54 matches found
postgresql: pgcrypto has multiple error messages for decryption with an incorrect key.
It was discovered that the pgcrypto module could return different error messages when decrypting certain data with an incorrect key. This could potentially help an authenticated user to launch a possible cryptographic attack, although no suitable attack is currently known...
Moderate: Red Hat Security Advisory: rh-postgresql94-postgresql security update
Updated rh-postgresql94-postgresql packages that fix three security issues are now available for Red Hat Software Collections 2. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity...
CVE-2014-5413
Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 through 2014 R1 uses the MD5 algorithm for an X.509 certificate, which makes it easier for remote attackers to spoof servers via a cryptographic attack against this algorithm...
CVE-2014-4364
The 802.1X subsystem in Apple iOS before 8 and Apple TV before 7 does not require strong authentication methods, which allows remote attackers to calculate credentials by offering LEAP authentication from a crafted Wi-Fi AP and then performing a cryptographic attack against the MS-CHAPv1 hash...
Authentication flaw
The 802.1X subsystem in Apple iOS before 8 and Apple TV before 7 does not require strong authentication methods, which allows remote attackers to calculate credentials by offering LEAP authentication from a crafted Wi-Fi AP and then performing a cryptographic attack against the MS-CHAPv1 hash...
Code injection
Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 through 2014 R1 uses the MD5 algorithm for an X.509 certificate, which makes it easier for remote attackers to spoof servers via a cryptographic attack against this algorithm...
CVE-2014-5413
CVE-2014-5413 affects Schneider Electric StruxureWare SCADA Expert ClearSCADA (2010 R3 through 2014 R1). The root issue is weak cryptographic controls: the self-signed web certificate uses MD5, enabling potential cryptographic spoofing of servers. Additionally, ICS-CERT describes a cross-site scr...
ProSoft Technology RadioLinx ControlScape PRNG vulnerability
Industrial automation software used worldwide to create and configure wireless radios that connect devices in environments such as oil and gas is vulnerable to attack by a hacker armed with an antenna from as far as 30 miles away. Though the vulnerability in the ProSoft Technology RadioLinx...
BEAST Cryptographic Attack Mitigations Overturned
The BEAST cryptographic attack, once thought to be largely mitigated, has two things conspiring against it to make breaches potentially possible again. Not only has a server-side mitigation essentially been rendered moot by recent research into the RC4 cryptographic protocol, but Apple has yet to...
FreeBSD : gnupg -- OpenPGP symmetric encryption vulnerability (8375a73f-01bf-11da-bc08-0001020eed82)
Serge Mister and Robert Zuccherato reports that the OpenPGP protocol is vulnerable to a cryptographic attack when using symmetric encryption in an automated way. David Shaw reports about the impact : This attack, while very significant from a cryptographic point of view, is not generally effectiv...
gnupg -- OpenPGP symmetric encryption vulnerability
Serge Mister and Robert Zuccherato reports that the OpenPGP protocol is vulnerable to a cryptographic attack when using symmetric encryption in an automated way. David Shaw reports about the impact: This attack, while very significant from a cryptographic point of view, is not generally effective...
Debian DSA-273-1 : krb4 - Cryptographic weakness
A cryptographic weakness in version 4 of the Kerberos protocol allows an attacker to use a chosen-plaintext attack to impersonate any principal in a realm. Additional cryptographic weaknesses in the krb4 implementation permit the use of cut-and-paste attacks to fabricate krb4 tickets for...
CVE-2003-0078
ssl3getrecord in s3pkt.c for OpenSSL before 0.9.7a and 0.9.6 before 0.9.6i does not perform a MAC computation if an incorrect block cipher padding is used, which causes an information leak timing discrepancy that may make it easier to launch cryptographic attacks that rely on distinguishing betwe...
CVE-2003-0078
ssl3getrecord in s3pkt.c for OpenSSL before 0.9.7a and 0.9.6 before 0.9.6i does not perform a MAC computation if an incorrect block cipher padding is used, which causes an information leak timing discrepancy that may make it easier to launch cryptographic attacks that rely on distinguishing betwe...