764 matches found
On Padding Oracle Attacks
Poodle is a vulnerability found in late 2014, and it is still occasionally seen during penetration tests. The vulnerability allows an attacker with a man-in-the-middle position to downgrade a secure connection between a client and a server to the vulnerable SSLv3. After the connection is...
Medium: python-crypto
Issue Overview: Weak ElGamal key parameters in PublicKey/ElGamal.py allow attackers to obtain sensitive information by reading ciphertext: lib/Crypto/PublicKey/ElGamal.py in PyCrypto through 2.6.1 generates weak ElGamal key parameters, which allows attackers to obtain sensitive information by...
erlang: TLS server vulnerable to Adaptive Chosen Ciphertext attack allowing plaintext recovery or MITM attack
An erlang TLS server configured with cipher suites using RSA key exchange, may be vulnerable to an Adaptive Chosen Ciphertext attack AKA Bleichenbacher attack against RSA. This may result in plain-text recovery of encrypted messages and/or a man-in-the-middle MiTM attack, despite the attacker not...
Unisys ClearPath MCP System TCP/IP networking Module Bot Attack Vulnerability
Unisys ClearPath MCP system is a set of operating systems dedicated to ClearPath servers from Unisys Corporation in the U.S. TCP/IP networking is one of the network connection modules. A security vulnerability exists in the TLS implementation of the TCP/IP networking module versions 58.1, 59.1, a...
CVE-2017-17428
Cavium Nitrox SSL, Nitrox V SSL, and TurboSSL software development kits SDKs allow remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a ROBOT attack...
CVE-2017-17428
Cavium Nitrox SSL, Nitrox V SSL, and TurboSSL software development kits SDKs allow remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a ROBOT attack...
Code injection
The TLS implementation in the TCP/IP networking module in Unisys ClearPath MCP systems with TCP-IP-SW 58.1 before 58.160, 59.1 before 059.1a.17 IC 17, and 60.0 before 60.044 might allow remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a ROBOT...
CVE-2018-5762
The TLS implementation in the TCP/IP networking module in Unisys ClearPath MCP systems with TCP-IP-SW 58.1 before 58.160, 59.1 before 059.1a.17 IC 17, and 60.0 before 60.044 might allow remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a ROBOT...
erlang: TLS server vulnerable to Adaptive Chosen Ciphertext attack allowing plaintext recovery or MITM attack
An erlang TLS server configured with cipher suites using RSA key exchange, may be vulnerable to an Adaptive Chosen Ciphertext attack AKA Bleichenbacher attack against RSA. This may result in plain-text recovery of encrypted messages and/or a man-in-the-middle MiTM attack, despite the attacker not...
Information disclosure
cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data i.e., it does not have semantic security in face of a ciphertext-only attack. The Decisional...
CVE-2018-6829
cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data i.e., it does not have semantic security in face of a ciphertext-only attack. The Decisional...
CVE-2018-6829
cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data i.e., it does not have semantic security in face of a ciphertext-only attack. The Decisional...
CVE-2018-6829
cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data i.e., it does not have semantic security in face of a ciphertext-only attack. The Decisional...
CVE-2018-6594
lib/Crypto/PublicKey/ElGamal.py in PyCrypto through 2.6.1 generates weak ElGamal key parameters, which allows attackers to obtain sensitive information by reading ciphertext data i.e., it does not have semantic security in face of a ciphertext-only attack. The Decisional Diffie-Hellman DDH...
PyCrypto Information Disclosure Vulnerability
PyCrypto is an encryption toolkit written in Python that includes MD5, AES, DES3 and other encryption algorithms. A security vulnerability exists in the lib/Crypto/PublicKey/ElGamal.py file in PyCrypto 2.6.1 and earlier versions, which stems from the program generating weak ElGamal key parameters...
PYSEC-2018-97
lib/Crypto/PublicKey/ElGamal.py in PyCrypto through 2.6.1 generates weak ElGamal key parameters, which allows attackers to obtain sensitive information by reading ciphertext data i.e., it does not have semantic security in face of a ciphertext-only attack. The Decisional Diffie-Hellman DDH...
DEBIAN-CVE-2018-6594
lib/Crypto/PublicKey/ElGamal.py in PyCrypto through 2.6.1 generates weak ElGamal key parameters, which allows attackers to obtain sensitive information by reading ciphertext data i.e., it does not have semantic security in face of a ciphertext-only attack. The Decisional Diffie-Hellman DDH...
CVE-2018-6594
lib/Crypto/PublicKey/ElGamal.py in PyCrypto through 2.6.1 generates weak ElGamal key parameters, which allows attackers to obtain sensitive information by reading ciphertext data i.e., it does not have semantic security in face of a ciphertext-only attack. The Decisional Diffie-Hellman DDH...
PYSEC-2018-97
lib/Crypto/PublicKey/ElGamal.py in PyCrypto through 2.6.1 generates weak ElGamal key parameters, which allows attackers to obtain sensitive information by reading ciphertext data i.e., it does not have semantic security in face of a ciphertext-only attack. The Decisional Diffie-Hellman DDH...
CVE-2018-6594
lib/Crypto/PublicKey/ElGamal.py in PyCrypto through 2.6.1 generates weak ElGamal key parameters, which allows attackers to obtain sensitive information by reading ciphertext data i.e., it does not have semantic security in face of a ciphertext-only attack. The Decisional Diffie-Hellman DDH...