D-Link Multiple Routers HNAP PrivateLogin Incorrect Implementation of Authentication Algorithm Authentication Bypass Vulnerability

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-867, DIR-878, and DIR-882 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of HNAP login requests. The issue...

OpenSSH now supports FIDO U2F security keys for 2-factor authentication

Here's excellent news for sysadmins. You can now use a physical security key as hardware-based two-factor authentication to securely log into a remote system via SSH protocol. OpenSSH, one of the most widely used open-source implementations of the Secure Shell SSH Protocol, yesterday announced th...

CVE-2012-5623

Squirrelmail 4.0 uses the outdated MD5 hash algorithm for passwords...

Linux: Password hashing algorithm

The hashing algorithm can be set in following module: - pamunix: Module for traditional password authentication Use the sha512 option to enforce encryption with the SHA512 algorithm. If the SHA512 algorithm is not known to the crypt function, fall back to MD5. Copyright C 2020 Greenbone Networks...

Hashcracker - Python Hash Cracker

Supportedhashing algorithms: SHA512, SHA256, SHA384, SHA1, MD5 Features: auto detection of hashing algorithm based on length not recommended, bruteforce, password list Arguments: type: hash algorithm must be one of the supported hashing algorithms mentioned above or AUTO if you want to use...

CVE-2013-7286

MobileIron VSP 5.9.1 and Sentry 5.0 has a weak password obfuscation algorithm...

Design/Logic Flaw

MobileIron VSP 5.9.1 and Sentry 5.0 has a weak password obfuscation algorithm...

CVE-2013-7286

MobileIron VSP 5.9.1 and Sentry 5.0 has a weak password obfuscation algorithm...

CVE-2014-4607

Integer overflow in the LZO algorithm variant in Oberhumer liblzo2 and lzo-2 before 2.07 on 32-bit platforms might allow remote attackers to execute arbitrary code via a crafted Literal Run...

CVE-2014-4607

Integer overflow in the LZO algorithm variant in Oberhumer liblzo2 and lzo-2 before 2.07 on 32-bit platforms might allow remote attackers to execute arbitrary code via a crafted Literal Run...

DEBIAN-CVE-2014-4607

Integer overflow in the LZO algorithm variant in Oberhumer liblzo2 and lzo-2 before 2.07 on 32-bit platforms might allow remote attackers to execute arbitrary code via a crafted Literal Run...

CVE-2014-4607

Integer overflow in the LZO algorithm variant in Oberhumer liblzo2 and lzo-2 before 2.07 on 32-bit platforms might allow remote attackers to execute arbitrary code via a crafted Literal Run...

CVE-2014-4607

CVE-2014-4607 affects Oberhumer liblzo2 and lzo-2 up to version 2.07 on 32-bit platforms. The vulnerability arises from an integer overflow in the lzo1x_decompress_safe function when handling any variant of a Literal Run, which could lead to memory corruption and potentially remote code execution...

CVE-2014-4607

Integer overflow in the LZO algorithm variant in Oberhumer liblzo2 and lzo-2 before 2.07 on 32-bit platforms might allow remote attackers to execute arbitrary code via a crafted Literal Run...

golang: invalid public key causes panic in dsa.Verify

Go before 1.12.11 and 1.3.x before 1.13.2 can panic upon an attempt to process network traffic containing an invalid DSA public key. There are several attack scenarios, such as traffic from a client to a server that verifies client certificates...

[SECURITY] Fedora 31 Update: spamassassin-3.4.4-1.fc31

SpamAssassin provides you with a way to reduce if not completely eliminate Unsolicited Commercial Email SPAM from your incoming email. It can be invoked by a MDA such as sendmail or postfix, or can be called from a procmail script, .forward file, etc. It uses a genetic-algorithm evolved scoring...

[SECURITY] Fedora 30 Update: spamassassin-3.4.4-1.fc30

SpamAssassin provides you with a way to reduce if not completely eliminate Unsolicited Commercial Email SPAM from your incoming email. It can be invoked by a MDA such as sendmail or postfix, or can be called from a procmail script, .forward file, etc. It uses a genetic-algorithm evolved scoring...

Nord Security: No Rate Limit On Forgot Password Page Of affiliates.nordvpn.com

Introduction:- A little bit about Rate Limit: A rate limiting algorithm is used to check if the user session or IP-address has to be limited based on the information in the session cache. In case a client made too many requests within a given time frame, HTTP-Servers can respond with status code...

Security Bulletin: Weak Cryptographic Algorithm Vulnerability Affects IBM Sterling B2B Integrator (CVE-2018-1720)

Summary IBM Sterling B2B Integrator Standard Edition has addressed the weak cryptographic algorithm vulnerability. Vulnerability Details CVEID: CVE-2018-1720 DESCRIPTION: IBM Sterling B2B Integrator Standard Edition uses weaker than expected cryptographic algorithms that could allow an attacker t...

Security Bulletin: Multiple Security Vulnerabilities in OpenSSL Affect IBM Sterling B2B Integrator (CVE-2018-0734, CVE-2018-5407)

Summary Security vulnerabilities in OpenSSL affect IBM Sterling B2B Integrator Vulnerability Details CVE-ID: CVE-2018-0734 Description: OpenSSL could allow a remote attacker to obtain sensitive information, caused by a timing side channel attack in the DSA signature algorithm. An attacker could...