155 matches found
CVE-2017-12735
A vulnerability has been identified in LOGO! 8 BM incl. SIPLUS variants All versions V8.3. An attacker who performs a Man-in-the-Middle attack between the LOGO! BM and other devices could potentially decrypt and modify network traffic...
Multiple Westermo Routers Hardcoded Password Vulnerability
The RD-305-DIN, MRD-315, MRD-355, and MRD-455 are all Westermo router devices. Multiple Westermo routers are vulnerable to a hard-coded password vulnerability where the device uses a hard-coded special key that allows an attacker to decrypt traffic from any other source...
CVE-2016-5816
A Use of Hard-Coded Cryptographic Key issue was discovered in MRD-305-DIN versions older than 1.7.5.0, and MRD-315, MRD-355, MRD-455 versions older than 1.7.5.0. The device utilizes hard-coded private cryptographic keys that may allow an attacker to decrypt traffic from any other source...
CVE-2017-5242: Nexpose/InsightVM Virtual Appliance Duplicate SSH Host Key
Today, Rapid7 is notifying Nexpose and InsightVM users of a vulnerability that affects certain virtual appliances. While this issue is relatively low severity, we want to make sure that our customers have all the information they need to make informed security decisions regarding their networks. ...
Design/Logic Flaw
A vulnerability in the detection engine reassembly of Secure Sockets Layer SSL packets for Cisco Firepower System Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition because the Snort process consumes a high level of CPU resources. Affected Products...
PT-2017-16156 · Cisco · Cisco Firepower System
Name of the Vulnerable Software and Affected Versions: Cisco Firepower System Software versions 6.0.0 through 6.2.1 Description: A vulnerability in the detection engine reassembly of Secure Sockets Layer SSL packets could allow an unauthenticated, remote attacker to cause a denial of service DoS...
Blue Coat ProxySG 6.5.x < 6.5.9.8 / 6.6.x < 6.6.4.1 Multiple OpenSSL Vulnerabilities
The self-reported SGOS version installed on the remote Blue Coat ProxySG device is 6.5.x prior to 6.5.9.8 or 6.6.x prior to 6.6.4.1. It is, therefore, affected by multiple vulnerabilities in its bundled version of OpenSSL : - Multiple flaws exist in the aesnicbchmacsha1cipher function in file...
RITM - Ruby In The Middle (HTTP/HTTPS Interception Proxy)
Ruby in the middle RITM is an HTTP/HTTPS interception proxy with on-the-fly certificate generation and signing, which leaves the user with the full power of the Ruby language to intercept and even modify requests and responses as she pleases. Installation gem install ritm Basic usage 1. Write you...
OpenSSL SSLv2 DROWN Attack Vulnerability - Windows
OpenSSL is prone to the DROWN attack vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:openssl:openssl"; ifdescripti...
SSL DROWN Attack Vulnerability (Decrypting RSA with Obsolete and Weakened eNcryption)
The remote host supports SSLv2 and therefore may be affected by a vulnerability that allows a cross-protocol Bleichenbacher padding oracle attack known as DROWN Decrypting RSA with Obsolete and Weakened eNcryption. This vulnerability exists due to a flaw in the Secure Sockets Layer Version 2 SSLv...
OpenSSL high-risk vulnerabilities allow attackers to decrypt HTTPS traffic-bug warning-the black bar safety net
OpenSSL maintainer to fix a high risk vulnerability allows an attacker can obtain the decryption of HTTPS and other encrypted traffic key. Vulnerability the potential impact of While serious, but the need to meet multiple criteria to be used: the vulnerability exists only in OpenSSL 1.0.2; rely o...
Multiple Security issues with ScreenOS (JSA10713)
ScreenOS is vulnerable to an unauthorized remote administrative access to the device over SSH or telnet and to unauthorized decrypting of VPN traffic SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respectiv...
Atlassian JIRA < 6.4.10 / 7.0.0-OD-02 MitM Plaintext Disclosure (Bar Mitzvah)
According to its self-reported version number, the instance of Atlassian JIRA hosted on the remote web server is prior to 6.4.10 or 7.0.0-OD-02. It is, therefore, potentially affected by a security feature bypass vulnerability, known as Bar Mitzvah, due to improper combination of state data with...
Microsoft XML Core Services Man-in-the-Middle Information Disclosure Vulnerability (CNVD-2015-05495)
Microsoft XML Core Services MSXML is a user to allow the use of JScript, VBScript and Visual Studio 6.0 users to develop XML-based applications , in order to interoperate with other applications that follow the XML 1.0 standard . A security vulnerability exists in Microsoft XML Core Services that...
LOGJAM: TLS connections which support export grade DHE key-exchange are vulnerable to MITM attacks
A flaw was found in the way the TLS protocol composes the Diffie-Hellman exchange for both export and non-export grade cipher suites. An attacker could use this flaw to downgrade a DHE connection to use export-grade key sizes, which could then be broken by sufficient pre-computation. This can lea...
LOGJAM: TLS connections which support export grade DHE key-exchange are vulnerable to MITM attacks
A flaw was found in the way the TLS protocol composes the Diffie-Hellman exchange for both export and non-export grade cipher suites. An attacker could use this flaw to downgrade a DHE connection to use export-grade key sizes, which could then be broken by sufficient pre-computation. This can lea...
LOGJAM: TLS connections which support export grade DHE key-exchange are vulnerable to MITM attacks
A flaw was found in the way the TLS protocol composes the Diffie-Hellman exchange for both export and non-export grade cipher suites. An attacker could use this flaw to downgrade a DHE connection to use export-grade key sizes, which could then be broken by sufficient pre-computation. This can lea...
LOGJAM: TLS connections which support export grade DHE key-exchange are vulnerable to MITM attacks
A flaw was found in the way the TLS protocol composes the Diffie-Hellman exchange for both export and non-export grade cipher suites. An attacker could use this flaw to downgrade a DHE connection to use export-grade key sizes, which could then be broken by sufficient pre-computation. This can lea...
LOGJAM: TLS connections which support export grade DHE key-exchange are vulnerable to MITM attacks
A flaw was found in the way the TLS protocol composes the Diffie-Hellman exchange for both export and non-export grade cipher suites. An attacker could use this flaw to downgrade a DHE connection to use export-grade key sizes, which could then be broken by sufficient pre-computation. This can lea...
Mono SSLv2 Fallback Security Bypass Vulnerability
Mono is a free and open source project. The goal of the project is to create a series of ECMA-compliant Ecma-334 and Ecma-335 .NET tools , including the C compiler and common language architecture . A security bypass vulnerability exists in Mono that stems from an error in the TLS state machine. ...