Lucene search
K

97 matches found

Tenable Nessus
Tenable Nessus
added 2016/08/24 12:0 a.m.10 views

TLS Triple-DES Key Exchange Detection (Sweet32) (deprecated)

Binary data 7223.pasl...

7.3AI score
Exploits0References3
n0where
n0where
added 2016/08/06 1:35 p.m.23 views

1-click IPSEC VPN in the Cloud: algo

1-click IPSEC VPN in the Cloud Algo short for “Al Gore”, the V ice P resident of N etworks everywhere for inventing the Internet is a set of Ansible scripts that simplifies the setup of an IPSEC VPN. It contains the most secure defaults available, works with common cloud providers, and does not...

7AI score
Exploits0References2
Amazon
Amazon
added 2016/02/09 12:0 a.m.64 views

Medium: nss

Issue Overview: A flaw was found in the way TLS 1.2 could use the MD5 hash function for signing ServerKeyExchange and Client Authentication packets during a TLS handshake. A man-in-the-middle attacker able to force a TLS connection to use the MD5 hash function could use this flaw to conduct...

5.9CVSS7.5AI score0.0288EPSS
Exploits0References1
ThreatPost
ThreatPost
added 2015/10/09 2:23 p.m.16 views

Apple Removes Apps That Expose Encrypted Traffic

Apple has purged its App Store of a number of apps that expose encrypted traffic via the installation of root certificates. Apple has declined to name the apps. “Apple has removed a few apps from the App Store that install root certificates that could allow monitoring of data,” Apple said today i...

0.3AI score
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2015/05/21 12:0 a.m.30 views

TLS Export-Grade Key Exchange Detection

Binary data 7168.pasl...

4.3CVSS7.3AI score0.9986EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2015/04/30 12:0 a.m.79 views

AIX Java Advisory : Multiple Vulnerabilities (Bar Mitzvah)

The version of Java SDK installed on the remote host is affected by multiple vulnerabilities : - A man-in-the-middle information disclosure vulnerability exists due to a TLS security downgrade flaw. A man-in-the-middle attacker may be able to downgrade the SSL/TLS connection to use EXPORTRSA ciph...

5CVSS5.8AI score0.74006EPSS
Exploits0References5
OSV
OSV
added 2015/04/15 4:7 p.m.11 views

MGASA-2015-0156 Updated mono packages fix security vulnerabilities

A TLS impersonation attack was discovered in Mono's TLS stack by researchers at Inria CVE-2015-2318. During checks on the TLS stack, they have discovered two further issues which have been fixed, a vulnerability to a protocol downgrade attack CVE-2015-2319 and SSLv2 support still being available...

9.8CVSS8.5AI score0.03539EPSS
Exploits0References3
Fortinet
Fortinet
added 2015/03/04 12:0 a.m.64 views

TLS FREAK Attack

...

4.3CVSS6.5AI score0.98685EPSS
Exploits0
ThreatPost
ThreatPost
added 2014/04/22 5:6 p.m.17 views

NIST removes Dual EC DRBG from SP 800-90A

The maligned Dual EC DRBG random number generator at the core of a $10 million secret contract between RSA Security and the National Security Agency has been removed from NIST’s draft guidance on random number generators. The National Institute for Standards and Technology said it will request...

0.4AI score
Exploits0References4
OSV
OSV
added 2013/02/08 7:55 p.m.3 views

DEBIAN-CVE-2013-1624

The TLS implementation in the Bouncy Castle Java library before 1.48 and C library before 1.8 does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attack...

4CVSS6.7AI score0.02972EPSS
Exploits0References1
ThreatPost
ThreatPost
added 2012/09/13 4:45 a.m.25 views

CRIME Attack Uses Compression Ratio of TLS Requests as Side Channel to Hijack Secure Sessions

The new attack on TLS developed by researchers Juliano Rizzo and Thai Duong takes advantage of an information leak in the compression ratio of TLS requests as a side channel to enable them to decrypt the requests made by the client to the server. This, in turn, allows them to grab the user’s logi...

1.1AI score
Exploits0References4
RedHat Linux
RedHat Linux
added 2010/12/15 11:41 p.m.7 views

TLS: MITM attacks via session renegotiation

The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services IIS 7.0, modssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services NSS 3.12.4 and earlier, multiple Cis...

9.8CVSS6.9AI score0.87264EPSS
Exploits14References4
securityvulns
securityvulns
added 2005/09/26 12:0 a.m.24 views

[Full-disclosure] SecureW2 TLS security problem

Hi everyone! I was looking at the code for a TLS implementation, an open source implementation "SecureW2" by Alfa & Ariss, see: http://www.securew2.com/uk/index.htm I found that it uses weak random numbers when generating the pre-master-secret. The code is in "./Components/Common/release 3/versio...

7.2AI score
Exploits0
securityvulns
securityvulns
added 2005/04/08 12:0 a.m.26 views

[SIG^2 G-TEC] SurgeFTP LEAK Command Denial-Of-Service Vulnerability

SIG^2 Vulnerability Research Advisory SurgeFTP LEAK Command Denial-Of-Service Vulnerability by Tan Chew Keong Release Date: 07 Apr 2005 ADVISORY URL http://www.security.org.sg/vuln/surgeftp22m1.html SUMMARY SurgeFTP http://netwinsite.com/surgeftp/ is an FTP server with SSL/TLS security, easy...

7.5AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2004/08/18 12:0 a.m.9 views

POP SSL/TLS Server Detection

Binary data 4000.prm...

7.3AI score
Exploits0
CERT
CERT
added 2003/04/23 12:0 a.m.49 views

SSL/TLS implementations disclose side channel information via PKCS #1 v1.5 version number extension

Overview SSL/TLS implementations that respond distinctively to an incorrect PKCS 1 v1.5 encoded SSL/TLS version number expose the premaster secret to a modified Bleichenbacher attack. An attacker could decrypt a given SSL/TLS session or forge a signature on behalf of a vulnerable application's...

7.5CVSS8AI score0.0628EPSS
Exploits0References13
OpenSSL
OpenSSL
added 2003/03/19 12:0 a.m.45 views

Vulnerability in OpenSSL CVE-2003-0131

The SSL and TLS components allowed remote attackers to perform an unauthorized RSA private key operation via a modified Bleichenbacher attack that uses a large number of SSL or TLS connections using PKCS 1 v1.5 padding that caused OpenSSL to leak information regarding the relationship between...

8.9AI score0.0628EPSS
Exploits0Affected Software1
Rows per page
Query Builder