SUSE-SU-2018:0338-1 Security update for libXdmcp

This update for libXdmcp fixes the following issues: - CVE-2017-2625: The generation of session key in XDM using libXdmcp might have used weak entropy, making the session keys predictable bsc1025046...

Open-Xchange: SSRF in /appsuite/api/autoconfig

FYI: This was conducted on a local install of App Suite and not the sandbox. App Suite version was: 7.8.4 Rev14 Hello, There is a possible SSRF vulnerability in the following App Suite API endpoint that will primarily allow blind port scanning of the App Suite server and any internal servers...

CVE-2014-8357

backupsettings.html in the web administrative portal in Zhone zNID GPON 2426A before S3.0.501 places a session key in a URL, which allows remote attackers to obtain arbitrary user passwords via the sessionKey parameter in a getConfig action to backupsettings.conf...

Design/Logic Flaw

backupsettings.html in the web administrative portal in Zhone zNID GPON 2426A before S3.0.501 places a session key in a URL, which allows remote attackers to obtain arbitrary user passwords via the sessionKey parameter in a getConfig action to backupsettings.conf...

CVE-2014-8357

CVE-2014-8357 affects Zhone zNID GPON 2426A prior to S3.0.501. The web admin backupsettings.html exposes a sessionKey in the URL, enabling a remote attacker to retrieve all user passwords from backupsettings.conf via a getConfig action. This is supported by multiple connected sources noting an in...

Cisco Aironet Access Points Multiple WPA2 Vulnerabilities

Cisco Aironet Access Points are prone to key reinstallation attacks against WPA protocol. Copyright C 2017 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later Th...

Cisco Wireless IP Phone 8821 Multiple WPA2 Vulnerabilities

Cisco Wireless IP Phone 8821 is prone to key reinstallation attacks against WPA protocol. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if...

Multiple Vulnerabilities in Wi-Fi Protected Access and Wi-Fi Protected Access II

On October 16, 2017, a research paper with the title “Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2” was made publicly available. This paper discusses seven vulnerabilities affecting session key negotiation in both the Wi-Fi Protected Access WPA and the Wi-Fi Protected Access II WPA2...

Wi-Fi Protected Access (WPA) handshake traffic can be manipulated to induce nonce and session key reuse

Overview Wi-Fi Protected Access WPA, more commonly WPA2 handshake traffic can be manipulated to induce nonce and session key reuse, resulting in key reinstallation by a wireless access point AP or client. An attacker within range of an affected AP and client may leverage these vulnerabilities to...

Unauthorized Printing Of Arbitrary Message

Moodle is vulnerable to unauthorized printing of arbitrary message to user. The vulnerability is possible because the application does not check the session key on the return page in the LTI module. A malicious user can pass a malicious string through the URL query string to have it printed...

SUSE SLED12 / SLES12 Security Update : libXdmcp (SUSE-SU-2017:1862-1)

This update for libXdmcp fixes the following issues : - CVE-2017-2625: The generation of session key in XDM using libXdmcp might have used weak entropy, making the session keys predictable bsc1025046 Note that Tenable Network Security has extracted the preceding description block directly from th...

SUSE-SU-2017:1862-1 Security update for libXdmcp

This update for libXdmcp fixes the following issues: - CVE-2017-2625: The generation of session key in XDM using libXdmcp might have used weak entropy, making the session keys predictable bsc1025046...

Impersonation Attack

Moodle is vulnerable to information disclosures. The library places its session key in a string in the URL, allowing a malicious user to obtain this key and impersonate another user...

SUSE-SU-2017:1608-1 Security update for libgcrypt

This update for libgcrypt fixes the following issues: - CVE-2017-9526: Store the session key in secure memory to ensure that constant time point operations are used in the MPI library. bsc1042326 - Don't require secure memory for the fips selftests, this prevents the 'Oops, secure memory pool...

CVE-2017-9526

In Libgcrypt before 1.7.7, an attacker who learns the EdDSA session key from side-channel observation during the signing process can easily recover the long-term secret key. 1.7.7 makes a cipher/ecc-eddsa.c change to store this session key in secure memory, to ensure that constant-time point...

CVE-2017-9526

In Libgcrypt before 1.7.7, an attacker who learns the EdDSA session key from side-channel observation during the signing process can easily recover the long-term secret key. 1.7.7 makes a cipher/ecc-eddsa.c change to store this session key in secure memory, to ensure that constant-time point...

CVE-2017-9526

In Libgcrypt before 1.7.7, an attacker who learns the EdDSA session key from side-channel observation during the signing process can easily recover the long-term secret key. 1.7.7 makes a cipher/ecc-eddsa.c change to store this session key in secure memory, to ensure that constant-time point...

CVE-2017-9526

CVE-2017-9526 affects Libgcrypt prior to 1.7.7, where an attacker who observes the EdDSA session key during signing can recover the long-term secret key. Version 1.7.7 changes libgcrypt/ ecc-eddsa.c to store the session key in secure memory and ensures constant-time point operations in the MPI li...

CVE-2017-9526

In Libgcrypt before 1.7.7, an attacker who learns the EdDSA session key from side-channel observation during the signing process can easily recover the long-term secret key. 1.7.7 makes a cipher/ecc-eddsa.c change to store this session key in secure memory, to ensure that constant-time point...

UBUNTU-CVE-2017-9526

In Libgcrypt before 1.7.7, an attacker who learns the EdDSA session key from side-channel observation during the signing process can easily recover the long-term secret key. 1.7.7 makes a cipher/ecc-eddsa.c change to store this session key in secure memory, to ensure that constant-time point...