200 matches found
Factorization Flaw in TPM Chips Makes Attacks on RSA Private Keys Feasible
A flawed Infineon Technology chipset used on PC motherboards to securely store passwords, certificates and encryption keys risks undermining the security of government and corporate computers protected by RSA encryption keys. In a nutshell, the bug makes it possible for an attacker to calculate a...
CVE-2017-11136
An issue was discovered in heinekingmedia StashCat through 1.7.5 for Android, through 0.0.80w for Web, and through 0.0.86 for Desktop. It uses RSA to exchange a secret for symmetric encryption of messages. However, the private RSA key is not only stored on the client but transmitted to the backen...
U.S. Dept Of Defense: Multiple cryptographic vulnerabilities in login page on ███████
Summary: I realize that this report's title may not make sense yet. In one sentence: users logging in to the ███████ Server REST API Login page can have their passwords stolen by an attacker on the same LAN or WiFi as the victim trying to log in. Description: To save the reader any confusion, I'l...
The developer’s code set vulnerability in Cavium’s SDK, allowing attackers to obtain encrypted RSA keys.
The vulnerability of the RSA-CRT implementation in the developer’s toolkit for devices based on Cavium processors is related to the lack of protection for sensitive data. Exploiting this vulnerability allows a malicious actor to obtain encrypted RSA keys by launching attacks through external...
Spora Ransomware Offers Unique Payment Options
Researchers are keeping close tabs on a new ransomware strain called Spora that offers victims unique payment options and comes with top-notch encryption. Spora was spotted last week by ransomware experts at BleepingComputer, who said after Spora encrypts files on your computer, it offers four...
SSL/TLS: Cross-protocol attack on TLS using SSLv2 (DROWN)
A padding oracle flaw was found in the Secure Sockets Layer version 2.0 SSLv2 protocol. An attacker could potentially use this flaw to decrypt RSA-encrypted cipher text from a connection using a newer SSL/TLS protocol version, allowing them to decrypt such connections. This cross-protocol attack ...
SSL/TLS: Cross-protocol attack on TLS using SSLv2 (DROWN)
A padding oracle flaw was found in the Secure Sockets Layer version 2.0 SSLv2 protocol. An attacker could potentially use this flaw to decrypt RSA-encrypted cipher text from a connection using a newer SSL/TLS protocol version, allowing them to decrypt such connections. This cross-protocol attack ...
SSL/TLS: Cross-protocol attack on TLS using SSLv2 (DROWN)
A padding oracle flaw was found in the Secure Sockets Layer version 2.0 SSLv2 protocol. An attacker could potentially use this flaw to decrypt RSA-encrypted cipher text from a connection using a newer SSL/TLS protocol version, allowing them to decrypt such connections. This cross-protocol attack ...
The first Linux ransomware 马失前蹄: encryption vulnerabilities can be compromised-the vulnerability warning-the black bar safety net
In Windows have long had ransomware(ransom ransomware, until Linux in Linux. Encoder. 1, which is the first linux ransomware. This software acts with CryptoWall And TorLocker and other infamous Trojan horse software is very similar. Hackers use ransomware cases In hack remote use of popular...
PITA Side-Channel Crypto Key Attack
It’s unlikely that anyone envisioned the evolution of cryptographic key thievery to include leavened flatbread, but that’s where we’ve arrived. Researchers from Tel Aviv University in Israel are expected in September to present a paper at the Workshop on Cryptographic Hardware and Embedded System...
U.S. Oil, Gas Targeted by Espionage Malware Campaign
American gas and oil companies have been targeted by a hacking group with ties to the Russian Federation for close to 18 months, a new research report indicates. The attackers have leveraged watering hole attacks to infect users inside the critical infrastructure organizations to spread a remote...
Cyber criminals targeting another cryptocurrency 'Primecoin' with malicious miners
Like Bitcoin, There are numerous other cryptocurrency similar in nature, including MasterCoin, ProtoShares, Litecoin, Peercoin, BitBar and many more. One of them is Primecoin sign: Ψ; code: XPM, a peer-to-peer open source cryptocurrency that implements a scientific computing proof-of-work system...
Low Entropy RSA Issue in Intel EPSD Baseboard Management Controller (BMC) Firmware
Summary: There is a potential security vulnerability related to the improper generation of RSA encryption keys in EPSD Baseboard Management Controller BMC firmware. Intel is releasing updated versions of the BMC firmware to mitigate the potential vulnerability. Description: There is a potential...
Insecure RSA Encryption in jCryption, PEAR Crypt_RSA and Crypt_RSA2
SWITCH-CERT SECURITY ADVISORY ============================= Vulnerability: Insecure Implementation of RSA Encryption Affected Products: jCryption, PEAR CryptRSA, PEAR CryptRSA2 Advisory Date: 2011-11-30 Advisory Author: Daniel Roethlisberger, SWITCH-CERT Introduction Web applications using...
QQ website login RSA encrypted transmission defect analysis-vulnerability warning-the black bar safety net
! QQ Thanks to anonymous people posting QQ website login not using https is encrypted, instead of using the RSA asymmetric encryption to protect transmission of passwords and sensitive information security. QQ is in javascript to achieve the entire process. This idea is very novel, but is also...
RSA key reconstruction vulnerability
Overview Various implementations of RSA may contain a vulnerability that could allow an attacker to retrieve encryption keys. Description Some implementations of RSA may contain a vulnerability that could allow a local attacker to retrieve encryption keys. OpenSSL is a widely used open source...
Padding Oracle Vulnerability in RSA Encryption
See https://framework.zend.com/security/advisory/ZF2015-10 it's essentially the same vulnerability The text was updated successfully, but these errors were encountered: All reactions...
Padding Oracle Vulnerability in RSA Encryption
Hi, https://github.com/pagarme/pagarme-php/blob/master/lib/Pagarme/CardHashCommon.php This class has a confusing name. CardHash implies a cryptographic hash e.g. SHA256 is being used, but you're encrypting with RSA. Interestingly, you're not specifying the padding client-side, so you're encryptin...
Padding Oracle Vulnerability in RSA Encryption
See https://framework.zend.com/security/advisory/ZF2015-10 it's essentially the same vulnerability...
Padding Oracle Vulnerability in RSA Encryption
Hi, https://github.com/pagarme/pagarme-php/blob/master/lib/Pagarme/CardHashCommon.php This class has a confusing name. CardHash implies a cryptographic hash e.g. SHA256 is being used, but you're encrypting with RSA. Interestingly, you're not specifying the padding client-side, so you're encryptin...