Oracle Linux 7 : krb5 (ELSA-2015-2154)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2015-2154 advisory. - the rebase to krb5 1.13.1 in vers 1.13.1-0 also fixed: - Bug 1144498 'Fix the race condition in the libkrb5 replay cache' - Bug 1163402 'kdb5ldaputil...

krb5: multiple issues

CVE-2014-5355 denial of service When a server process uses the krb5recvauth function, an unauthenticated remote attacker can cause a NULL dereference by sending a zero-byte version string, or a read beyond the end of allocated storage by sending a non-null-terminated version string. The example...

CVE-2014-6133

IBM API Management 3.x before 3.0.1.0 allows local users to obtain sensitive ciphertext information via unspecified vectors...

F5 Networks BIG-IP : TLS/SSL RC4 vulnerability (K14638)

The RC4 algorithm, as used in the TLS protocol and SSL protocol, has many single-byte biases, which makes it easier for remote attackers to conduct plaintext-recovery attacks via statistical analysis of ciphertext in a large number of sessions that use the same plaintext. CVE-2013-2566 Impact...

NetZero ZeroPort 3.0 Weak Encryption Method Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/1483/info Netzero is a free internet service provider which requires its users to run the application ZeroPort in order to log onto the network. The username and password is stored locally in a text file called id.dat and...

WhatsApp Crypto Implementation Vulnerability Discovered

WhatsApp, a popular mobile message application, suffers from crypto implementation vulnerability that leaves messages exposed. Thijs Alkemade, a computer science student at Utrecht University in The Netherlands who works on the open source Adium instant messaging project, disclosed a serious issu...

SOL14638 - TLS/SSL RC4 vulnerability CVE-2013-2566

The RC4 algorithm, as used in the TLS protocol and SSL protocol, has many single-byte biases, which makes it easier for remote attackers to conduct plaintext-recovery attacks via statistical analysis of ciphertext in a large number of sessions that use the same plaintext. CVE-2013-2566...

Code injection

The RC4 algorithm, as used in the TLS protocol and SSL protocol, has many single-byte biases, which makes it easier for remote attackers to conduct plaintext-recovery attacks via statistical analysis of ciphertext in a large number of sessions that use the same plaintext...

CVE-2013-2566

The RC4 algorithm, as used in the TLS protocol and SSL protocol, has many single-byte biases, which makes it easier for remote attackers to conduct plaintext-recovery attacks via statistical analysis of ciphertext in a large number of sessions that use the same plaintext...

CVE-2013-2566

The RC4 algorithm, as used in the TLS protocol and SSL protocol, has many single-byte biases, which makes it easier for remote attackers to conduct plaintext-recovery attacks via statistical analysis of ciphertext in a large number of sessions that use the same plaintext...

CVE-2013-2566

CVE-2013-2566 involves RC4 biases in TLS/SSL allowing plaintext-recovery via large volumes of sessions with the same plaintext. Multiple connected sources confirm this issue affecting products such as F5 BIG-IP (various modules) and IBM Proventia/SiteProtector family. Affected in some BIG-IP rele...

B3log Solo view any user's password-vulnerability warning-the black bar safety net

B3log Solo background A without reasonable permission to verify the interactive interface you can view any user information, including plaintext passwords. Currently the latest official Release 0.5.5 affected by this vulnerability, all the platform users are there is a leak the password of the...

Microsoft ASP.NET PKCS Padding Information Disclosure (MS10-070; CVE-2010-3332)

An information disclosure vulnerability has been reported in ASP.NET. This vulnerability is caused by ASP.NET providing web clients details in error messages when decrypting certain ciphertext. Successful exploitation of this vulnerability could allow the attacker to read and tamper with data. If...

PHP < 5.3.6 'OpenSSL' Extension - 'openssl_decrypt' Ciphertext Data Memory Leak Denial of Service

source: https://www.securityfocus.com/bid/46977/info PHP is prone to multiple remote denial-of-service vulnerabilities that affect the 'OpenSSL' extension. Successful attacks will cause the application to consume excessive memory, creating a denial-of-service condition. Versions prior to PHP 5.3....

CentOS Update for krb5-devel CESA-2010:0029 centos3 i386

Check for the Version of krb5-devel OpenVAS Vulnerability Test CentOS Update for krb5-devel CESA-2010:0029 centos3 i386 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modif...

CVE-2009-4212

Multiple integer underflows in the 1 AES and 2 RC4 decryption functionality in the crypto library in MIT Kerberos 5 aka krb5 1.3 through 1.6.3, and 1.7 before 1.7.1, allow remote attackers to cause a denial of service daemon crash or possibly execute arbitrary code by providing ciphertext with a...

Using CAIN to crack SqlServer2000 HASH-bug warning-the black bar safety net

All users of HASH are present in the master. dbo. sysxlogins table surface: select name,password from master. dbo. sysxlogins You can grab the HASH. The following is my machine on the SA user HASH: a 0x01004E04BE46023057E323AF27269E5b7ddca140c98d225bdd3d06e8efe8cfaec02985b27b38059fa3b18349612b An...

Default configuration

The default configuration of Java 1.5 on Apple Mac OS X 10.5.4 and 10.5.5 contains a jurisdiction policy that limits Java Cryptography Extension JCE key sizes to 128 bits, which makes it easier for attackers to decrypt ciphertext produced by JCE...

CVE-2008-4368

The default configuration of Java 1.5 on Apple Mac OS X 10.5.4 and 10.5.5 contains a jurisdiction policy that limits Java Cryptography Extension JCE key sizes to 128 bits, which makes it easier for attackers to decrypt ciphertext produced by JCE...

The use of cain to restore the encrypted ftp password-vulnerability warning-the black bar safety net

Author: Lu Yu, source:it168, responsible editor: Han Bo Ying, 2008-04-24 0 9:1 6 Stumbled upon Cain in the penetration process, there is a good use of skills, let's take a look at flashfxp encryption ciphertext, flashfxp connection records stored in the Stats. dat this file. Perhaps you will...