GHSA-W3HJ-WR2Q-X83G Discovery uses the same AES/GCM Nonce throughout the session

Discovery uses the same AES/GCM Nonce throughout the session though it should be generated on per message basis which can lead to the leaking of the session key. As the actual ENR record is signed with a different key it is not possible for an attacker to alter the ENR record. Note that the node...

PT-2021-24354 · Consensys · Consensys Discovery

Name of the Vulnerable Software and Affected Versions: Consensys Discovery versions less than 0.4.5 Description: The issue arises from Consensys Discovery using the same AES/GCM nonce for the entire session, which should ideally be unique for every message. This can lead to the leaking of the...

Clario: No rate Limit on Licenses Activation

Introduction A little bit about Rate Limit A rate-limiting algorithm is used to check if the user session or IP-address has to be limited based on the information in the session cache. In case a client made too many requests within a given time-frame, HTTP-Servers can respond with status code 429...

Huawei EulerOS: Security Advisory for freeradius (EulerOS-SA-2017-1134)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for freeradius (EulerOS-SA-2017-1135)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for openssl (EulerOS-SA-2019-1547)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Nginx < 1.7.5 SSL Session Reuse

According to the self-reported version in the server response header, the version of nginx installed on the remote host is 0.5.6 or higher, 1.6.x prior to 1.6.2, or 1.7.x prior to 1.7.5. It is, therefore, affected by an SSL session or TLS session ticket key handling error. A flaw exists in the fi...

Security Bulletin: Multiple vulnerabilities in IBM WebSphere eXtreme Scale Client could expose sensitive information (CVE-2016-2861, CVE-2016-0400)

Summary Multiple vulnerabilities in IBM WebSphere eXtreme Scale Client could expose sensitive information. Vulnerability Details CVEID: CVE-2016-2861 DESCRIPTION: IBM WebSphere eXtreme Scale uses weaker than expected security to encrypt data which could allow an attacker that is able to capture...

Debian: Security Advisory (DLA-977-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Multiple Unspecified Vulnerabilities in Drupal Session Cache API Module

Drupal is a free, open-source content management system developed in the PHP language and maintained by the Drupal community. Multiple unspecified vulnerabilities exist in the Drupal Session Cache API module. No details of the vulnerabilities are available at this time...

Session Cache API - Critical - Multiple vulnerabilities - DRUPAL-SA-CONTRIB-2017-065

This module does not safely deal with serialization. CVE identifiers issued ACVE identifier will be requested, and added upon issuance, in accordance with Drupal Security Team processes. Versions affected Session Cache API 7.x-1.4 Drupal core is not affected. If you do not use the contributed...

EulerOS 2.0 SP2 : freeradius (EulerOS-SA-2017-1135)

According to the version of the freeradius package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - The TLS session cache in FreeRADIUS 2.1.1 through 2.1.7, 3.0.x before 3.0.14, 3.1.x before 2017-02-04, and 4.0.x before 2017-02-04 fails to...

EulerOS 2.0 SP1 : freeradius (EulerOS-SA-2017-1134)

According to the version of the freeradius package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - The TLS session cache in FreeRADIUS 2.1.1 through 2.1.7, 3.0.x before 3.0.14, 3.1.x before 2017-02-04, and 4.0.x before 2017-02-04 fails to...

SUSE-SU-2017:1705-1 Security update for freeradius-server

This update for freeradius-server fixes the following issues: Security issue fixed: - CVE-2017-9148: Disable OpenSSL's internal session cache to mitigate authentication bypass. bsc1041445 Non security issue fixed: - Fix case insensitive matching in compiled regular expressions bsc1027243...

BSA-2017-342

Security Advisory ID : BSA-2017-342 Component : Freeradius Revision : 2.0: Interim The TLS session cache inFreeRADIUS2.1.1 through 2.1.7, 3.0.x before 3.0.14, 3.1.x before 2017-02-04, and 4.0.x before 2017-02-04 fails to reliably prevent resumption of an unauthenticated session, which allows remo...

USN-3316-1: FreeRADIUS vulnerability

Stefan Winter and Luboš Pavlíček discovered that FreeRADIUS incorrectly handled the TLS session cache. A remote attacker could possibly use this issue to bypass authentication by resuming an unauthenticated session...

[SECURITY] [DLA 977-1] freeradius security update

Package : freeradius Version : 2.1.12+dfsg-1.2+deb7u1 CVE ID : CVE-2014-2015 CVE-2015-4680 CVE-2017-9148 Debian Bug : 742820 789623 863673 Several issues were discovered in FreeRADIUS, a high-performance and highly configurable RADIUS server. CVE-2014-2015 A stack-based buffer overflow was found ...

Authentication flaw

The TLS session cache in FreeRADIUS 2.1.1 through 2.1.7, 3.0.x before 3.0.14, 3.1.x before 2017-02-04, and 4.0.x before 2017-02-04 fails to reliably prevent resumption of an unauthenticated session, which allows remote attackers such as malicious 802.1X supplicants to bypass authentication via PE...

CVE-2017-9148

The TLS session cache in FreeRADIUS 2.1.1 through 2.1.7, 3.0.x before 3.0.14, 3.1.x before 2017-02-04, and 4.0.x before 2017-02-04 fails to reliably prevent resumption of an unauthenticated session, which allows remote attackers such as malicious 802.1X supplicants to bypass authentication via PE...

DEBIAN-CVE-2017-9148

The TLS session cache in FreeRADIUS 2.1.1 through 2.1.7, 3.0.x before 3.0.14, 3.1.x before 2017-02-04, and 4.0.x before 2017-02-04 fails to reliably prevent resumption of an unauthenticated session, which allows remote attackers such as malicious 802.1X supplicants to bypass authentication via PE...