CVE-2020-14002

PuTTY versions 0.68–0.73 have an observable discrepancy during algorithm negotiation that can leak information and enable MITM targeting the initial connection when no host key is cached. This is documented across multiple sources (DEBIAN/Mageia/Fedora advisories and Nessus plugin references) wit...

PT-2020-13830 · Simon Tatham +1 · Putty +1

Name of the Vulnerable Software and Affected Versions: PuTTY versions 0.68 through 0.73 Description: The issue allows man-in-the-middle attackers to target initial connection attempts where no host key for the server has been cached by the client, due to an Observable Discrepancy leading to an...

CVE-2020-14002

PuTTY 0.68 through 0.73 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. This allows man-in-the-middle attackers to target initial connection attempts where no host key for the server has been cached by the client...

Baselining PassGAN: Adventures in the rhubarb

Cracking is a complex topic full of misunderstandings, confusing terminology and weird people. This blog post is front-loaded with some terminology, some explanations, and maybe some apologies. Password cracking: This is fundamentally one thing: guessing. Were not reversing, or talking to spirits...

Huawei Data Communication: Weak Algorithm Vulnerability in Some Huawei Products (huawei-sa-20200108-01-rsa)

There is a weak algorithm vulnerability in some Huawei products. Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free...

Design/Logic Flaw

ntpd in ntp 4.2.8 before 4.2.8p15 and 4.3.x before 4.3.101 allows remote attackers to cause a denial of service memory consumption by sending packets, because memory is not freed in situations where a CMAC key is used and associated with a CMAC algorithm in the ntp.keys file...

CVE-2020-15025

ntpd in ntp 4.2.8 before 4.2.8p15 and 4.3.x before 4.3.101 allows remote attackers to cause a denial of service memory consumption by sending packets, because memory is not freed in situations where a CMAC key is used and associated with a CMAC algorithm in the ntp.keys file...

CVE-2020-15025

The CVE-2020-15025 entry concerns ntpd (NTP) memory exhaustion via CMAC-related paths. Affected: ntpd 4.2.8 prior to 4.2.8p15 and 4.3.x prior to 4.3.101. Root cause: memory is not freed in CMAC-key scenarios in ntp.keys, enabling remote packets to trigger a denial of service through memory consum...

PT-2020-2998 · Nts +6 · Ntp +6

Name of the Vulnerable Software and Affected Versions: ntp versions 4.2.8 through 4.2.8p14 ntp versions 4.3.x through 4.3.100 Description: The issue is related to a memory consumption problem in ntpd, which can be exploited by remote attackers to cause a denial of service. This occurs when memory...

DDoS Protection for Networks: Utilizing AS Prepending to Route Traffic Through Imperva

In order for Imperva to protect customers’ traffic using DDoS Protection for Networks, the Internet must select Imperva as the best path. So what does this mean? Does Imperva automatically take over the customer’s prefix and control the routing of the Internet? Well…not exactly. Internet Routing...

TokenBreaker - JSON RSA To HMAC And None Algorithm Vulnerability POC

Token Breaker is focused on 2 particular vulnerability related to JWT tokens. None Algorithm RSAtoHMAC Refer to this link about insights of the vulnerability and how an attacker can forge the tokens Try out this vulnerability here TheNone Usage usage: TheNone.py -h -t TOKEN TokenBreaker:...

Web skimming with Google Analytics

Web skimming is a common class of attacks generally aimed at online shoppers. The principle is quite simple: malicious code is injected into the compromised site, which collects and sends user-entered data to a cybercriminal resource. If the attack is successful, the cybercriminals gain access to...

Smule: No Rate Limiting On Phone Number Login Leads to Login Bypass

Hey Team, Introduction: A rate limiting algorithm is used to check if the user session has to be limited based on the information in the session cache. In case a client made too many requests within a given time frame. Description: I was able to Bypass Authentication of any user by enumerating th...

UBUNTU-CVE-2020-12402

During RSA key generation, bignum implementations used a variation of the Binary Extended Euclidean Algorithm which entailed significantly input-dependent flow. This allowed an attacker able to perform electromagnetic-based side channel attacks to record traces leading to the recovery of the secr...

Design/Logic Flaw

A CWE-327: Use of a Broken or Risky Cryptographic Algorithm vulnerability exists in Easergy T300 Firmware version 1.5.2 and older which could allow an attacker to acquire a password by brute force...

Huawei EulerOS: Security Advisory for openssl110f (EulerOS-SA-2020-1629)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

(0Day) (Pwn2Own) NETGEAR R6700 check_ra Use of a Broken or Risky Cryptographic Algorithm Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the encryption of firmware update images. The issue results from the use...

Code injection

In engineSetMode of BaseBlockCipher.java, there is a possible incorrect cryptographic algorithm chosen due to an incomplete comparison. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...

CVE-2020-0187

CVE-2020-0187 affects Android 10 where in engineSetMode of BaseBlockCipher.java a comparison error could permit information disclosure without extra privileges. Documents confirm the vulnerability type as information disclosure with local access required, and no user interaction. Public reference...

freerdp: Out-of-bounds write in crypto_rsa_common in libfreerdp/crypto/crypto.c

An issue was found in freerdp's libfreerdp/crypto/crypto.c, in versions before 2.1.1, where buffer access with an incorrect length value, leads to an out-of-bounds write. This flaw allows a remote, unauthenticated, attacker running an RDP server, or a local attacker, using a specially crafted...