4564 matches found
Pure Secure weak encryption
Passwords for log access are stored in cleartext...
TCP/IP SYN+FIN Packet Filtering Weakness
The remote host does not discard TCP SYN packets that have the FIN flag set. Depending on the kind of firewall you are using, an attacker may use this flaw to bypass its rules. C Tenable Network Security, Inc. Ref: To: [email protected] From: [email protected] Date: Mon, 5 May 2003 11:01:0...
FlashFXP 1.4 - User Password Encryption
// source: https://www.securityfocus.com/bid/7499/info FlashFXP uses a trivially reversible algorithm to encrypt FTP user credentials. Local attackers with access to the sites.data may exploit this weakness to gain unauthorized access to FTP user credentials for remote sites. / Flashfxp sites.dat...
Web Protector 2.0 - Trivial Encryption
source: https://www.securityfocus.com/bid/7409/info Web protector has been reported prone to a trivial encryption weakness. It has been reported that the method used to obfuscate and protect the HTML source of web pages implementing Web Protector is flawed and may be easily reversed. This weaknes...
Cerberus FTP Server 2.1 - Information Disclosure
Cerberus FTP Server 2.1 - Information Disclosure source: https://www.securityfocus.com/bid/7369/info It has been reported that Cerberus FTP Server is prone to an information disclosure weakness. The problem exists in the way the FTP server handles the authentication procedure. An attacker may...
Cerberus FTP Server 2.1 - Information Disclosure
source: https://www.securityfocus.com/bid/7369/info It has been reported that Cerberus FTP Server is prone to an information disclosure weakness. The problem exists in the way the FTP server handles the authentication procedure. An attacker may exploit a weakness in error handling to disclose val...
[SECURITY] [DSA 269-2] New heimdal packages fix authentication failure
-------------------------------------------------------------------------- Debian Security Advisory DSA 269-2 [email protected] http://www.debian.org/security/ Martin Schulze April 9th, 2003 http://www.debian.org/security/faq -...
[SECURITY] [DSA 269-2] New heimdal packages fix authentication failure
-------------------------------------------------------------------------- Debian Security Advisory DSA 269-2 [email protected] http://www.debian.org/security/ Martin Schulze April 9th, 2003 http://www.debian.org/security/faq -...
Linux Kernel 2.2.x/2.4.x - I/O System Call File Existence
/ source: https://www.securityfocus.com/bid/7279/info A weakness has been discovered on various systems that may result in an attacker gaining information pertaining to the existence of inaccessible files. The problem lies in the return times when attempting to access existent and non-existent...
[SECURITY] [DSA 273-1] New krb4 packages fix authentication failure
-------------------------------------------------------------------------- Debian Security Advisory DSA 273-1 [email protected] http://www.debian.org/security/ Martin Schulze March 28th, 2003 http://www.debian.org/security/faq -...
[SECURITY] [DSA 273-1] New krb4 packages fix authentication failure
-------------------------------------------------------------------------- Debian Security Advisory DSA 273-1 [email protected] http://www.debian.org/security/ Martin Schulze March 28th, 2003 http://www.debian.org/security/faq -...
DSA-273 krb4 - Cryptographic weakness
Bulletin has no description...
[SECURITY] [DSA 269-1] New heimdal packages fix authentication failure
-------------------------------------------------------------------------- Debian Security Advisory DSA 269-1 [email protected] http://www.debian.org/security/ Martin Schulze March 26th, 2003 http://www.debian.org/security/faq -...
[SECURITY] [DSA 269-1] New heimdal packages fix authentication failure
-------------------------------------------------------------------------- Debian Security Advisory DSA 269-1 [email protected] http://www.debian.org/security/ Martin Schulze March 26th, 2003 http://www.debian.org/security/faq -...
DSA-269 heimdal - Cryptographic weakness
Bulletin has no description...
DSA-266 krb5 - several vulnerabilities
Bulletin has no description...
ProtWare HTML Guardian 6.x - Encryption
source: https://www.securityfocus.com/bid/7169/info A weakness has been reported in the encryption scheme used by ProtWare HTML Guardian. Specifically, the encryption scheme implemented obfuscates data using a simple bit shifting technique, making it trivial for attackers to reverse. Administrato...
MIT Kerberos vulnerable to ticket splicing when using Kerberos4 triple DES service tickets
Overview Several cryptographic vulnerabilities exist in the basic Kerberos version 4 protocol that could allow an attacker to impersonate any user in a Kerberos realm and gain any privilege authorized through that Kerberos realm. Description The MIT Kerberos Development team has discovered a...
MITKRB5-SA-2003-004: Cryptographic weaknesses in Kerberos v4 protocol
-----BEGIN PGP SIGNED MESSAGE----- MIT krb5 Security Advisory 2003-004 2003-03-17 Topic: Cryptographic weaknesses in Kerberos v4 protocol Severity: CRITICAL SUMMARY ======= A cryptographic weakness in version 4 of the Kerberos protocol allows an attacker to use a chosen-plaintext attack to...
Qpopper 34 - Username Information Disclosure
Qpopper 34 - Username Information Disclosure source: https://www.securityfocus.com/bid/7110/info An information disclosure weakness has been reported for Qpopper when authenticating. The weakness is due to the fact that if a valid username is sent with a bad password, Qpopper will wait a small...