72 matches found
The Citrix License Server certificate is not in the Delivery Controller's trusted root store
License Server certificate not in the Delivery Controller's trusted root certificate store. This will impact Studio and Director managing and displaying information from the license server...
A week in security (November 13 – November 19)
Last week, we gave you some tips for the inevitable online chaos that is Cyber Monday, explained how "trusted" root certificates can sometimes be anything but, and explored the strange world of catphishing. We also pulled apart some malware found on Google Play and laid out the specifics of the...
Savitech driver packages for Windows man-in-the-middle attack vulnerability
Savitech driver packages for Windows is a driver package for signal processing chips based on the Windows platform. A security vulnerability exists in the Savitech driver packages for Windows-based platforms that originates when a program installs a self-signed certificate into the Trusted Root...
CVE-2017-9758
Savitech driver packages for Windows silently install a self-signed certificate into the Trusted Root Certification Authorities store, aka "Inaudible Subversion."...
CVE-2017-9758
Savitech driver packages for Windows silently install a self-signed certificate into the Trusted Root Certification Authorities store, aka "Inaudible Subversion."...
Session fixation
Savitech driver packages for Windows silently install a self-signed certificate into the Trusted Root Certification Authorities store, aka "Inaudible Subversion."...
CVE-2017-9758
Savitech driver packages for Windows silently install a self-signed certificate into the Trusted Root Certification Authorities store, aka "Inaudible Subversion."...
Microsoft to remove WoSign and StartCom certificates in Windows 10
Microsoft has concluded that the Chinese Certificate Authorities CAs WoSign and StartCom have failed to maintain the standards required by our Trusted Root Program. Observed unacceptable security practices include back-dating SHA-1 certificates, mis-issuances of certificates, accidental certifica...
CVE-2016-0818
The caching functionality in the TrustManagerImpl class in TrustManagerImpl.java in Conscrypt in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49H, and 6.x before 2016-03-01 mishandles the distinction between an intermediate CA and a trusted root CA, which allows man-in-the-middle attackers to...
CVE-2012-4948
The default configuration of Fortinet Fortigate UTM appliances uses the same Certification Authority certificate and same private key across different customers' installations, which makes it easier for man-in-the-middle attackers to spoof SSL servers by leveraging the presence of the...
Windows Manage Certificate Authority Removal
This module allows the attacker to remove an arbitrary CA certificate from the victim's Trusted Root store. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Windows Manage Certificate Authority...
Full Disclosure: Windows File Protection Arbitrary Certificate Chain Vulnerability
============================================================================ == SECURITY ALERT Windows File Protection Arbitrary Certificate Chain Vulnerability December 26, 2002 Full Disclosure, [email protected] and others December 24, 2002 Private Disclosure Jason Coombs [email protected]...