17 matches found
CVE-2024-45368 AutomationDirect DirectLogic H2-DM1E Session Fixation
The H2-DM1E PLC's authentication protocol appears to utilize either a custom encoding scheme or a challenge-response protocol. However, there's an observed anomaly in the H2-DM1E PLC's protocol execution, namely its acceptance of multiple distinct packets as valid authentication responses. This...
AlmaLinux 9 : keylime (ALSA-2023:5080)
The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:5080 advisory. - A flaw was found in Keylime. Due to their blocking nature, the Keylime registrar is subject to a remote denial of service against its SSL connections...
Oracle Linux 9 : keylime (ELSA-2023-5080)
The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-5080 advisory. - Fix registrar is subject to a DoS against SSL CVE-2023-38200 Resolves: rhbz2222694 Tenable has extracted the preceding description block directly fro...
Moderate: Red Hat Security Advisory: keylime security update
An update for keylime is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...
RHEL 9 : keylime (RHSA-2023:5080)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:5080 advisory. Keylime is a TPM based highly scalable remote boot attestation and runtime integrity measurement solution. Security Fixes: keylime: registra...
ALSA-2023:5080 Moderate: keylime security update
Keylime is a TPM based highly scalable remote boot attestation and runtime integrity measurement solution. Security Fixes: keylime: registrar is subject to a DoS against SSL connections CVE-2023-38200 Keylime: challenge-response protocol bypass during agent registration CVE-2023-38201 For more...
Moderate: keylime security update
Keylime is a TPM based highly scalable remote boot attestation and runtime integrity measurement solution. Security Fixes: keylime: registrar is subject to a DoS against SSL connections CVE-2023-38200 Keylime: challenge-response protocol bypass during agent registration CVE-2023-38201 For more...
Authorization Bypass
Keylime is vulnerable to an attack which allows an attacker to Bypass the Challenge-Response Protocol during agent registration. The vulnerability occurs due to the registrar disclosing the correct "authtag" in the error message. This could allow an attacker to simply record the correct expected...
GHSA-F4R5-Q63F-GCWW Keylime registrar and (untrusted) Agent can be bypassed by an attacker
Impact A security issue was found in the Keylime registrar code which allows an attacker to effectively bypass the challenge-response protocol used to verify that an agent has indeed access to an AIK which in indeed related to the EK. When an agent starts up, it will contact a registrar and provi...
CVE-2023-38201
A flaw was found in the Keylime registrar that could allow a bypass of the challenge-response protocol during agent registration. This issue may allow an attacker to impersonate an agent and hide the true status of a monitored machine if the fake agent is added to the verifier list by a legitimat...
CVE-2023-38201
A flaw was found in the Keylime registrar that could allow a bypass of the challenge-response protocol during agent registration. This issue may allow an attacker to impersonate an agent and hide the true status of a monitored machine if the fake agent is added to the verifier list by a legitimat...
Design/Logic Flaw
A flaw was found in the Keylime registrar that could allow a bypass of the challenge-response protocol during agent registration. This issue may allow an attacker to impersonate an agent and hide the true status of a monitored machine if the fake agent is added to the verifier list by a legitimat...
CVE-2023-38201
A flaw was found in the Keylime registrar that could allow a bypass of the challenge-response protocol during agent registration. This issue may allow an attacker to impersonate an agent and hide the true status of a monitored machine if the fake agent is added to the verifier list by a legitimat...
PYSEC-2023-160
A flaw was found in the Keylime registrar that could allow a bypass of the challenge-response protocol during agent registration. This issue may allow an attacker to impersonate an agent and hide the true status of a monitored machine if the fake agent is added to the verifier list by a legitimat...
CVE-2023-38201
CVE-2023-38201 is a vulnerability in Keylime's registrar where the challenge-response during agent registration can be bypassed, enabling impersonation of an agent and potentially compromising the integrity of the registrar database. Reported across multiple advisories (e.g., ALSA-2023:5080, ELSA...
CVE-2023-38201 Keylime: challenge-response protocol bypass during agent registration
A flaw was found in the Keylime registrar that could allow a bypass of the challenge-response protocol during agent registration. This issue may allow an attacker to impersonate an agent and hide the true status of a monitored machine if the fake agent is added to the verifier list by a legitimat...
CVE-2023-38201
A flaw was found in the Keylime registrar that could allow a bypass of the challenge-response protocol during agent registration. This issue may allow an attacker to impersonate an agent and hide the true status of a monitored machine if the fake agent is added to the verifier list by a legitimat...