401 matches found
PT-2024-6815 · Unknown · Zangi Private Messenger
Name of the Vulnerable Software and Affected Versions: Zangi Private Messenger affected versions not specified Description: The issue is related to weaknesses in the session key generation mechanism of the application. This could allow a remote attacker to implement a "man-in-the-middle" attack...
CVE-2024-43099
The session hijacking attack targets the application layer's control mechanism, which manages authenticated sessions between a host PC and a PLC. During such sessions, a session key is utilized to maintain security. However, if an attacker captures this session key, they can inject traffic into a...
CVE-2024-43099
CVE-2024-43099 affects AutomationDirect DirectLogic H2-DM1E PLCs (versions ≤2.8.0). The vulnerability enables authentication bypass by capture-replay, allowing an attacker who captures a session key and spoofs IP/MAC to inject traffic into an ongoing authenticated session. Affected product is the...
CVE-2024-43099 AutomationDirect DirectLogic H2-DM1E Authentication Bypass by Capture-replay
The session hijacking attack targets the application layer's control mechanism, which manages authenticated sessions between a host PC and a PLC. During such sessions, a session key is utilized to maintain security. However, if an attacker captures this session key, they can inject traffic into a...
CVE-2024-43099 AutomationDirect DirectLogic H2-DM1E Authentication Bypass by Capture-replay
The session hijacking attack targets the application layer's control mechanism, which manages authenticated sessions between a host PC and a PLC. During such sessions, a session key is utilized to maintain security. However, if an attacker captures this session key, they can inject traffic into a...
PT-2024-30295 · Automationdirect · Directlogic H2-Dm1E +1
Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue concerns a session hijacking attack targeting the application layer's control mechanism. This mechanism manages authenticated sessions between...
AutomationDirect DirectLogic H2-DM1E 安全漏洞
AutomationDirect DirectLogic H2-DM1E is a programmable logic controller from AutomationDirect. A security vulnerability exists in AutomationDirect DirectLogic H2-DM1E version 2.8.0 and prior versions, which stems from the presence of a session hijacking attack that allows an attacker to inject...
CVE-2024-3183
A vulnerability was found in FreeIPA in a way when a Kerberos TGS-REQ is encrypted using the client’s session key. This key is different for each new session, which protects it from brute force attacks. However, the ticket it contains is encrypted using the target principal key directly. For user...
GitLab < 13.7.8 (CVE-2021-22194)
The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - In all versions of GitLab, marshalled session keys were being stored in Redis. CVE-2021-22194 Note that Nessus has not tested for this issue but has instead relied only on the application's...
BIT-GOLANG-2023-45287 Before Go 1.20, the RSA based key exchange methods in crypto/tls may exhibit a timing side channel
Before Go 1.20, the RSA based TLS key exchanges used the math/big library, which is not constant time. RSA blinding was applied to prevent timing attacks, but analysis shows this may not have been fully effective. In particular it appears as if the removal of PKCS1 padding may leak timing...
The vulnerability of the `ksmbddecode_ntlmssp_auth_blob()` function in the ksmbd module of Linux operating systems allows a hacker to execute arbitrary code.
The vulnerability of the ksmbddecodentlmsspauthblob function in the ksmbd module of Linux operating systems is related to the copying of buffers without checking the size of the input data during the processing of the authblob-SessionKey.Length parameter. Exploiting this vulnerability allows a...
SUSE CVE-2023-52440
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix slub overflow in ksmbddecodentlmsspauthblob If authblob-SessionKey.Length is bigger than session key sizeCIFSKEYSIZE, slub overflow can happen in key exchange codes. cifsarc4crypt copy to session key array from...
UBUNTU-CVE-2023-52440
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix slub overflow in ksmbddecodentlmsspauthblob If authblob-SessionKey.Length is bigger than session key sizeCIFSKEYSIZE, slub overflow can happen in key exchange codes. cifsarc4crypt copy to session key array from...
CVE-2023-52440 ksmbd: fix slub overflow in ksmbd_decode_ntlmssp_auth_blob()
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix slub overflow in ksmbddecodentlmsspauthblob If authblob-SessionKey.Length is bigger than session key sizeCIFSKEYSIZE, slub overflow can happen in key exchange codes. cifsarc4crypt copy to session key array from...
GHSA-WP4M-7HPJ-8QP8 Duplicate Advisory: Discovery uses the same AES/GCM Nonce throughout the session
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-w3hj-wr2q-x83g. This link is maintained to preserve external references. Original Description Consensys Discovery versions less than 0.4.5 uses the same AES/GCM nonce for the entire session. which should ideally...
CVE-2024-23688
Consensys Discovery versions less than 0.4.5 uses the same AES/GCM nonce for the entire session. which should ideally be unique for every message. The node's private key isn't compromised, only the session key generated for specific peer communication is exposed...
Code injection
Consensys Discovery versions less than 0.4.5 uses the same AES/GCM nonce for the entire session. which should ideally be unique for every message. The node's private key isn't compromised, only the session key generated for specific peer communication is exposed...
CVE-2024-23688 Consensys Discovery Nonce Reuse
Consensys Discovery versions less than 0.4.5 uses the same AES/GCM nonce for the entire session. which should ideally be unique for every message. The node's private key isn't compromised, only the session key generated for specific peer communication is exposed...
CVE-2023-45287
Before Go 1.20, the RSA based TLS key exchanges used the math/big library, which is not constant time. RSA blinding was applied to prevent timing attacks, but analysis shows this may not have been fully effective. In particular it appears as if the removal of PKCS1 padding may leak timing...
AZL-37310 CVE-2023-45287 affecting package golang for versions less than 1.21.6-1
Before Go 1.20, the RSA based TLS key exchanges used the math/big library, which is not constant time. RSA blinding was applied to prevent timing attacks, but analysis shows this may not have been fully effective. In particular it appears as if the removal of PKCS1 padding may leak timing...