47 matches found
WebEOC implements weak algorithms to encrypt sensitive information
Overview WebEOC uses weak cryptographic algorithms to encrypt sensitive information. Description WebEOC is a web-based crisis information management application that provides functions to gather, coordinate, and disseminate information between emergency personnel and Emergency Operations Centers...
SHA-1 Broken
HA-1 Broken SHA-1 has been broken. Not a reduced-round version. Not a simplified version. The real thing. The research team of Xiaoyun Wang, Yiqun Lisa Yin, and Hongbo Yu mostly from Shandong University in China have been quietly circulating a paper describing their results: collisions in the the...
Microsoft Windows Remote Desktop Protocol (RDP) uses weak algorithm for encrypting packets
Overview Microsoft Windows Remote Desktop Protocol RDP uses a weak algorithm for encrypting packets. Description Microsoft describes RDP as follows.RDP is based on, and is an extension of, the T.120 protocol family standards. It is a multichannel-capable protocol that allows for separate virtual...
Syskey reuses keystream
Overview Versions of SYSKEY in use prior to December, 1999 leave the SAM database vulnerable to cryptanalytic attacks. Description SYSKEY is a utility introduced in Microsoft Windows NT 4.0 service pack 3 to provide strong cryptographic protection to the SAM password database. The protection SYSK...
CVE-2001-0381
The OpenPGP PGP standard allows an attacker to determine the private signature key via a cryptanalytic attack in which the attacker alters the encrypted private key file and captures a single message signed with the signature key...
CVE-2001-0381
The OpenPGP PGP standard allows an attacker to determine the private signature key via a cryptanalytic attack in which the attacker alters the encrypted private key file and captures a single message signed with the signature key...
CVE-2001-0381
The CVE-2001-0381 entry describes a vulnerability in the OpenPGP/PGP standard where an attacker can determine the private signature key through a cryptanalytic attack that involves modifying the encrypted private key file and then signing a single message. The available documents identify the aff...