1075 matches found
CVE-2010-3852
The default configuration of Luci 0.22.4 and earlier in Red Hat Conga uses "INSERT SECRET HERE" as its secret key for cookies, which makes it easier for remote attackers to bypass repoze.who authentication via a forged ticket cookie...
CVE-2010-3321
RSA Authentication Client 2.0.x, 3.0, and 3.5.x before 3.5.3 does not properly handle a SENSITIVE or NON-EXTRACTABLE tag on a secret key object that is stored on a SecurID 800 authenticator, which allows local users to bypass intended access restrictions and read keys via unspecified PKCS11 API...
CVE-2010-1507
WebYaST in yast2-webclient in SUSE Linux Enterprise SLE 11 on the WebYaST appliance uses a fixed secret key that is embedded in the appliance's image, which allows remote attackers to spoof session cookies by leveraging knowledge of this key...
CVE-2010-1507
WebYaST in yast2-webclient in SUSE Linux Enterprise SLE 11 on the WebYaST appliance uses a fixed secret key that is embedded in the appliance's image, which allows remote attackers to spoof session cookies by leveraging knowledge of this key...
VMSA-2010-0009 : ESXi ntp and ESX Service Console third-party updates
a. Service Console update for COS kernel Updated COS package 'kernel' addresses the security issues that are fixed through versions 2.6.18-164.11.1. The Common Vulnerabilities and Exposures project cve.mitre.org has assigned the names CVE-2009-2695, CVE-2009-2908, CVE-2009-3228, CVE-2009-3286,...
Fedora 7 : phpMyAdmin-2.11.5.1-1.fc7 (2008-2874)
This update addresses PMASA-2008-2 / CVE-2008-1567: phpMyAdmin upstream received an advisory from Jim Hermann: It saves sensitive information like the MySQL username and password and the Blowfish secret key in session data, which might be unprotected on a shared host...
USN-348-1: GnuTLS vulnerability
The GnuTLS library did not sufficiently check the padding of PKCS 1 v1.5 signatures if the exponent of the public key is 3 which is widely used for CAs. This could be exploited to forge signatures without the need of the secret key...
MIT Kerberos 5: Multiple local privilege escalation vulnerabilities
Background MIT Kerberos 5 is a suite of applications that implement the Kerberos network protocol. It is designed to provide strong authentication for client/server applications by using secret-key cryptography. Description Unchecked calls to setuid in krshd and v4rcp, as well as unchecked calls ...
CVE-2005-4002
WebEOC before 6.0.2 uses the same secret key for all installations, which allows attackers with the key to decrypt data from any WebEOC installation...
Slackware 9.0 : mod_ssl RSA blinding fixes (SSA:2003-141-05)
An upgrade for modssl to version 2.8.141.3.27 is now available. This version provides RSA blinding by default which prevents an extended timing analysis from revealing details of the secret key to an attacker. Note that this problem was already fixed within OpenSSL, so this is a 'double fix'. Wit...
WebEOC uses a global shared key
Overview WebEOC installations may use the a common secret key to encrypt data. If an attacker can retrieve this key from one site, they will be able to decipher all data encoded with the key across all WebEOC installations. Description WebEOC is a web-based crisis information management applicati...
CVE-2004-1022
Kerio Winroute Firewall before 6.0.7, ServerFirewall before 1.0.1, and MailServer before 6.0.5 use symmetric encryption for user passwords, which allows attackers to decrypt the user database and obtain the passwords by extracting the secret key from within the software...
Debian DSA-061-1 : gnupg - printf format attack
The version of GnuPG GNU Privacy Guard, an OpenPGP implementation as distributed in Debian GNU/Linux 2.2 suffers from two problems : - fish stiqz reported on bugtraq that there was a printf format problem in the doget function: it printed a prompt which included the filename that was being...
DUO-PSA-2015-001: Duo Product Security Advisory
Duo Product Security Advisory Advisory ID: DUO-PSA-2015-001 Original Publication Date: 2015-02-03 Revision Date: 2015-02-10 Status: Confirmed, Fixed Document Revision: 3 Overview Duo Security has identified an issue in certain versions of the Duo Web SDK that could allow attackers to bypass prima...
DUO-PSA-2015-001: Duo Product Security Advisory
Duo Product Security Advisory Advisory ID: DUO-PSA-2015-001 Original Publication Date: 2015-02-03 Revision Date: 2015-02-10 Status: Confirmed, Fixed Document Revision: 3 Overview Duo Security has identified an issue in certain versions of the Duo Web SDK that could allow attackers to bypass prima...