456 matches found
CVE-2024-22064
ZTE ZXUN-ePDG product, which serves as the network node of the VoWifi system, under by default configuration, uses a set of non-unique cryptographic keys during establishing a secure connectionIKE with the mobile devices connecting over the internet . If the set of keys are leaked or cracked, the...
CVE-2002-20002
The Net::EasyTCP package before 0.15 for Perl always uses Perl's builtin rand, which is not a strong random number generator, for cryptographic keys...
CVE-2002-20002
The Net::EasyTCP package before 0.15 for Perl always uses Perl's builtin rand, which is not a strong random number generator, for cryptographic keys...
CVE-2002-20002
The Net::EasyTCP package before 0.15 for Perl always uses Perl's builtin rand, which is not a strong random number generator, for cryptographic keys...
CVE-2002-20002
CVE-2002-20002 affects Net::EasyTCP (Perl) before 0.15. The issue is that cryptographic keys are generated using Perl’s built-in rand(), which is not a strong RNG. Impact: potential weakness in cryptographic keys. CVSSv3.1 base score 5.4 (Network, High attack complexity, No privileges required, U...
MetaCPAN Net::EasyTCP 安全漏洞
MetaCPAN Net::EasyTCP is a module of the MetaCPAN Foundation. It is used to create secure, bandwidth-friendly TCP/IP clients and servers. A security vulnerability exists in MetaCPAN Net::EasyTCP versions prior to 0.15, which stems from the use of Perl's built-in rand function to generate...
PT-2025-1323 · Unknown · Net::Easytcp
Name of the Vulnerable Software and Affected Versions: Net::EasyTCP versions prior to 0.15 Description: The issue concerns the use of Perl's built-in rand function, which is not a strong random number generator, for generating cryptographic keys. This weakness can potentially lead to predictable...
USDA Releases Success Story Detailing the Implementation of Phishing-Resistant Multifactor Authentication
Today, the Cybersecurity and Infrastructure Security Agency CISA and the U.S. Department of Agriculture USDA released Phishing-Resistant Multifactor Authentication MFA Success Story: USDA’s FIDO Implementation. This report details how USDA successfully implemented phishing-resistant authenticatio...
CVE-2024-47126
The goTenna Pro App does not use SecureRandom when generating passwords for sharing cryptographic keys. The random function in use makes it easier for attackers to brute force this password if the broadcasted encryption key is captured over RF. This only applies to the optional broadcast of an...
CVE-2024-45723
The goTenna Pro ATAK Plugin does not use SecureRandom when generating passwords for sharing cryptographic keys. The random function in use makes it easier for attackers to brute force this password if the broadcasted encryption key is captured over RF. This only applies to the optional broadcast ...
CVE-2024-45723
Summary: CVE-2024-45723 affects the goTenna Pro ATAK Plugin. The root cause is the use of a cryptographically weak pseudo-random number generator (not SecureRandom) when generating passwords for sharing cryptographic keys, enabling easier brute-force if the RF-broadcast key is captured. Affected ...
CVE-2024-45723 goTenna Pro ATAK Plugin Use of Cryptographically Weak Pseudo-Random Number Generator
The goTenna Pro ATAK Plugin does not use SecureRandom when generating passwords for sharing cryptographic keys. The random function in use makes it easier for attackers to brute force this password if the broadcasted encryption key is captured over RF. This only applies to the optional broadcast ...
CVE-2024-47126 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in goTenna Pro
The goTenna Pro App does not use SecureRandom when generating passwords for sharing cryptographic keys. The random function in use makes it easier for attackers to brute force this password if the broadcasted encryption key is captured over RF. This only applies to the optional broadcast of an...
CVE-2024-47126
CVE-2024-47126 is confirmed via connected sources as a vulnerability in the goTenna Pro ecosystem where the app does not use SecureRandom when generating passwords to share cryptographic keys. The underlying flaw is a weak PRNG in the key-sharing flow, enabling a potential brute-force attack if t...
PT-2024-32421 · Gotenna · Gotenna Pro App +2
Name of the Vulnerable Software and Affected Versions: goTenna Pro App affected versions not specified goTenna Pro X affected versions not specified goTenna Pro X2 affected versions not specified Description: The goTenna Pro App does not use SecureRandom when generating passwords for sharing...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel, which stems from a cryptographic key disclosure vulnerability in the KEYS: trusted: dcp component...
CVE-2024-21981
Improper key usage control in AMD Secure Processor ASP may allow an attacker with local access who has gained arbitrary code execution privilege in ASP to extract ASP cryptographic keys, potentially resulting in loss of confidentiality and integrity...
CVE-2024-21981
Improper key usage control in AMD Secure Processor ASP may allow an attacker with local access who has gained arbitrary code execution privilege in ASP to extract ASP cryptographic keys, potentially resulting in loss of confidentiality and integrity...
CVE-2024-21981
CVE-2024-21981 – AMD Secure Processor (ASP) concerns an improper key usage control in ASP. An attacker with local access and arbitrary code execution in ASP could extract ASP cryptographic keys, threatening confidentiality and integrity. Connected AMD advisories list affected ASP/PSP components a...
Efficient Instruction Cache Attacks via Self-Modifying Code Conflicts
Bulletin ID: AMD-SB-7024 Potential Impact: N/A Severity: N/A Summary AMD is aware of a paper titled ‘SMaCK: Efficient Instruction Cache Attacks via Self-Modifying Code Conflicts,’ published by researchers from Iowa State University and Google®. The research paper attempts to extend data-cache-sid...