117 matches found
CVE-2014-0627
The SSLEngine API implementation in EMC RSA BSAFE SSL-J 5.x before 5.1.3 and 6.x before 6.0.2 allows remote attackers to trigger the selection of a weak cipher suite by using the wrap method during a certain incomplete-handshake state...
Design/Logic Flaw
The SSLEngine API implementation in EMC RSA BSAFE SSL-J 5.x before 5.1.3 and 6.x before 6.0.2 allows remote attackers to trigger the selection of a weak cipher suite by using the wrap method during a certain incomplete-handshake state...
CVE-2014-0627
The SSLEngine API implementation in EMC RSA BSAFE SSL-J 5.x before 5.1.3 and 6.x before 6.0.2 allows remote attackers to trigger the selection of a weak cipher suite by using the wrap method during a certain incomplete-handshake state...
CVE-2014-0627
Summary: CVE-2014-0627 affects EMC RSA BSAFE SSL-J (SSL-J) 5.x before 5.1.3 and 6.x before 6.0.2. The SSLEngine API can reveal information by using the wrap method after the Finished message in an incomplete handshake, potentially allowing an attacker to trigger a weak cipher suite. Impact: Infor...
CVE-2013-0531
The SSL implementation in IBM Security AppScan Enterprise before 8.7.0.1 enables cipher suites with weak encryption algorithms, which makes it easier for remote attackers to obtain sensitive information by sniffing the network...
CVE-2012-2668
libraries/libldap/tlsm.c in OpenLDAP, possibly 2.4.31 and earlier, when using the Mozilla NSS backend, always uses the default cipher suite even when TLSCipherSuite is set, which might cause OpenLDAP to use weaker ciphers than intended and make it easier for remote attackers to obtain sensitive...
Improve the default SSL cipherset in standalone JIRA setup
panel:bgColor=e7f4fa NOTE: This suggestion is for JIRA Cloud. Using JIRA Server? See the corresponding suggestion|http://jira.atlassian.com/browse/JRASERVER-27681. panel We are concerned about 'SSL Weak Cipher Suites Supported' and 'SSL Medium Strength Cipher Suites Suppored'. Any suggestions wou...
Improve the default SSL cipherset in standalone JIRA setup
We are concerned about 'SSL Weak Cipher Suites Supported' and 'SSL Medium Strength Cipher Suites Suppored'. Any suggestions would be helpful...
SSL/TLS: Report Weak Cipher Suites
This routine reports all weak SSL/TLS cipher suites accepted by a service. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SSL/TLS: Report Non Weak Cipher Suites
This routine reports all Non Weak SSL/TLS cipher suites accepted by a service. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei HG default WEP/WPA generator
Hi, Huawei HG520 and HG530 routers are vulnerable to weak cipher attacks. It is possible to generate the default WEP/WPA key from the MAC address. The following documents detail the process of developing a key generator for these devices. English: http://websec.ca/blog/view/mac2wepkeyhuawei Espao...
SSL Weak Cipher Suites Supported
The remote host supports the use of SSL ciphers that offer weak encryption. Note: This is considerably easier to exploit if the attacker is on the same physical network. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid26928; scriptversion"1.31";...
CVE-2006-4407
CVE-2006-4407 affects Apple Mac OS X Security Framework Secure Transport. The issue arises when negotiating the strongest shared cipher: due to an incorrect priority order, Secure Transport may choose a weaker cipher, potentially enabling a remote attacker to decrypt traffic. Documents consistent...
CVE-2006-3204
Ultimate PHP Board UPB 1.9.6 and earlier uses a cryptographically weak block cipher with a large key collision space, which allows remote attackers to determine a suitable decryption key given the plaintext and ciphertext by obtaining the plaintext password, which is sent when logging in, and the...
Design/Logic Flaw
The SSL server implementation in NILE.NLM in Novell NetWare 6.5 and Novell Open Enterprise Server OES sometimes selects a weak cipher instead of an available stronger cipher, which makes it easier for remote attackers to sniff and decrypt an SSL protected session...
CVE-2006-0998
The CVE-2006-0998 issue affects Novell NetWare 6.5 and Novell Open Enterprise Server (OES) where the SSL server implementation in NILE.NLM can select a weak cipher instead of an available stronger cipher. This weak cipher choice enables remote attackers to sniff and potentially decrypt SSL sessio...
CVE-2006-0998
The SSL server implementation in NILE.NLM in Novell NetWare 6.5 and Novell Open Enterprise Server OES sometimes selects a weak cipher instead of an available stronger cipher, which makes it easier for remote attackers to sniff and decrypt an SSL protected session...