Security Bulletin: TLS padding vulnerability affects IBM Rational ClearCase (CVE-2014-8730)

Summary Transport Layer Security TLS padding vulnerability via a POODLE Padding Oracle On Downgraded Legacy Encryption like attack affects IBM Rational ClearCase. Vulnerability Details CVE-ID: CVE-2014-8730 Description: IBM Rational ClearCase could allow a remote attacker to obtain sensitive...

Security Bulletin: Vulnerability in OpenSSL affects IBM Rational ClearCase (CVE-2016-2107)

Summary OpenSSL vulnerabilities were disclosed on May 3, 2016 by the OpenSSL Project. OpenSSL is used by IBM Rational ClearCase. IBM Rational ClearCase has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2016-2107 DESCRIPTION: OpenSSL could allow a remote attacker to obtain...

Security Bulletin: Vulnerability in RC4 stream cipher affects IBM Rational ClearCase (CVE-2015-2808)

Summary The RC4 “Bar Mitzvah” Attack for SSL/TLS affects IBM Rational ClearCase. Vulnerability Details CVEID: CVE-2015-2808 DESCRIPTION: The RC4 algorithm, as used in the TLS protocol and SSL protocol, could allow a remote attacker to obtain sensitive information. An attacker could exploit this...

Most LokiBot samples in the wild are "hijacked" versions of the original malware

Hacker himself got hacked. It turns out that most samples of the LokiBot malware being distributed in the wild are modified versions of the original sample, a security researcher has learned. Targeting users since 2015, LokiBot is a password and cryptocoin-wallet stealer that can harvest...

Oracle Linux 7 : python (ELSA-2018-2123)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2018-2123 advisory. 2.7.5-69.0.1 - Add Oracle Linux distribution in platform.py orabug 20812544 2.7.5-70 - Remove 3DS cipher to mitigate CVE-2016-2183 sweet32. Resolves: rhbz158454...

Moderate: Red Hat Security Advisory: python security update

An update for python is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

SSL/TLS: Birthday attack against 64-bit block ciphers (SWEET32)

A flaw was found in the way the DES/3DES cipher was used as part of the TLS/SSL protocol. A man-in-the-middle attacker could use this flaw to recover some plaintext data by capturing large amounts of encrypted traffic between TLS/SSL server and client if the communication used a DES/3DES based...

python security update

2.7.5-69.0.1 - Add Oracle Linux distribution in platform.py orabug 20812544 2.7.5-70 - Remove 3DS cipher to mitigate CVE-2016-2183 sweet32. Resolves: rhbz1584545...

Slack: The POODLE attack (SSLv3 supported) at status.slack.com

@cryptographer found that for some regions, status.slack.com supported an outdated cipher suite, which we've since updated. Thanks @cryptographer! nmap -sV --version-light --script ssl-poodle -p 443 IP...

UBUNTU-CVE-2018-1000520

ARM mbedTLS version 2.7.0 and earlier contains a Ciphersuite Allows Incorrectly Signed Certificates vulnerability in mbedtlssslgetverifyresult that can result in ECDSA-signed certificates are accepted, when only RSA-signed ones should be.. This attack appear to be exploitable via Peers negotiate ...

Microsoft Windows: Hardware-based encryption for OS drives (allowed algorithms)

This test checks the setting for policy OpenVAS Vulnerability Test $Id: winosrestrictcrypto.nasl 11532 2018-09-21 19:07:30Z cfischer $ Check value for Configure use of hardware-based encryption for operating system drives: Restrict crypto algorithms or cipher suites to the following Authors:...

Microsoft Windows 10: Drive encryption method and cipher strength (Windows 10)

This test checks the setting for policy OpenVAS Vulnerability Test $Id: winencrmethodcipherstrength.nasl 11532 2018-09-21 19:07:30Z cfischer $ Check value for Choose drive encryption method and cipher strength Windows 10 Version 1511 and later Authors: Emanuel Moss Copyright: Copyright c 2018...

Crypto Identifier - Tool To Uncipher Data Using Multiple Algorithms And Block Chaining Modes

Crypto tool for pentest and ctf : try to uncipher data using multiple algorithms and block chaining modes. Usefull for a quick check on unknown cipher text and key dictionary. Supported Algorithms : AES ARC2 ARC4 Blowfish CAST DES DES3 XOR Supported modes : ECB CBC CFB OFB Usage: python...

Security Bulletin: Multiple vulnerabilities in OpenSSL affect PowerKVM

Summary OpenSSL vulnerabilities were disclosed on March 3, 2016 and May 3, 2016 by the OpenSSL Project. OpenSSL is used by PowerKVM, which has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2016-2105 DESCRIPTION: OpenSSL is vulnerable to a heap-based buffer overflow, caused by...

Security Bulletin: Vulnerability in RC4 stream cipher affects the IBM FlashSystem V840 (CVE-2015-2808)

Summary The RC4 “Bar Mitzvah” Attack for SSL/TLS affects the IBM® FlashSystem™ V840. Vulnerability Details CVEID: CVE-2015-2808 DESCRIPTION: The RC4 algorithm, as used in the TLS protocol and SSL protocol, could allow a remote attacker to obtain sensitive information. An attacker could exploit th...

Security Bulletin: Vulnerability in Diffie-Hellman ciphers affects IBM XIV Management Tools (CVE-2015-4000)

Summary The Logjam Attack on TLS connections using the Diffie-Hellman DH key exchange protocol affects XIV Management Tools. Vulnerability Details CVEID: CVE-2015-4000 DESCRIPTION: The TLS protocol could allow a remote attacker to obtain sensitive information, caused by the failure to properly...

Security Bulletin: Vulnerability in RC4 stream cipher affects IBM XIV Storage System Gen2 (CVE-2015-2808)

Summary The RC4 “Bar Mitzvah” Attack for SSL/TLS affects IBM XIV Storage System Gen2. Vulnerability Details CVEID: CVE-2015-2808 DESCRIPTION: The RC4 algorithm, as used in the TLS protocol and SSL protocol, could allow a remote attacker to obtain sensitive information. An attacker could exploit...

Security Bulletin: Vulnerabilities in SSL and TLS protocols affect the IBM FlashSystem V840 (CVE-2011-3389)

Summary SSL and TLS vulnerabilities were disclosed in September 2011. This vulnerability has been referred to as the “BEAST” attack. SSL protocol is used by the IBM FlashSystem V840. Vulnerability Details CVE-ID: CVE-2011-3389 DESCRIPTION: Multiple products could allow a remote attacker to obtain...

Security Bulletin: Vulnerability in RC4 stream cipher affects IBM XIV Management Tools (CVE-2015-2808)

Summary The RC4 “Bar Mitzvah” Attack for SSL/TLS affects IBM XIV Management Tools. Vulnerability Details CVEID: CVE-2015-2808 DESCRIPTION: The RC4 algorithm, as used in the TLS protocol and SSL protocol, could allow a remote attacker to obtain sensitive information. An attacker could exploit this...

Security Bulletin: Vulnerability in RC4 stream cipher affects IBM Storwize V7000 Unified (CVE-2015-2808)

Summary The RC4 “Bar Mitzvah” Attack for SSL/TLS affects IBM Storwize V7000 Unified. Vulnerability Details CVEID: CVE-2015-2808 DESCRIPTION: The RC4 algorithm, as used in the TLS protocol and SSL protocol, could allow a remote attacker to obtain sensitive information. An attacker could exploit th...