SSL Certificate Forgery via MD5 Collision Attacks

Public key infrastructure PKI is a mechanism used for issuing digital certificates for secure websites. A critical vulnerability was detected in PKI that enables attackers to create a forged digital certificate that will be trusted by all common web browsers. The vulnerability is due to a weaknes...

SSL Certificate Signed Using Weak Hashing Algorithm

The remote service uses an SSL certificate chain that has been signed using a cryptographically weak hashing algorithm e.g. MD2, MD4, MD5, or SHA1. These signature algorithms are known to be vulnerable to collision attacks. An attacker can exploit this to generate another certificate with the sam...

MD5 vulnerable to collision attacks

Overview Weaknesses in the MD5 algorithm allow for collisions in output. As a result, attackers can generate cryptographic tokens or other data that illegitimately appear to be authentic. Description A secure cryptographic hash algorithm is one that generates a unique identifier of a fixed size...

With GetHashes software get Windows System Hash password value-the value of vulnerability and early warning-the black bar safety net

For an intruder, get the Windows password is the entire attack process is crucial to a ring, have the system the original user password, will enable the network to penetrate and keep control more easily. Windows System Hash password values with LM-HASH and a NTLM-HASH value of the two parts, once...

Gentoo Security Advisory GLSA 200404-01 (Portage)

The remote host is missing updates announced in advisory GLSA 200404-01. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Invision Power Board <= 2.3.5 Remote SQL Injection Exploit

No description provided by source. ?php errorreportingEALL; /////////////////////////////////////////////////////////////////////// /////////////////////////////////////////////////////////////////////// // IPB = 2.3.5 sql injection exploit // Version 1.0 // written by Janek Vind "waraxe" //...

Invision Power Board 2.3.5 - SQL Injection

?php errorreportingEALL; /////////////////////////////////////////////////////////////////////// /////////////////////////////////////////////////////////////////////// // IPB = 2.3.5 sql injection exploit // Version 1.0 // written by Janek Vind "waraxe" // Estonia, Tartu // http://www.waraxe.us/...

Microworld Mailscan 5.6.a Password Reveal Exploit

No description provided by source. / ---------------------------------------------------------------------------------------------- / / / \ \ / / / / / / \ | / / / / / // // / / |/ / //////|/ 2008 SecurityDevelopment.net Author: SlaYeR Date: 25. Aug. 2008 Email: [email protected]...

Broken someone ASP Trojan password method-vulnerability warning-the black bar safety net

Crack the objective: to crack a asp Trojan encrypted login crack asp Trojan password land password. Since the Trojan there is no version described, specific also don't know what this Trojan is called what name. Crack idea: the two, with the encrypted password replaces the ciphertext and use the...

Microworld Mailscan 5.6.a - Password Reveal

Microworld Mailscan 5.6.a - Password Reveal / ---------------------------------------------------------------------------------------------- / / / \ \ / / / / / / \ | / / / / / // // / / |/ / //////|/ 2008 SecurityDevelopment.net Author: SlaYeR Date: 25. Aug. 2008 Email:...

Microworld Mailscan 5.6.a Password Reveal Exploit

Exploit for unknown platform in category remote exploits ================================================= Microworld Mailscan 5.6.a Password Reveal Exploit ================================================= /...

FreeBSD Security Advisory (FreeBSD-SA-05:19.ipsec.asc)

The remote host is missing an update to the system as announced in the referenced advisory FreeBSD-SA-05:19.ipsec.asc SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

RHEL 5 : libtiff (RHSA-2008:0847)

Updated libtiff packages that fix a security issue and a bug are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. The libtiff packages contain a library of functions for manipulating Tagged Image Fi...

Trend Micro Multiple Products Token Prediction Security Bypass

The remote host is either running Trend Micro OfficeScan or Worry-Free Business Security. The installed version is affected by a security bypass vulnerability because it reportedly implements a weak algorithm to generate random session tokens typically assigned to a successful authentication...

Authentication flaw

The Server Authentication Module in EMC Dantz Retrospect Backup Server 7.5.508 uses a "weak hash algorithm," which makes it easier for context-dependent attackers to recover passwords...

CVE-2008-3288

The Server Authentication Module in EMC Dantz Retrospect Backup Server 7.5.508 uses a "weak hash algorithm," which makes it easier for context-dependent attackers to recover passwords...

CVE-2008-3288

The CVE-2008-3288 entry documents that the Server Authentication Module in EMC Dantz Retrospect Backup Server 7.5.508 uses a weak hash algorithm for password hashing, enabling context-dependent attackers to recover passwords. This is a network-vector issue with partial confidentiality impact and ...

CVE-2008-3288

The Server Authentication Module in EMC Dantz Retrospect Backup Server 7.5.508 uses a "weak hash algorithm," which makes it easier for context-dependent attackers to recover passwords...

EMC Retrospect弱哈希算法口令泄露漏洞

BUGTRAQ ID: 30319,30308 EMC Retrospect是Windows平台下的备份和恢复软件。 Retrospect备份客户端在网络中以明文传输口令哈希。如果远程攻击者向客户端发送了恶意报文的话，客户端的响应信息中就会包含有明文口令，导致损失保密性；此外Retrospect备份服务器的认证模块使用了弱口令哈希算法，攻击者可以较容易的暴力猜测。 EMC Retrospect for Windows 7.5.508 EMC --- 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载：...

CVE-2008-3188

libxcrypt in SUSE openSUSE 11.0 uses the DES algorithm when the configuration specifies the MD5 algorithm, which makes it easier for attackers to conduct brute-force attacks against hashed passwords...