1479 matches found
Design/Logic Flaw
Unsalted password vulnerability in the Enterprise Manager web portal component in Intel Security McAfee Vulnerability Manager MVM 7.5.8 and earlier allows attackers to more easily decrypt user passwords via brute force attacks against the database...
CVE-2016-2879
IBM QRadar 7.2 uses outdated hashing algorithms to hash certain passwords, which could allow a local user to obtain and decrypt user credentials. IBM Reference : 1997341...
CVE-2016-4685
An issue was discovered in certain Apple products. iOS before 10.1 is affected. The issue involves the "iTunes Backup" component, which improperly hashes passwords, making it easier to decrypt files...
CVE-2016-4685
An issue was discovered in certain Apple products. iOS before 10.1 is affected. The issue involves the "iTunes Backup" component, which improperly hashes passwords, making it easier to decrypt files...
CVE-2016-3034
IBM AppScan Source uses a one-way hash without salt to encrypt highly sensitive information, which could allow a local attacker to decrypt information more easily...
CVE-2016-3034
IBM AppScan Source uses a one-way hash without salt to encrypt highly sensitive information, which could allow a local attacker to decrypt information more easily...
CVE-2016-3034
IBM AppScan Source uses a one-way hash without salt to encrypt highly sensitive information, which could allow a local attacker to decrypt information more easily...
CVE-2016-3034
IBM AppScan Source uses a one-way hash without salt to encrypt highly sensitive information, which could allow a local attacker to decrypt information more easily...
Weak Diffie-Hellman Handshake Due To Truncated Secret Length
libssh2 is vulnerable to weak handshakes. The vulnerability happens because diffiehellmansha256 function in kex.c in libssh2 generates secret key of length 128 or 256 bits instead of 1023 or 2047 bits, allowing the attackers to intercept or decrypt SSH sessions using bits/bytes confusion bug...
Design/Logic Flaw
A vulnerability in the Decrypt for End-User Notification configuration parameter of Cisco AsyncOS Software for Cisco Web Security Appliances could allow an unauthenticated, remote attacker to connect to a secure website over Secure Sockets Layer SSL or Transport Layer Security TLS, even if the WS...
CVE-2016-9212
Cisco Web Security Appliance (WSA) Drop Decrypt Policy Bypass (CVE-2016-9212) is caused by incomplete HTTP header input validation in the Decrypt for End-User Notification configuration. Under HTTPS decryption, an unauthenticated remote attacker could connect to a blocked HTTPS website despite po...
ALPINE-CVE-2016-6606
An issue was discovered in cookie encryption in phpMyAdmin. The decryption of the username/password is vulnerable to a padding oracle attack. This can allow an attacker who has access to a user's browser cookie file to decrypt the username and password. Furthermore, the same initialization vector...
Cisco Web Security Appliance Drop Decrypt Policy Bypass Vulnerability
A vulnerability in the Decrypt for End-User Notification configuration parameter of Cisco AsyncOS Software for Cisco Web Security Appliances could allow an unauthenticated, remote attacker to connect to a secure website over Secure Sockets Layer SSL or Transport Layer Security TLS, even if the WS...
Cisco Web Security Appliance Drop Decrypt Policy Bypass Vulnerability
A vulnerability in the Decrypt for End-User Notification configuration parameter of Cisco AsyncOS Software for Cisco Web Security Appliances could allow an unauthenticated, remote attacker to connect to a secure website over Secure Sockets Layer SSL or Transport Layer Security TLS, even if the WS...
LOGJAM: TLS connections which support export grade DHE key-exchange are vulnerable to MITM attacks
A flaw was found in the way the TLS protocol composes the Diffie-Hellman exchange for both export and non-export grade cipher suites. An attacker could use this flaw to downgrade a DHE connection to use export-grade key sizes, which could then be broken by sufficient pre-computation. This can lea...
Cryptography API: Next Generation (CNG) vulnerable to denial-of-service (DoS)
Overview Cryptography API: Next Generation CNG contains an issue in BCryptDecrypt, which may result in a denial-of-service DoS. ASHINO, Yuki of NEC Corporation reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact...
CVE-2016-6411
Cisco Firepower Management Center and FireSIGHT System Software 6.0.1 mishandle comparisons between URLs and X.509 certificates, which allows remote attackers to bypass intended do-not-decrypt settings via a crafted URL, aka Bug ID CSCva50585...
CVE-2016-6411
Cisco Firepower Management Center and FireSIGHT System Software 6.0.1 mishandle comparisons between URLs and X.509 certificates, which allows remote attackers to bypass intended do-not-decrypt settings via a crafted URL, aka Bug ID CSCva50585...
Design/Logic Flaw
Cisco Firepower Management Center and FireSIGHT System Software 6.0.1 mishandle comparisons between URLs and X.509 certificates, which allows remote attackers to bypass intended do-not-decrypt settings via a crafted URL, aka Bug ID CSCva50585...
CVE-2016-6411
Cisco Firepower Management Center and FireSIGHT System Software 6.0.1 mishandle comparisons between URLs and X.509 certificates, which allows remote attackers to bypass intended do-not-decrypt settings via a crafted URL, aka Bug ID CSCva50585...