Lucene search
K

1075 matches found

NVD
NVD
added 2010/11/06 12:0 a.m.11 views

CVE-2010-3852

The default configuration of Luci 0.22.4 and earlier in Red Hat Conga uses "INSERT SECRET HERE" as its secret key for cookies, which makes it easier for remote attackers to bypass repoze.who authentication via a forged ticket cookie...

6.4CVSS6.6AI score0.02002EPSS
Exploits0References12
NVD
NVD
added 2010/10/07 9:0 p.m.22 views

CVE-2010-3321

RSA Authentication Client 2.0.x, 3.0, and 3.5.x before 3.5.3 does not properly handle a SENSITIVE or NON-EXTRACTABLE tag on a secret key object that is stored on a SecurID 800 authenticator, which allows local users to bypass intended access restrictions and read keys via unspecified PKCS11 API...

1.5CVSS6.1AI score0.00263EPSS
Exploits0References2
NVD
NVD
added 2010/09/03 8:0 p.m.14 views

CVE-2010-1507

WebYaST in yast2-webclient in SUSE Linux Enterprise SLE 11 on the WebYaST appliance uses a fixed secret key that is embedded in the appliance's image, which allows remote attackers to spoof session cookies by leveraging knowledge of this key...

5CVSS6.6AI score0.02121EPSS
Exploits0References5
Cvelist
Cvelist
added 2010/09/03 7:0 p.m.17 views

CVE-2010-1507

WebYaST in yast2-webclient in SUSE Linux Enterprise SLE 11 on the WebYaST appliance uses a fixed secret key that is embedded in the appliance's image, which allows remote attackers to spoof session cookies by leveraging knowledge of this key...

6.6AI score0.02121EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2010/06/01 12:0 a.m.47 views

VMSA-2010-0009 : ESXi ntp and ESX Service Console third-party updates

a. Service Console update for COS kernel Updated COS package 'kernel' addresses the security issues that are fixed through versions 2.6.18-164.11.1. The Common Vulnerabilities and Exposures project cve.mitre.org has assigned the names CVE-2009-2695, CVE-2009-2908, CVE-2009-3228, CVE-2009-3286,...

10CVSS7.4AI score0.80134EPSS
Exploits61References44
Tenable Nessus
Tenable Nessus
added 2008/04/04 12:0 a.m.41 views

Fedora 7 : phpMyAdmin-2.11.5.1-1.fc7 (2008-2874)

This update addresses PMASA-2008-2 / CVE-2008-1567: phpMyAdmin upstream received an advisory from Jim Hermann: It saves sensitive information like the MySQL username and password and the Blowfish secret key in session data, which might be unprotected on a shared host...

5.5CVSS5.6AI score0.00296EPSS
Exploits0References4
Ubuntu
Ubuntu
added 2006/09/19 12:57 a.m.55 views

USN-348-1: GnuTLS vulnerability

The GnuTLS library did not sufficiently check the padding of PKCS 1 v1.5 signatures if the exponent of the public key is 3 which is widely used for CAs. This could be exploited to forge signatures without the need of the secret key...

5CVSS6.4AI score0.02427EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2006/08/10 12:0 a.m.30 views

MIT Kerberos 5: Multiple local privilege escalation vulnerabilities

Background MIT Kerberos 5 is a suite of applications that implement the Kerberos network protocol. It is designed to provide strong authentication for client/server applications by using secret-key cryptography. Description Unchecked calls to setuid in krshd and v4rcp, as well as unchecked calls ...

7.2CVSS7.4AI score0.00528EPSS
Exploits0
Cvelist
Cvelist
added 2005/12/05 12:0 a.m.17 views

CVE-2005-4002

WebEOC before 6.0.2 uses the same secret key for all installations, which allows attackers with the key to decrypt data from any WebEOC installation...

6.5AI score0.00982EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2005/07/13 12:0 a.m.17 views

Slackware 9.0 : mod_ssl RSA blinding fixes (SSA:2003-141-05)

An upgrade for modssl to version 2.8.141.3.27 is now available. This version provides RSA blinding by default which prevents an extended timing analysis from revealing details of the secret key to an attacker. Note that this problem was already fixed within OpenSSL, so this is a 'double fix'. Wit...

5.5AI score
Exploits0References1
CERT
CERT
added 2005/07/13 12:0 a.m.13 views

WebEOC uses a global shared key

Overview WebEOC installations may use the a common secret key to encrypt data. If an attacker can retrieve this key from one site, they will be able to decipher all data encoded with the key across all WebEOC installations. Description WebEOC is a web-based crisis information management applicati...

7AI score
Exploits0References2
Cvelist
Cvelist
added 2004/12/15 5:0 a.m.25 views

CVE-2004-1022

Kerio Winroute Firewall before 6.0.7, ServerFirewall before 1.0.1, and MailServer before 6.0.5 use symmetric encryption for user passwords, which allows attackers to decrypt the user database and obtain the passwords by extracting the secret key from within the software...

6.5AI score0.00206EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2004/09/29 12:0 a.m.30 views

Debian DSA-061-1 : gnupg - printf format attack

The version of GnuPG GNU Privacy Guard, an OpenPGP implementation as distributed in Debian GNU/Linux 2.2 suffers from two problems : - fish stiqz reported on bugtraq that there was a printf format problem in the doget function: it printed a prompt which included the filename that was being...

7.5CVSS5.5AI score0.13728EPSS
Exploits0References2
Duo Security Advisories
Duo Security Advisories
added 1976/01/01 12:0 a.m.503 views

DUO-PSA-2015-001: Duo Product Security Advisory

Duo Product Security Advisory Advisory ID: DUO-PSA-2015-001 Original Publication Date: 2015-02-03 Revision Date: 2015-02-10 Status: Confirmed, Fixed Document Revision: 3 Overview Duo Security has identified an issue in certain versions of the Duo Web SDK that could allow attackers to bypass prima...

7.8AI score
Exploits0
Duo Security Advisories
Duo Security Advisories
added 1976/01/01 12:0 a.m.22 views

DUO-PSA-2015-001: Duo Product Security Advisory

Duo Product Security Advisory Advisory ID: DUO-PSA-2015-001 Original Publication Date: 2015-02-03 Revision Date: 2015-02-10 Status: Confirmed, Fixed Document Revision: 3 Overview Duo Security has identified an issue in certain versions of the Duo Web SDK that could allow attackers to bypass prima...

7.8AI score
Exploits0
Rows per page
Query Builder