Information disclosure

dm-crypt in Linux kernel 2.6.15 and earlier does not clear a structure before it is freed, which leads to a memory disclosure that could allow local users to obtain sensitive information about a cryptographic key...

CVE-2006-0095

dm-crypt in Linux kernel 2.6.15 and earlier does not clear a structure before it is freed, which leads to a memory disclosure that could allow local users to obtain sensitive information about a cryptographic key...

CVE-2006-0095

dm-crypt in Linux kernel 2.6.15 and earlier does not clear a structure before it is freed, which leads to a memory disclosure that could allow local users to obtain sensitive information about a cryptographic key...

CVE-2006-0095

dm-crypt in Linux kernel 2.6.15 and earlier does not clear a structure before it is freed, which leads to a memory disclosure that could allow local users to obtain sensitive information about a cryptographic key...

CVE-2006-0095

CVE-2006-0095 affects dm-crypt in Linux kernel 2.6.15 and earlier, where an internal structure isn’t cleared before freeing, potentially leaking cryptographic key material to local users. Connected advisories (e.g., RHSA-2006:0132 and Debian DSA-1017-1) confirm the issue and describe the fix as a...

CVE-2004-2337

The CVE-2004-2337 entry concerns the file /.inlook/.crypt in inlook 0.7.3 and earlier, which is installed with world readable permissions. This allows local users to access POP3 credentials stored by the application. The root cause is improper permissions on the .crypt file, leading to confidenti...

CVE-2004-2337

The /.inlook/.crypt file for inlook 0.7.3 and earlier is installed with world readable permissions, which allows local users to obtain user POP3 credentials...

CVE-2004-2136

dm-crypt on Linux kernel 2.6.x, when used on certain file systems with a block size 1024 or greater, has certain "IV computation" weaknesses that allow watermarked files to be detected without decryption...

CVE-2004-2136

The CVE-2004-2136 entry concerns dm-crypt in the Linux kernel (2.6.x) used on certain filesystems with block sizes of 1024 or greater. The underlying issue is an IV computation weakness in the encryption mode that can allow watermarked files to be detected without decrypting the data. The availab...

Linux Kernel 2.6.x - Cryptoloop Information Disclosure

source: https://www.securityfocus.com/bid/13775/info Both cryptoloop and dm-crypt are reported prone to an information disclosure vulnerability. Reports indicate that certain watermarked files may be detected on a filesystem that is encrypted using the affected loop device encryption schemes. It...

CVE-2004-0823

OpenLDAP vulnerabilities: CVE-2004-0823 affects OpenLDAP 1.0–2.1.19 (as used in macOS 10.3.x and potentially other OSes). The issue allows certain authentication schemes to treat hashed (crypt) passwords stored in the userPassword attribute as plaintext, enabling remote attackers to reuse hashed ...

CVE-2004-2136

dm-crypt on Linux kernel 2.6.x, when used on certain file systems with a block size 1024 or greater, has certain "IV computation" weaknesses that allow watermarked files to be detected without decryption...

CVE-2003-0189

The authentication module for Apache 2.0.40 through 2.0.45 on Unix does not properly handle threads safely when using the cryptr or crypt functions, which allows remote attackers to cause a denial of service failed Basic authentication with valid usernames and passwords when a threaded MPM is use...

CVE-2001-0967

Knox Arkeia server (notably version 4.2) uses a constant salt when hashing passwords via crypt(), enabling easier brute‑force guessing. The root cause is the non‑unique salt value in password encryption, which compromises password strength. The PT-2001-2119 advisory aligns with this, describing t...

PT-2001-2119 · Knox · Knox Arkeia Server

Name of the Vulnerable Software and Affected Versions: Knox Arkeia server version 4.2 Description: The issue is related to the use of a constant salt when encrypting passwords using the crypt function, which makes it easier for an attacker to conduct brute force password guessing. Recommendations...

Слабый алгоритм шифрования в Crypt-PW (weak encryption)

Шифрованный парль легко декодируется...

Network Solutions Crypt-PW Authentication-Scheme vulnerability

Problem: While crypt password authentication is not in and of itself very secure, Network Sulotions have made it even less so by including the first two characters of the password as the salt of the encrypted form. While the password is transmitted via a secure session, the encrypted form is...

qnx crypt comprimised

the crypt function for qnx turned out to a bit mixer, not a hash function. It's now possible to extract plaintext from the hashes. On a related note, all IOpeners running qnx use the same root password. Telnetd is running, and allows remote login as root. This is a huge security hole, as you can...

Скомпромитирован crypt() в QNX

Для шифрования пароля используется обратимый алгоритм битового вращения, который позволяет восстановить исходный текстовй пароль...

QSSL QNX 4.25 A - crypt() Local Privilege Escalation

QSSL QNX 4.25 A - crypt Local Privilege Escalation / source: https://www.securityfocus.com/bid/1114/info A design error in the operation of the crypt3 function exists in QNX, from QNX System Software, Limited QSSL. The flaw allows the recovery of passwords from the hashes. On most Unix variants,...