NetScaler web management cookie cipher weakness

The remote web server is prone to an information disclosure attack. Description : The version of the Citrix NetScaler web management interface on the remote host uses weak encryption for protecting the HTTP cookie content by XORing sensitive values, including the username and password, with a fix...

ike-scan (NASL wrapper)

ike-scan NASL wrapper This plugin runs ike-scan to identify IPSEC VPN endpoints. It will attempt to enumerate supported cipher suites, bruteforce valid groupnames and fingerprint any endpoint identified. OpenVAS Vulnerability Test $Id: ike-scan.nasl 7153 2017-09-15 15:03:32Z cfischer $ Descriptio...

IPSwitch IMail Server <= 8.1 Local Password Decryption Utility

No description provided by source. / IpSwitch IMail Server = ver 8.1 User Password Decryption by Adik netmaniac hotmail KG IpSwitch IMail Server uses weak encryption algorithm to encrypt its user passwords. It uses polyalphabetic Vegenere cipher to encrypt its user passwords. This encryption sche...

openssl get_shared_ciphers overflow

Buffer overflow in the SSLgetsharedciphers function in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions has unspecified impact and remote attack vectors involving a long list of ciphers...

mod_ssl SSLCipherSuite bypass

The modssl module in Apache 2.0.35 through 2.0.52, when using the "SSLCipherSuite" directive in directory or location context, allows remote clients to bypass intended restrictions by using any cipher suite that is allowed by the virtual host configuration...

perl-Crypt-CBC weaker encryption with some ciphers

Crypt::CBC Perl module 2.16 and earlier, when running in RandomIV mode, uses an initialization vector IV of 8 bytes, which results in weaker encryption when used with a cipher that requires a larger block size than 8 bytes, such as Rijndael...

mod_ssl SSLCipherSuite bypass

The modssl module in Apache 2.0.35 through 2.0.52, when using the "SSLCipherSuite" directive in directory or location context, allows remote clients to bypass intended restrictions by using any cipher suite that is allowed by the virtual host configuration...

DEBIAN-CVE-2008-1672

OpenSSL 0.9.8f and 0.9.8g allows remote attackers to cause a denial of service crash via a TLS handshake that omits the Server Key Exchange message and uses "particular cipher suites," which triggers a NULL pointer dereference...

Null pointer dereference

OpenSSL 0.9.8f and 0.9.8g allows remote attackers to cause a denial of service crash via a TLS handshake that omits the Server Key Exchange message and uses "particular cipher suites," which triggers a NULL pointer dereference...

CVE-2008-1672

OpenSSL 0.9.8f and 0.9.8g allows remote attackers to cause a denial of service crash via a TLS handshake that omits the Server Key Exchange message and uses "particular cipher suites," which triggers a NULL pointer dereference...

Vulnerability in OpenSSL CVE-2008-1672

Testing using the Codenomicon TLS test suite discovered a flaw if the ‘Server Key exchange message’ is omitted from a TLS handshake in OpenSSL 0.9.8f and OpenSSL 0.9.8g. If a client connects to a malicious server with particular cipher suites, the server could cause the client to crash. Found by...

Debian DSA-1581-1 : gnutls13 - several vulnerabilities

Several remote vulnerabilities have been discovered in GNUTLS, an implementation of the SSL/TLS protocol suite. NOTE: The libgnutls13 package, which provides the GNUTLS library, does not contain logic to automatically restart potentially affected services. You must restart affected services...

GNUTLS-SA-2008-1-3 GnuTLS memory overread flaw

Integer signedness error in the gnutlsciphertext2compressed function in lib/gnutlscipher.c in libgnutls in GnuTLS before 2.2.4 allows remote attackers to cause a denial of service buffer over-read and crash via a certain integer value in the Random field in an encrypted Client Hello message withi...

perl-Crypt-CBC weaker encryption with some ciphers

Crypt::CBC Perl module 2.16 and earlier, when running in RandomIV mode, uses an initialization vector IV of 8 bytes, which results in weaker encryption when used with a cipher that requires a larger block size than 8 bytes, such as Rijndael...

mod_ssl SSLCipherSuite bypass

The modssl module in Apache 2.0.35 through 2.0.52, when using the "SSLCipherSuite" directive in directory or location context, allows remote clients to bypass intended restrictions by using any cipher suite that is allowed by the virtual host configuration...

openSUSE 10 Security Update : tomcat55 (tomcat55-5069)

This update of tomcat fixes cross-site-scripting bugs CVE-2007-2449 as well as it improves the list of supported SSL ciphers CVE-2007-1858. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update...

CVE-2007-6340

Geert Moernaut LSrunasE 1.0 and Supercrypt 1.0 use the RC4 stream cipher without constructing a unique initialization vector IV, which makes it easier for local users to obtain cleartext passwords...

CVE-2007-6340

Geert Moernaut LSrunasE 1.0 and Supercrypt 1.0 use the RC4 stream cipher without constructing a unique initialization vector IV, which makes it easier for local users to obtain cleartext passwords...

CVE-2007-6340

The connected advisory confirms CVE-2007-6340 affects LSrunasE 1.0 and Supercrypt 1.0 and explains the root cause: RC4 is used without a unique initialization vector, deriving a constant keystream across all passwords. This insecure design allows an attacker with local access to break encryption ...

Insecure Use of RC4 in LSrunasE and Supercrypt (CVE-2007-6340)

COMPASS SECURITY ADVISORY http://www.csnc.ch/ Product: LSrunasE, Supercrypt Vendor: Geert Moernaut Type: Flawed Encryption Risk: Medium Author: Daniel Roethlisberger Date: 2008-01-29 CVE Name: CVE-2007-6340 Introduction ------------ LSrunasE 1 and Supercrypt 2 are utilities used to run commands...