Yahoo Challenged on Claims Breach Was State-Sponsored Attack

As challenges mount against Yahoo’s attribution of a massive 2014 data breach to state-sponsored hackers, CISO Bob Lord yesterday confirmed that a cache of 200 million Yahoo accounts marketed this summer in an underground forum is unrelated to the breach. Speaking at the Structure Security...

CollabNet Subversion Edge weak password storage mechanism

Vuln Title: The CollabNet Subversion Edge stores passwords as unsalted MD5 hashes Date: 28.06.2015 Author: otr Software Link: https://www.open.collab.net/downloads/svnedge Vendor: CollabNet Version: 4.0.11 Tested on: Fedora Linux Type: Insecure password storage Risk: Medium Status: public/fixed...

Slack Discloses Breach of its User Profile Database

Enterprise and small business collaboration provider Slack today disclosed that a database storing user profile information has been compromised. The company said in a notice posted on its site that the unauthorized access has been blocked, and that it has implemented two-factor authentication...

Laravel 2.1 Hash::make() bcrypt Truncation

| | / | \ | |/ |/ | / | | | | | | | | | | | | | / \ | | | || || | |\ | || | | / | | |/|| ||// \| Laravel 2.1 Hash::make bcrypt truncation Website : http://laravel.com/ Author : @u0x Pichaya Morimoto Release dates : September 16, 2014 Special Thanks to 2600 Thailand group...

oclHashcat v1.2 - GPGPU-based Multi-hash Cracker

oclHashcat is a GPGPU-based multi-hash cracker using a brute-force attack implemented as mask attack, combinator attack, dictionary attack, hybrid attack, mask attack, and rule-based attack. This GPU cracker is a fusioned version of oclHashcat-plus and oclHashcat-lite. GPU Driver requirements: NV...

Securing Passwords with Bcrypt Hashing Function

Passwords are the first line of defense against cyber criminals. It is the most vital secret of every activity we do over the internet and also a final check to get into any of your user account, whether it is your bank account, email account, shopping cart account or any other account you have. ...

[OpenSSH 6.5] FREE version of the SSH Connectivity Tools

OpenSSH is a FREE version of the SSH connectivity tools that technical users of the Internet rely on. Users of telnet, rlogin, and ftp may not realize that their password is transmitted across the Internet unencrypted, but it is. OpenSSH encrypts all traffic including passwords to effectively...

Boasting Better Encryption, Bug Fixes, OpenSSH 6.5 Released

The OpenBSD Project pushed out a new build on Thursday of the OpenSSH security suite, adding a new private key format, a new transport cipher and fixing 15 bugs in the Secure Shell. OpenSSH version 6.5 adds support for the key exchange using elliptic-curve Diffie Hellman within cryptographer Dani...

Red Hat CloudForms Management Engine 5.1 miq_policy/explorer SQL Injection

This module exploits a SQL injection vulnerability in the "explorer" action of "miqpolicy" controller of the Red Hat CloudForms Management Engine 5.1 ManageIQ Enterprise Virtualization Manager 5.0 and earlier by changing the password of the target account to the specified password. This module...

Github accounts compromised in massive Brute-Force attack using 40,000 IP addresses

Popular source code repository service GitHub has recently been hit by a massive Password Brute-Force attack that successfully compromised some accounts, GitHub has urged users to set up two-factor authentication for their accounts and has already reset passwords for compromised accounts. "We sen...

Github accounts compromised in massive Brute-Force attack using 40,000 IP addresses

Popular source code repository service GitHub has recently been hit by a massive Password Brute-Force attack that successfully compromised some accounts, GitHub has urged users to set up two-factor authentication for their accounts and has already reset passwords for compromised accounts. “We sen...

Security releases (CVE-2013-5958): Symfony 2.0.25, 2.1.13, 2.2.9, and 2.3.6 released

Log in to add a reaction to this post add a reaction ❤️ 👍 🚀 Symfony 2.0.25, 2.1.13, 2.2.9, and 2.3.6 have just been released; they contain a security fix for the Security component CVE-2013-5958. Note Even if the end of life of Symfony 2.0 was reached last month, we are also releasing a new versio...

LivingSocial Ups its Password Encryption After Breach

The popular daily deal site LivingSocial announced Monday it has abandoned the SHA1 hash for Blowfish’s bcrypt following a massive data breach that impacted 50 million customers. The company confirmed last weekend that its computer systems were attacked and thieves gained access to names, e-mail...

Fedora Update for py-bcrypt FEDORA-2013-4424

Check for the Version of py-bcrypt OpenVAS Vulnerability Test Fedora Update for py-bcrypt FEDORA-2013-4424 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under th...

Fedora Update for py-bcrypt FEDORA-2013-4447

Check for the Version of py-bcrypt OpenVAS Vulnerability Test Fedora Update for py-bcrypt FEDORA-2013-4447 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under th...

Fedora 17 : py-bcrypt-0.3-1.fc17 (2013-4424)

Fix for CVE-2013-1895: py-bcrypt 0.3 contains a concurrency bug that could result in auth bypass. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as...

Fedora 18 : py-bcrypt-0.3-1.fc18 (2013-4447)

Fix for CVE-2013-1895: py-bcrypt 0.3 contains a concurrency bug that could result in auth bypass. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as...

Fedora Update for py-bcrypt FEDORA-2013-4424

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora Update for py-bcrypt FEDORA-2013-4447

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Python 'py-bcrypt' 模块身份验证绕过漏洞(CVE-2013-1895)

BUGTRAQ ID: 58702 CVECAN ID: CVE-2013-1895 Py-bcrypt是OpenBSD Blowfish密码哈希算法的实现。 Python py-bcrypt 0.3之前版本没有正确执行并发内存范围操作，在实现上存在身份验证绕过漏洞，可被利用绕过安全限制，非法访问系统。 0 Python py-bcrypt Module 0.x 厂商补丁： Python ------ 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： www.python.org...