162 matches found
Communication message decryption vulnerability exists in the Voyager Android app
The Voyager Android app is a mobile app for buying airline tickets. A communication message decryption vulnerability exists in the TravelSense Android app. The vulnerability stems from fixed-key hardcoding, which can be exploited by an attacker to crack the encryption algorithm and break other...
Design/Logic Flaw
The RSA and DSA decryption code in Nettle makes it easier for attackers to discover private keys via a cache side channel attack...
nettle: RSA/DSA code is vulnerable to cache-timing related attacks
It was found that nettle's RSA and DSA decryption code was vulnerable to cache-related side channel attacks. An attacker could use this flaw to recover the private key from a co-located virtual-machine instance...
CVE-2016-8871
In Botan 1.11.29 through 1.11.32, RSA decryption with certain padding options had a detectable timing channel which could given sufficient queries be used to recover plaintext, aka an "OAEP side channel" attack...
Cisco Nexus 9000 Series Software Password Exposure Vulnerability (Cisco-SA-20150623-CVE-2015-4213)
A vulnerability in Cisco Nexus 9000 Series Software could allow an authenticated, remote attacker to expose passwords in plain text format. Copyright C 2016 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right...
DEBIAN-CVE-2015-7511
Libgcrypt before 1.6.5 does not properly perform elliptic-point curve multiplication during decryption, which makes it easier for physically proximate attackers to extract ECDH keys by measuring electromagnetic emanations...
SSL DROWN Attack Vulnerability (Decrypting RSA with Obsolete and Weakened eNcryption)
Binary data 801962.prm...
SSLv2 Cross-Protocol Session Decryption Vulnerability (DROWN)
Binary data 9127.prm...
CVE-2016-1910
The User Management Engine UME in SAP NetWeaver 7.4 allows attackers to decrypt unspecified data via unknown vectors, aka SAP Security Note 2191290...
CVE-2016-1910
The User Management Engine UME in SAP NetWeaver 7.4 allows attackers to decrypt unspecified data via unknown vectors, aka SAP Security Note 2191290...
PT-2018-2116
Name of the Vulnerable Software and Affected Versions Mbed TLS versions prior to 2.14.1 Mbed TLS versions prior to 2.7.8 Mbed TLS versions prior to 2.1.17 Description The issue is related to a local synchronization problem during RSA decryption in Mbed TLS, allowing a local unprivileged attacker ...
IBM DataPower Gateways GatewayScript Module Information Disclosure Vulnerability
IBM DataPower Gateways is a suite of security and integration platforms from IBM USA designed specifically for mobile, cloud, application programming interfaces APIs, web, service-oriented architecture SOA, B2B, and cloud workloads, which protects, integrates, and optimizes access across channels...
CVE-2015-7412
The GatewayScript modules on IBM DataPower Gateways with software 7.2.0.x before 7.2.0.1, when the GatewayScript decryption API or a JWE decrypt action is enabled, do not require signed ciphertext data, which makes it easier for remote attackers to obtain plaintext data via a padding-oracle attac...
Cisco Nexus 9000 NX-OS Information Disclosure Vulnerability
Cisco NX-OS is an operating system that runs in the Nexus 9000 series devices. A security vulnerability in the Cisco NX-OS decryption mechanism on Cisco Nexus 9000 devices allows a remote attacker to obtain plaintext passwords...
Wireshark TLS/SSL Decryption Denial of Service Vulnerability
Wireshark is an open source network protocol analysis tool. A denial of service vulnerability exists in Wireshark TLS/SSL because it fails to properly handle certain types of packets. An attacker could exploit this vulnerability to crash the affected application and deny service to legitimate use...
Security crisis crack USB disk encryption tool encryption principles-vulnerability warning-the black bar safety net
The use of U disk, mobile hard disk encryption tool encryption folder, I use file Sniffer tool also can't see the encrypted real files, when with a Duba scanning found, it seems like these files are hidden stored in/Thumbs. dn/7./ Where that 7. The 7 is sometimes other numbers, but I directly so...
Design/Logic Flaw
The blowfish mode in DAR before 2.3.4 uses weak Blowfish-CBC cryptography by 1 discarding random bits by the blowfish::makeivec function in libdar/crypto.cpp that results in predictable and repeating IV values, and 2 direct use of a password for keying, which makes it easier for context-dependent...
Hardcoded credentials
iOpus Secure Email Attachments SEA, probably 1.0, does not properly handle passwords that consist of repetitions of a substring, which allows attackers to decrypt files by entering only the substring...
CVE-2006-2036
CVE-2006-2036 affects iOpus Secure Email Attachments (SEA) 1.0. Root cause: improper handling of passwords that are repetitions of a substring, enabling an attacker to decrypt files by entering only the substring. Impact: partial confidentiality. No remediation details are provided in the supplie...
CVE-2005-3256
The key selection dialogue in Enigmail before 0.92.1 can incorrectly select a key with a user ID that does not have additional information, which allows parties with that key to decrypt the message...