ALPINE-CVE-2019-9495

The implementations of EAP-PWD in hostapd and wpasupplicant are vulnerable to side-channel attacks as a result of cache access patterns. All versions of hostapd and wpasupplicant with EAP-PWD support are vulnerable. The ability to install and execute applications is necessary for a successful...

FreeBSD -- EAP-pwd side-channel attack

Problem Description: Potential side channel attacks in the SAE implementations used by both hostapd and wpasupplicant see CVE-2019-9494 and VU871675. EAP-pwd uses a similar design for deriving PWE from the password and while a specific attack against EAP-pwd is not yet known to be tested, there i...

SUSE SLED12 / SLES12 Security Update : openssl (SUSE-SU-2019:0803-1)

This update for openssl fixes the following issues : Security issues fixed : The 9 Lives of Bleichenbacher's CAT: Cache Attacks on TLS Implementations bsc1117951 CVE-2019-1559: Fixed OpenSSL 0-byte Record Padding Oracle which under certain circumstances a TLS server can be forced to respond...

Intel CPU Spoiler vulnerability alerts-a vulnerability alert-the black bar safety net

Spoiler is the researchers found that the impact of the Intel microprocessor architecture of a speculative attack a speculative attack is a new microprocessor disclosure vulnerability that leaks is about the physical page to the user space process mapping of key information. Spoiler with 2018 1 o...

QIWI: [*.rocketbank.ru] Web Cache Deception & XSS

Практически все сайты .rocketbank.ru, основанные на readymag.rocketbank.ru, уязвимы к Web Cache Deception и XSS. Пример запроса: http GET /?xx HTTP/1.1 Host: wknd.rocketbank.ru X-Forwarded-Host: cacheattack'"alertdocument.domain HTTP ответ: html alertdocument.domain/friends/" alertdocument.domain...

Kernel: hw: cpu: L1 terminal fault (L1TF)

Modern operating systems implement virtualization of physical memory to efficiently use available system resources and provide inter-domain protection through access control and isolation. The L1TF issue was found in the way the x86 microprocessor designs have implemented speculative execution of...

CVE-2018-12435

Botan 2.5.0 through 2.6.0 before 2.7.0 allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP, related to dsa/dsa.cpp, ecgroup/ecgroup.cpp, and ecdsa/ecdsa.cpp. To discover an ECDSA key, the attacker needs access to either the local...

CVE-2018-12435

Botan 2.5.0 through 2.6.0 before 2.7.0 allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP, related to dsa/dsa.cpp, ecgroup/ecgroup.cpp, and ecdsa/ecdsa.cpp. To discover an ECDSA key, the attacker needs access to either the local...

Multiple CPUs - Spectre Information Disclosure (PoC) Exploit

Exploit for multiple platform in category local exploits include include include ifdef MSCVER include / for rdtscp and clflush / pragma optimize"gt",on else include / for rdtscp and clflush / endif / Victim code. / unsigned int array1size = 16; uint8t unused164; uint8t array1160 =...

CVE-2017-14737

A cryptographic cache-based side channel in the RSA implementation in Botan before 1.10.17, and 1.11.x and 2.x before 2.3.0, allows a local attacker to recover information about RSA secret keys, as demonstrated by CacheD. This occurs because an array is indexed with bits derived from a secret key...

The vulnerability of Cisco IPS’ software allows a malicious individual to obtain a one-time code (nonce) for ECDSA encryption.

The vulnerability exists in the implementation of the Montgomery algorithm in OpenSSL, due to the temporal impermanence of the padding operations. Exploiting this vulnerability allows local users to obtain a one-time code nonce for ECDSA by attacking the cache through external channels using the...

openssl: NETSCAPE_REUSE_CIPHER_CHANGE_BUG downgrade-to-disabled ciphersuite attack

OpenSSL before 0.9.8j, when SSLOPNETSCAPEREUSECIPHERCHANGEBUG is enabled, does not prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the use of a disabled cipher via vectors involving sniffing network traffic to discover a session identifier, a...

DNS cache poisoning details leaked-vulnerability warning-the black bar safety net

Yesterday Mantasano on an article describing the Dan Kaminsky DNS name server attack details. The article was published a few minutes after that to be deleted. Although Dan Kaminsky have combined The vendor released a patch, but is still in the patch of the push phase, there are still a...

Six Step IE Remote Compromise Cache Attack

Six Step IE Remote Compromise Cache Attack tested OS:WinXp Microsoft Internet Explorer v6.Sp1; up-to-date on 2003/10/30 Overview A six step cache attack has been found which allows for remote compromise of systems running Internet Explorer merely by viewing a webpage. This attack is possible part...