Insecure RSA Decryption (Bleichenbacher Timing Vulnerability)

cryptography is using insecure RSA Decryption and is vulnerable to Bleichenbacher Timing Vulnerability. When RSA decryption is used in online scenarios, it does not use RSA PKCS1v1.5 decryption with constant time, allowing an attacker to passively record traffic and later decrypt it...

CVE-2020-25659

python-cryptography 3.2 is vulnerable to Bleichenbacher timing attacks in the RSA decryption API, via timed processing of valid PKCS1 v1.5 ciphertext...

UBUNTU-CVE-2020-25659

python-cryptography 3.2 is vulnerable to Bleichenbacher timing attacks in the RSA decryption API, via timed processing of valid PKCS1 v1.5 ciphertext...

GHSA-HGGM-JPG3-V476 RSA decryption vulnerable to Bleichenbacher timing vulnerability

RSA decryption was vulnerable to Bleichenbacher timing vulnerabilities, which would impact people using RSA decryption in online scenarios. This is fixed in cryptography 3.2...

RSA decryption vulnerable to Bleichenbacher timing vulnerability

RSA decryption was vulnerable to Bleichenbacher timing vulnerabilities, which would impact people using RSA decryption in online scenarios. This is fixed in cryptography 3.2...

CVE-2020-10256

An issue was discovered in beta versions of the 1Password command-line tool prior to 0.5.5 and in beta versions of the 1Password SCIM bridge prior to 0.7.3. An insecure random number generator was used to generate various keys. An attacker with access to the user's encrypted data may be able to...

CVE-2020-10256

An issue was discovered in beta versions of the 1Password command-line tool prior to 0.5.5 and in beta versions of the 1Password SCIM bridge prior to 0.7.3. An insecure random number generator was used to generate various keys. An attacker with access to the user's encrypted data may be able to...

Design/Logic Flaw

An issue was discovered in beta versions of the 1Password command-line tool prior to 0.5.5 and in beta versions of the 1Password SCIM bridge prior to 0.7.3. An insecure random number generator was used to generate various keys. An attacker with access to the user's encrypted data may be able to...

CVE-2020-10256

An issue was discovered in beta versions of the 1Password command-line tool prior to 0.5.5 and in beta versions of the 1Password SCIM bridge prior to 0.7.3. An insecure random number generator was used to generate various keys. An attacker with access to the user's encrypted data may be able to...

CVE-2020-27181

A hardcoded AES key in CipherUtils.java in the Java applet of konzept-ix publiXone before 2020.015 allows attackers to craft password-reset tokens or decrypt server-side configuration files...

PT-2020-12009 · 1Password · 1Password Scim Bridge +1

Name of the Vulnerable Software and Affected Versions: 1Password command-line tool versions prior to 0.5.5 1Password SCIM bridge versions prior to 0.7.3 Description: An issue was discovered where an insecure random number generator was used to generate various keys. This could allow an attacker...

CVE-2020-25659

A flaw was found in python-cryptography, where it is vulnerable to Bleichenbacher timing attacks. This flaw allows an attacker, via the RSA decryption API, to decrypt parts of the ciphertext encrypted with RSA. The highest threat from this vulnerability is to confidentiality...

PT-2020-6703 · Pypi +8 · Python-Cryptography +8

Name of the Vulnerable Software and Affected Versions: python-cryptography versions 3.2 Description: The issue is related to errors in RSA key management in the python-cryptography package for the Python programming language. It may allow a remote attacker to gain unauthorized access to protected...

New Report on Police Decryption Capabilities

There is a new report on police decryption capabilities: specifically, mobile device forensic tools MDFTs. Short summary: its not just the FBI that can do it. This report documents the widespread adoption of MDFTs by law enforcement in the United States. Based on 110 public records requests to...

Design/Logic Flaw

A vulnerability in the sftunnel functionality of Cisco Firepower Management Center FMC Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to obtain the device registration hash. The vulnerability is due to insufficient sftunnel negotiation...

Cisco Firepower 1000 Series Bleichenbacher Attack Vulnerability

A vulnerability in the TLS handler of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software for Cisco Firepower 1000 Series firewalls could allow an unauthenticated, remote attacker to gain access to sensitive information. The vulnerability is due to...

EulerOS Virtualization 3.0.2.2 : nettle (EulerOS-SA-2020-2206)

According to the version of the nettle package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - A Bleichenbacher type side-channel based padding oracle attack was found in the way nettle handles endian conversion of RSA decrypted...

EulerOS Virtualization 3.0.2.2 : nss (EulerOS-SA-2020-2205)

According to the version of the nss packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a...

Huawei EulerOS: Security Advisory for nss (EulerOS-SA-2020-2205)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2020-8929

A mis-handling of invalid unicode characters in the Java implementation of Tink versions prior to 1.5 allows an attacker to change the ID part of a ciphertext, which result in the creation of a second ciphertext that can decrypt to the same plaintext. This can be a problem with encrypting...