CVE-2017-3971

Cryptanalysis vulnerability in the web interface in McAfee Network Security Management NSM before 8.2.7.42.2 allows attackers to view confidential information via insecure use of RC4 encryption cyphers...

CVE-2017-3971 SB10192 - Network Security Management (NSM) - Cryptanalysis vulnerability

Cryptanalysis vulnerability in the web interface in McAfee Network Security Management NSM before 8.2.7.42.2 allows attackers to view confidential information via insecure use of RC4 encryption cyphers...

CVE-2017-3971

CVE-2017-3971 – McAfee Network Security Management (NSM) : The vulnerability affects the NSM web interface prior to 8.2.7.42.2, due to insecure use of RC4 encryption ciphers in the authentication/web layer, enabling attackers to view confidential information. The issue is documented across multip...

NSA Brute-Force Keysearch Machine

The Intercept published a story about a dedicated NSA brute-force keysearch machine being built with the help of New York University and IBM. It's based on a document that was accidentally shared on the Internet by NYU. The article is frustratingly short on details: The WindsorGreen documents are...

SHA-1 Collisions Research

Today, a group of eight researchers from across the security industry released a research report on SHA-1 that demonstrates for the first time, a “hash collision” for the full SHA-1 hash algorithm called “SHAttered”. This is a significant step toward understanding this type of security issue, a...

SHA-1 Collisions Research

Today, a group of eight researchers from across the security industry released a research report on SHA-1 that demonstrates for the first time, a “hash collision” for the full SHA-1 hash algorithm called “SHAttered”. This is a significant step toward understanding this type of security issue, a...

Weak SSL 3DES Cipher Suites (CVE-2016-2183)

3DES is a widely supported stream cipher often preferred by TLS servers and other servers using encrypted sessions. Recent cryptanalysis results one of which is the SWEET32 exploit biases in the 3DES keystroke to recover repeatedly encrypted plain-texts. As a result 3DES can no longer be seen as...

Turing Award — Inventors of Modern Cryptography Win $1 Million Cash Prize

And the Winners of this year's Turing Award are: Whitfield Diffie and Martin E. Hellman. The former chief security officer at Sun Microsystems Whitfield Diffie and the professor at Stanford University Martin E. Hellman won the 2015 ACM Turing Award, which is frequently described as the "Nobel Pri...

SSH Diffie-Hellman Modulus <= 1024 Bits (Logjam)

The remote SSH server allows connections with one or more Diffie-Hellman moduli less than or equal to 1024 bits. Through cryptanalysis, a third party can find the shared secret in a short amount of time depending on modulus size and attacker resources. This allows an attacker to recover the...

Amazon Linux: Security Advisory (ALAS-2014-278)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Type74 ED Sensitive Information Disclosure Vulnerability

Type74 ED is a set of file encryption tools. A security vulnerability exists in Type74 ED versions prior to 4.0, which can be exploited to obtain plaintext data by differential cryptanalysis of files with an initial length of less than 128 bits...

AZL-6376 CVE-2015-2987 affecting package ed for versions less than 1.14.2-9

Type74 ED before 4.0 misuses 128-bit ECB encryption for small files, which makes it easier for attackers to obtain plaintext data via differential cryptanalysis of a file with an original length smaller than 128 bits...

AZL-34660 CVE-2015-2987 affecting package ed for versions less than 1.20-1

Type74 ED before 4.0 misuses 128-bit ECB encryption for small files, which makes it easier for attackers to obtain plaintext data via differential cryptanalysis of a file with an original length smaller than 128 bits...

CVE-2015-2987

Type74 ED before 4.0 misuses 128-bit ECB encryption for small files, which makes it easier for attackers to obtain plaintext data via differential cryptanalysis of a file with an original length smaller than 128 bits...

CVE-2015-2987

The CVE-2015-2987 issue affects Type74 ED before 4.0, where 128-bit ECB is misused for small files, enabling plaintext exposure via differential cryptanalysis when the file’s original length is

CVE-2015-2987

Type74 ED before 4.0 misuses 128-bit ECB encryption for small files, which makes it easier for attackers to obtain plaintext data via differential cryptanalysis of a file with an original length smaller than 128 bits...

File Encryption Software "ED" where encrypted data may be easier to decipher when files of small size are encrypted

Overview File encyption software "ED" contains an issue when files of small size are encyrpted, they may become easier to decipher in comparison to when files of a larger size are encrypted. When encrypting small files that are smaller than the block size 128 bits, file encryption software "ED"...

SSL/TLS Diffie-Hellman Modulus <= 1024 Bits (Logjam)

The remote host allows SSL/TLS connections with one or more Diffie-Hellman moduli less than or equal to 1024 bits. Through cryptanalysis, a third party may be able to find the shared secret in a short amount of time depending on modulus size and attacker resources. This may allow an attacker to...

Weak SSL RC4 Cipher Suites (CVE-2013-2566; CVE-2015-2808)

RC4 is a widely supported stream cipher, often preferred by TLS servers and other servers using encrypted sessions. It has long been known to have a variety of cryptographic weaknesses. Recent cryptanalysis results, one of which is the "Bar Mitzvah attack", exploit biases in the RC4 keystream to...

'Fully Secure Systems Don't Exist'

SAN FRANCISCO–The more things change, the more they stay the same. Thirty years ago, Adi Shamir, one of the inventors of the RSA algorithm, was asked to do a keynote speech at a conference and spoke about his laws of computer security. They were a set of principles that he developed over the year...