CVE-2023-42811 AEADs/aes-gcm: Plaintext exposed in decrypt_in_place_detached even on tag verification failure

aes-gcm is a pure Rust implementation of the AES-GCM. Starting in version 0.10.0 and prior to version 0.10.3, in the AES GCM implementation of decryptinplacedetached, the decrypted ciphertext i.e. the correct plaintext is exposed even if tag verification fails. If a program using the aes-gcm...

CVE-2023-42811 AEADs/aes-gcm: Plaintext exposed in decrypt_in_place_detached even on tag verification failure

aes-gcm is a pure Rust implementation of the AES-GCM. Starting in version 0.10.0 and prior to version 0.10.3, in the AES GCM implementation of decryptinplacedetached, the decrypted ciphertext i.e. the correct plaintext is exposed even if tag verification fails. If a program using the aes-gcm...

GHSA-V84F-6R39-CPFC HashiCorp Vault Improper Input Validation vulnerability

HashiCorp Vault and Vault Enterprise transit secrets engine allowed authorized users to specify arbitrary nonces, even with convergent encryption disabled. The encrypt endpoint, in combination with an offline attack, could be used to decrypt arbitrary ciphertext and potentially derive the...

CVE-2023-4680

HashiCorp Vault and Vault Enterprise transit secrets engine allowed authorized users to specify arbitrary nonces, even with convergent encryption disabled. The encrypt endpoint, in combination with an offline attack, could be used to decrypt arbitrary ciphertext and potentially derive the...

CVE-2023-4680

CVE-2023-4680 affects HashiCorp Vault/Vault Enterprise transit secrets engine. The vulnerability allows an authorized user to specify arbitrary nonces, even when convergent encryption is disabled. The encrypt endpoint, with an offline attack, could decrypt arbitrary ciphertext and potentially der...

PT-2023-9602 · Hashicorp +2 · Hashicorp Vault +3

Name of the Vulnerable Software and Affected Versions: HashiCorp Vault and Vault Enterprise versions 1.6.0 through 1.12.10 HashiCorp Vault and Vault Enterprise versions 1.13.0 through 1.13.6 HashiCorp Vault and Vault Enterprise versions 1.14.0 through 1.14.2 Description: The issue is related to...

Oracle Linux 7 : nss, / nss-softokn, / nss-util, / and / nspr (ELSA-2019-2237)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2019-2237 advisory. nspr 4.21.0-1 - Rebase to NSPR 4.21 nss 3.44.0-4 - Fix certutil man page - Fix extracting a public key from a private key for dh, ec, and dsa 3.44.0-3 ...

The vulnerability of the AES encryption algorithm implementation in TP-Link Tapo C200 IP cameras’ microprogramming software allows a intruder to gain unauthorized access to protected information.

The vulnerability of the AES encryption algorithm implemented in TP-Link Tapo C200 IP cameras relates to the repetition of character sequences in the encrypted text due to incorrect processing of the initialization vector. Exploiting this vulnerability can allow an intruder to gain unauthorized...

Protect

An insertion of sensitive information into log file vulnerability CWE-532 in FortiOS / FortiProxy log events may allow a remote authenticated attacker to read certain passwords in ciphertext...

openssl: timing attack in RSA Decryption implementation

A timing-based side channel exists in the OpenSSL RSA Decryption implementation, which could be sufficient to recover a ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption, an attacker would have to be able to send a very large number of trial messages...

openssl: timing attack in RSA Decryption implementation

A timing-based side channel exists in the OpenSSL RSA Decryption implementation, which could be sufficient to recover a ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption, an attacker would have to be able to send a very large number of trial messages...

openssl: timing attack in RSA Decryption implementation

A timing-based side channel exists in the OpenSSL RSA Decryption implementation, which could be sufficient to recover a ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption, an attacker would have to be able to send a very large number of trial messages...

openssl: timing attack in RSA Decryption implementation

A timing-based side channel exists in the OpenSSL RSA Decryption implementation, which could be sufficient to recover a ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption, an attacker would have to be able to send a very large number of trial messages...

AlmaLinux 9 : openssl (ALSA-2023:2523)

The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2023:2523 advisory. - OpenSSL supports creating a custom cipher via the legacy EVPCIPHERmethnew function and associated function calls. This function was deprecated in OpenSSL 3.0 and...

openssl: timing attack in RSA Decryption implementation

A timing-based side channel exists in the OpenSSL RSA Decryption implementation, which could be sufficient to recover a ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption, an attacker would have to be able to send a very large number of trial messages...

GHSA-JGVC-JFGH-RJVV Chosen Ciphertext Attack in Jose4j

Summary RSA15 in jose4j is susceptible to chosen ciphertext attacks. The attack allows to decrypt RSA15 or RSAOAEP encrypted ciphertexts. It may be feasible to sign with affected keys. Severity Moderate - exploiting this ciphertext attack could result in the ability to decrypt RSA15 or RSAOAEP...

Chosen Ciphertext Attack in Jose4j

Summary RSA15 in jose4j is susceptible to chosen ciphertext attacks. The attack allows to decrypt RSA15 or RSAOAEP encrypted ciphertexts. It may be feasible to sign with affected keys. Severity Moderate - exploiting this ciphertext attack could result in the ability to decrypt RSA15 or RSAOAEP...

PT-2023-33039 · Jose4J · Jose4J

Name of the Vulnerable Software and Affected Versions: jose4j affected versions not specified Description: The issue in jose4j allows for chosen ciphertext attacks, enabling the decryption of RSA1 5 or RSA OAEP encrypted ciphertexts. This could potentially allow an attacker to sign with affected...

ALPINE-CVE-2023-1255

Issue summary: The AES-XTS cipher decryption implementation for 64 bit ARM platform contains a bug that could cause it to read past the input buffer, leading to a crash. Impact summary: Applications that use the AES-XTS algorithm on the 64 bit ARM platform can crash in rare circumstances. The...

Cisco Firepower Threat Defense Software SSL Decryption Policy Bleichenbacher Attack (cisco-sa-ftd-tls-bb-rCgtmY2)

A vulnerability in the TLS handler of Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to gain access to sensitive information. This vulnerability is due to improper implementation of countermeasures against a Bleichenbacher attack on a device that uses...