12 matches found
EUVD-2016-9340
Malware in sbrugna...
K99005715: DUHK vulnerability CVE-2016-8492
Security Advisory Description The implementation of an ANSI X9.31 RNG in Fortinet FortiGate allows attackers to gain unauthorized read access to data handled by the device via IPSec/TLS decryption. CVE-2016-8492 Impact There is no impact; F5 products are not affected by this vulnerability. Securi...
SUSE CVE-2016-8492
The implementation of an ANSI X9.31 RNG in Fortinet FortiGate allows attackers to gain unauthorized read access to data handled by the device via IPSec/TLS decryption...
DUHK Attack Lets Hackers Recover Encryption Key Used in VPNs & Web Sessions
DUHK — Don't Use Hard-coded Keys — is a new 'non-trivial' cryptographic implementation vulnerability that could allow attackers to recover encryption keys that secure VPN connections and web browsing sessions. DUHK is the third crypto-related vulnerability reported this month after KRACK Wi-Fi...
CVE-2016-8492
The implementation of an ANSI X9.31 RNG in Fortinet FortiGate allows attackers to gain unauthorized read access to data handled by the device via IPSec/TLS decryption...
Information disclosure
The implementation of an ANSI X9.31 RNG in Fortinet FortiGate allows attackers to gain unauthorized read access to data handled by the device via IPSec/TLS decryption...
CVE-2016-8492
The implementation of an ANSI X9.31 RNG in Fortinet FortiGate allows attackers to gain unauthorized read access to data handled by the device via IPSec/TLS decryption...
CVE-2016-8492
The implementation of an ANSI X9.31 RNG in Fortinet FortiGate allows attackers to gain unauthorized read access to data handled by the device via IPSec/TLS decryption...
CVE-2016-8492
CVE-2016-8492 describes an information-disclosure vulnerability in Fortinet FortiGate/FortiOS where the ANSI X9.31 RNG is used in long‑lived security channels (IPSec/TLS), potentially allowing unauthorized read access to data. Connected sources confirm this relates to DUHK-style weaknesses in RNG...
CVE-2016-8492
The implementation of an ANSI X9.31 RNG in Fortinet FortiGate allows attackers to gain unauthorized read access to data handled by the device via IPSec/TLS decryption...
DUHK Attack against Fortinet Products
When devices use ANSI X9.31 RNG which was removed from the list of FIPS-approved random number generation algorithms in January 2016 to generate cryptographic key under a static seed and under use with long-lived security tunnels like SSL/TLS/SSH/IPSec, such devices are vulnerable to the DUHK...
Juniper Removes Dual_EC, ANSI X9.31 Algorithms
Juniper Networks announced late Friday it was removing the suspicious DualECDRBG random number generator from its ScreenOS operating system. And while that’s heralded as a positive move considering DualEC’s dubious origins, there remain important and unanswered questions about Juniper’s decision ...