Pulsar - Data Exfiltration And Covert Communication Tool

Pulsar is a tool for data exfiltration and covert communication that enable you to create a secure data transfer, a bizarre chat or a network tunnel through different protocols, for example you can receive data from tcp connection and resend it to real destination through DNS packets. Setting up...

Man-in-the-Middle (MitM)

openssl3 is vulnerable to man-in-the-middle MitM attacks. The vulnerability exists because implementing the RC4-MD5 cipher suite incorrectly uses the AAD data as the MAC key, allowing an attacker to perform a man-in-the-middle attack to modify data being sent from one endpoint to an OpenSSL...

OpenSSL Encryption Problem Vulnerability (CNVD-2022-37790)

OpenSSL is an open source general-purpose cryptographic library from the Openssl team capable of implementing the Secure Sockets Layer SSLv2/v3 and Secure Transport Layer TLSv1 protocols. The product supports multiple encryption algorithms, including symmetric ciphers, hashing algorithms, secure...

CVE-2022-20742

Cisco ASA Software and Firepower Threat Defense (FTD) Software contain an IPsec IKEv2 VPN information disclosure vulnerability (CVE-2022-20742) due to improper GCM cipher implementation. An unauthenticated, remote attacker in a man-in-the-middle position can intercept encrypted messages across an...

OpenSSL -- Multiple vulnerabilities

The OpenSSL project reports: The crehash script allows command injection CVE-2022-1292 Moderate The crehash script does not properly sanitise shell metacharacters to prevent command injection. This script is distributed by some operating systems in a manner where it is automatically executed. On...

Apache Doris hardcoded key and IV

Apache Doris, prior to 1.0.0, used a hardcoded key and IV to initialize the cipher used for ldap password, which may lead to information disclosure...

Information disclosure

Apache Doris, prior to 1.0.0, used a hardcoded key and IV to initialize the cipher used for ldap password, which may lead to information disclosure...

CVE-2022-23942 Apache Doris hardcoded cryptography initialization

Apache Doris, prior to 1.0.0, used a hardcoded key and IV to initialize the cipher used for ldap password, which may lead to information disclosure...

Exploit for Improper Certificate Validation in Golang Go

POC for CVE-2021-34558 bash Run the malicious TLS server...

Security Bulletin: Vulnerability in Diffie-Hellman ciphers affects IBM InfoSphere Optim Performance Manager (CVE-2015-4000)

Summary The Logjam Attack on TLS connections using the Diffie-Hellman DH key exchange protocol affects IBM InfoSphere Optim Performance Manager Vulnerability Details CVEID: CVE-2015-4000 DESCRIPTION: The TLS protocol could allow a remote attacker to obtain sensitive information, caused by the...

CVE-2021-20313

A flaw was found in ImageMagick in versions before 7.0.11. A potential cipher leak when the calculate signatures in TransformSignature is possible. The highest threat from this vulnerability is to data confidentiality...

Ruby: imap: StartTLS stripping attack (CVE-2016-0772).

net/imap does not seem to raise an exception when the remote end imap server fails to respond with taggedresponse NO/BAD or OK to an explicit call of imap.starttls. This may allow a malicious MITM to perform a starttls stripping attack if the client code does not explicitly set usessl = true on...

OSV-2021-616 Heap-buffer-overflow in Camellia_Ekeygen

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=33028 Crash type: Heap-buffer-overflow READ 1 Crash state: CamelliaEkeygen Camelliasetkey cipherhwcamelliainitkey...

CVE-2021-3446

A flaw was found in libtpms in versions before 0.8.2. The commonly used integration of libtpms with OpenSSL contained a vulnerability related to the returned IV initialization vector when certain symmetric ciphers were used. Instead of returning the last IV it returned the initial IV to the calle...

Zodiac Killer Cipher Solved

The SF Chronicle is reporting more details here, and the FBI is confirming, that a Melbourne mathematician and team has decrypted the 1969 message sent by the Zodiac Killer to the newspaper. Theres no paper yet, but there are a bunch of details in the news articles. Heres an interview with one of...

The Zodiac Killer's Cipher Is Finally Cracked After 51 Years

Amateur and professional cryptographers, including those at the FBI, had been trying to decode the infamous serial killer's message to the media for decades...

In-band Protocol Negotiation And Robustness Weakness

aws-encryption-sdk suffers from an In-band protocol negotiation and robustness weakness. The SDK allows a unique ciphertext to be decrypted into different results due to the non-committing property of AES-GCM, and other AEAD ciphers such as AES-GCM-SIV, or XChaCha20Poly1305, when encrypting...

crate has been renamed to `cipher`

This crate has been renamed from stream-cipher to cipher. The new repository location is at:...

RUSTSEC-2020-0057 crate has been renamed to `cipher`

This crate has been renamed from block-cipher to cipher. The new repository location is at:...

Security Bulletin: Vulnerability in GSKit affects IBM Sterling Connect:Direct for Microsoft Windows (CVE-2016-2183)

Summary An OpenSSL vulnerability disclosed by the OpenSSL Project affects GSKit. IBM Sterling Connect:Direct for Microsoft Windows uses GSKit and therefore is also vulnerable. This vulnerability is known as the SWEET32 Birthday attack. Vulnerability Details CVEID: CVE-2016-2183 DESCRIPTION: OpenS...