CVE-2013-2061

The openvpndecrypt function in crypto.c in OpenVPN 2.3.0 and earlier, when running in UDP mode, allows remote attackers to obtain sensitive information via a timing attack involving an HMAC comparison function that does not run in constant time and a padding oracle attack on the CBC mode cipher...

CVE-2013-2061

The openvpndecrypt function in crypto.c in OpenVPN 2.3.0 and earlier, when running in UDP mode, allows remote attackers to obtain sensitive information via a timing attack involving an HMAC comparison function that does not run in constant time and a padding oracle attack on the CBC mode cipher...

Security Advisory 2868725: Recommendation to disable RC4

In light of recent research into practical attacks on biases in the RC4 stream cipher, Microsoft is recommending that customers enable TLS1.2 in their services and take steps to retire and deprecate RC4 as used in their TLS implementations. Microsoft recommends TLS1.2 with AES-GCM as a more secur...

OpenSSH 6.2 / 6.3 Remote Memory Corruption Vulnerability

Binary data 8050.prm...

CVE-2013-4548

The mmnewkeysfromblob function in monitorwrap.c in sshd in OpenSSH 6.2 and 6.3, when an AES-GCM cipher is used, does not properly initialize memory for a MAC context data structure, which allows remote authenticated users to bypass intended ForceCommand and login-shell restrictions via packet dat...

CVE-2013-4548

The mmnewkeysfromblob function in monitorwrap.c in sshd in OpenSSH 6.2 and 6.3, when an AES-GCM cipher is used, does not properly initialize memory for a MAC context data structure, which allows remote authenticated users to bypass intended ForceCommand and login-shell restrictions via packet dat...

HTTPS: block-wise chosen-plaintext attack against SSL/TLS (BEAST)

The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HT...

SSL/TLS: CBC padding timing attack (lucky-13)

The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct...

SSL Cipher Block Chaining Cipher Suites Supported

The remote host supports the use of SSL ciphers that operate in Cipher Block Chaining CBC mode. These cipher suites offer additional security over Electronic Codebook ECB mode, but have the potential to leak information if used improperly. C Tenable Network Security, Inc. include"compat.inc"; if...

Vulnerability in WhatsApp allows decrypting user messages

A serious vulnerability in WhatsApp allows anyone who is able to eavesdrop on WhatsApp connection to decrypt users' messages. Whatsapp, the mobile application for instant messaging platform has become one of the main communication tools of the present day and its popularity makes it attractive fo...

GLSA-201310-01 : Perl Module-Signature module: Arbitrary code execution

The remote host is affected by the vulnerability described in GLSA-201310-01 Perl Module-Signature module: Arbitrary code execution The cpansign verify command will automatically download keys and use them to check the signature of CPAN packages via the SIGNATURE file. If an attacker were to...

Amazon Linux AMI : nspr (ALAS-2013-216)

It was discovered that NSS leaked timing information when decrypting TLS/SSL and DTLS protocol encrypted records when CBC-mode cipher suites were used. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a TLS/SSL or DTLS server as a padding...

Amazon Linux AMI : nss (ALAS-2013-217)

It was discovered that NSS leaked timing information when decrypting TLS/SSL and DTLS protocol encrypted records when CBC-mode cipher suites were used. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a TLS/SSL or DTLS server as a padding...

Silent Circle Moving Away From NIST Ciphers in Wake of NSA Revelations

The first major domino to fall in the crypto world after the NSA leaks by Edward Snowden began was the decision by Lavabit, a secure email provider, to shut down in August rather than comply with a government order. Shortly thereafter, Silent Circle, another provider of secure email and other...

SSL Cipher suites are not configurable

Allow SSL cipher suites to be configured, preferably in the administration panel but at a minimum by editing the config.xml. Currently we are relying on the default cipher suites for jetty which includes some outdated ones that are considered insecure these days. See configuring cipher...

SSL Cipher suites are not configurable

Allow SSL cipher suites to be configured, preferably in the administration panel but at a minimum by editing the config.xml. Currently we are relying on the default cipher suites for jetty which includes some outdated ones that are considered insecure these days. See configuring cipher...

Juniper Steel-Belted Radius Multiple OpenSSL Vulnerabilities

The version of Juniper Steel-Belted Radius software installed on the remote RedHat or CentOS host is affected by multiple OpenSSL vulnerabilities : - The SSL 3.0 implementation in OpenSSL does not properly initialize data structures for block cipher padding, which could allow remote attackers to...

Information disclosure

The SSL implementation in IBM Security AppScan Enterprise before 8.7.0.1 enables cipher suites with weak encryption algorithms, which makes it easier for remote attackers to obtain sensitive information by sniffing the network...

CVE-2013-0531

The SSL implementation in IBM Security AppScan Enterprise before 8.7.0.1 enables cipher suites with weak encryption algorithms, which makes it easier for remote attackers to obtain sensitive information by sniffing the network...

Amazon Linux AMI : java-1.7.0-openjdk (ALAS-2013-162)

Multiple improper permission check issues were discovered in the JMX and Libraries components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. CVE-2013-1486 , CVE-2013-1484 An improper permission check issue was discovered in the...