, Peercoin, BitBar and many more. One of them is Primecoin sign: Ψ; code: XPM, a peer-to-peer open source cryptocurrency that implements a scientific computing proof-of-work system...

7AI score
Exploits0
Intel
Intel
added 2012/07/03 12:0 a.m.11 views

Low Entropy RSA Issue in Intel EPSD Baseboard Management Controller (BMC) Firmware

Summary: There is a potential security vulnerability related to the improper generation of RSA encryption keys in EPSD Baseboard Management Controller BMC firmware. Intel is releasing updated versions of the BMC firmware to mitigate the potential vulnerability. Description: There is a potential...

6.9AI score
Exploits0
securityvulns
securityvulns
added 2011/12/05 12:0 a.m.462 views

Insecure RSA Encryption in jCryption, PEAR Crypt_RSA and Crypt_RSA2

SWITCH-CERT SECURITY ADVISORY ============================= Vulnerability: Insecure Implementation of RSA Encryption Affected Products: jCryption, PEAR CryptRSA, PEAR CryptRSA2 Advisory Date: 2011-11-30 Advisory Author: Daniel Roethlisberger, SWITCH-CERT Introduction Web applications using...

0.1AI score
Exploits0
myhack58
myhack58
added 2007/11/24 12:0 a.m.229 views

QQ website login RSA encrypted transmission defect analysis-vulnerability warning-the black bar safety net

! QQ Thanks to anonymous people posting QQ website login not using https is encrypted, instead of using the RSA asymmetric encryption to protect transmission of passwords and sensitive information security. QQ is in javascript to achieve the entire process. This idea is very novel, but is also...

Exploits0
CERT
CERT
added 2007/08/01 12:0 a.m.43 views

RSA key reconstruction vulnerability

Overview Various implementations of RSA may contain a vulnerability that could allow an attacker to retrieve encryption keys. Description Some implementations of RSA may contain a vulnerability that could allow a local attacker to retrieve encryption keys. OpenSSL is a widely used open source...

1.2CVSS7AI score0.00409EPSS
Exploits1References4
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.21 views

Padding Oracle Vulnerability in RSA Encryption

See https://framework.zend.com/security/advisory/ZF2015-10 it's essentially the same vulnerability The text was updated successfully, but these errors were encountered: All reactions...

2.8AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.27 views

Padding Oracle Vulnerability in RSA Encryption

Hi, https://github.com/pagarme/pagarme-php/blob/master/lib/Pagarme/CardHashCommon.php This class has a confusing name. CardHash implies a cryptographic hash e.g. SHA256 is being used, but you're encrypting with RSA. Interestingly, you're not specifying the padding client-side, so you're encryptin...

0.6AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.11 views

Padding Oracle Vulnerability in RSA Encryption

See https://framework.zend.com/security/advisory/ZF2015-10 it's essentially the same vulnerability...

7.1AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.19 views

Padding Oracle Vulnerability in RSA Encryption

Hi, https://github.com/pagarme/pagarme-php/blob/master/lib/Pagarme/CardHashCommon.php This class has a confusing name. CardHash implies a cryptographic hash e.g. SHA256 is being used, but you're encrypting with RSA. Interestingly, you're not specifying the padding client-side, so you're encryptin...

6.8AI score
Exploits0Affected Software1
Rows per page
Query Builder