Security Bulletin: TLS padding vulnerability affects Sterling Connect:Direct for UNIX (CVE-2014-8730)

Summary Transport Layer Security TLS padding vulnerability via a POODLE Padding Oracle On Downgraded Legacy Encryption like attack affects Sterling Connect:Direct for UNIX. Vulnerability Details CVE-ID: CVE-2014-8730 DESCRIPTION: Product could allow a remote attacker to obtain sensitive...

Easergy Builder Hardcoded Encryption Key Plaintext Storage Vulnerability

Schneider Electric Easergy Builder is a set of configuration software for Easergy remote terminal units and controllers from Schneider Electric, France. A security vulnerability exists in Schneider Electric Easergy Builder version 1.4.7.2 and prior versions. An attacker could exploit the...

CVE-2020-7515

A CWE-321: Use of hard-coded cryptographic key stored in cleartext vulnerability exists in Easergy Builder V1.4.7.2 and prior which could allow an attacker to decrypt a password...

CVE-2020-7515

A CWE-321: Use of hard-coded cryptographic key stored in cleartext vulnerability exists in Easergy Builder V1.4.7.2 and prior which could allow an attacker to decrypt a password...

CVE-2020-7515

A CWE-321: Use of hard-coded cryptographic key stored in cleartext vulnerability exists in Easergy Builder V1.4.7.2 and prior which could allow an attacker to decrypt a password...

CVE-2020-7515

CVE-2020-7515 affects Schneider Electric’s Easergy Builder (V1.4.7.2 and older). The root cause is a CWE-321 issue: a hard-coded cryptographic key stored in cleartext, which could allow an attacker to decrypt a password. Documents from multiple sources (NVD, Red Hat, CNVD, PRION, CVE listings) co...

MATA: Multi-platform targeted malware framework

As the IT and OT environment becomes more complex, adversaries are quick to adapt their attack strategy. For example, as users work environments diversify, adversaries are busy acquiring the TTPs to infiltrate systems. Recently, we reported to our Threat Intelligence Portal customers a similar...

Medium: openssl11

Issue Overview: In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted message tha...

Nintendo: Arbitrary code execution in TSEC Heavy Secure, return-oriented programming in TSEC Secure ROM, and recovery of TSEC-derived cryptographic secrets

The vulnerability in TSEC Heavy Secure allowed for arbitrary code execution. A return-oriented programming vulnerability was discovered in the TSEC Secure ROM. Cryptographic secrets derived from TSEC were recovered...

Fedora: Security Advisory for python-rsa (FEDORA-2020-253ebe55ff)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Fedora: Security Advisory for python-rsa (FEDORA-2020-5ed5627d2b)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

PT-2020-6862

Name of the Vulnerable Software and Affected Versions OpenSSL affected versions not specified Description A timing-based side channel exists in the OpenSSL RSA Decryption implementation, which could be sufficient to recover a plaintext across a network in a Bleichenbacher style attack. To achieve...

Padding-Oracle-Attacker - CLI Tool And Library To Execute Padding Oracle Attacks Easily

CLI tool and library to execute padding oracle attacks easily, with support for concurrent network requests and an elegant UI. Install Make sure Node.js is installed, then run $ npm install --global padding-oracle-attacker or $ yarn global add padding-oracle-attacker CLI Usage Usage $...

[SECURITY] Fedora 31 Update: python-rsa-3.4.2-15.fc31

Python-RSA is a pure-Python RSA implementation. It supports encryption and decryption, signing and verifying signatures, and key generation according to PKCS1 version 1.5. It can be used as a Python library as well as on the command-line...

Mac ThiefQuest malware may not be ransomware after all

Editor's note: The original name for the malware, EvilQuest, has been changed due to a legitimate game of the same name from 2012. The new name, ThiefQuest, is also more fitting for our updated understanding of the malware. The ThiefQuest malware, which was discovered last week, may not actually ...

Huawei EulerOS: Security Advisory for nss (EulerOS-SA-2020-1718)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2017-1712

"A vulnerability in the TLS protocol implementation of the Domino server could allow an unauthenticated, remote attacker to access sensitive information, aka a Return of Bleichenbacher's Oracle Threat ROBOT attack. An attacker could iteratively query a server running a vulnerable TLS stack...

Design/Logic Flaw

"A vulnerability in the TLS protocol implementation of the Domino server could allow an unauthenticated, remote attacker to access sensitive information, aka a Return of Bleichenbacher's Oracle Threat ROBOT attack. An attacker could iteratively query a server running a vulnerable TLS stack...

CVE-2017-1712

CVE-2017-1712 is a vulnerability in the TLS protocol implementation of the Domino server where an unauthenticated, remote attacker can exploit a Bleichenbacher-like oracle (ROBOT) to decrypt previously captured TLS sessions. The issue arises from cryptanalytic operations enabled by iterative quer...

EulerOS Virtualization 3.0.6.0 : nss-softokn (EulerOS-SA-2020-1754)

According to the versions of the nss-softokn packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. Thi...