Memory corruption

An issue was discovered in the jsrsasign package before 8.0.18 for Node.js. Its RSA PKCS1 v1.5 decryption implementation does not detect ciphertext modification by prepending '\0' bytes to ciphertexts it decrypts modified ciphertexts without error. An attacker might prepend these bytes with the...

CVE-2020-14967

An issue was discovered in the jsrsasign package before 8.0.18 for Node.js. Its RSA PKCS1 v1.5 decryption implementation does not detect ciphertext modification by prepending '\0' bytes to ciphertexts it decrypts modified ciphertexts without error. An attacker might prepend these bytes with the...

CVE-2020-14967

CVE-2020-14967 affects the jsrsasign package for Node.js prior to version 8.0.18. The RSA PKCS1 v1.5 decryption path does not detect ciphertext modifications when zeros are prepended to ciphertexts, allowing modified ciphertexts to be decrypted without error and potentially triggering memory corr...

PT-2020-14094 · Jsrsasign · Jsrsasign

Name of the Vulnerable Software and Affected Versions: jsrsasign versions prior to 8.0.18 Description: The issue concerns the RSA PKCS1 v1.5 decryption implementation in the jsrsasign package. It fails to detect ciphertext modification when '0' bytes are prepended to ciphertexts, allowing it to...

Ubiquiti Configuration Importer

This module imports an Ubiquiti device configuration. The db file within the .unf backup is the data file for Unifi. This module can take either the db file or .unf. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework...

SOS JobScheduler 1.13.3 CVE-2020-12712 Stored Password Decryption

SOS JobScheduler version 1.13.3 encrypts a secret by simply using the name of a profile as the key, making it trivial to decrypt. Exploit Title: SOS JobScheduler 1.13.3 - Stored Password Decryption Google Dork: N/A Date: 2020-04-20 Exploit Author: Sander Ubink Vendor Homepage: www.sos-berlin.com...

EulerOS 2.0 SP2 : libgcrypt (EulerOS-SA-2020-1672)

According to the versions of the libgcrypt packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Libgcrypt before 1.6.3 and GnuPG before 1.4.19 does not implement ciphertext blinding for Elgamal decryption, which allows physically proxima...

Hardcoded credentials

Use of a hard-coded cryptographic key to encrypt password data in CLI configuration in FortiManager 6.2.3 and below, FortiAnalyzer 6.2.3 and below may allow an attacker with access to the CLI configuration or the CLI backup file to decrypt the sensitive data, via knowledge of the hard-coded key...

CVE-2020-9289

Use of a hard-coded cryptographic key to encrypt password data in CLI configuration in FortiManager 6.2.3 and below, FortiAnalyzer 6.2.3 and below may allow an attacker with access to the CLI configuration or the CLI backup file to decrypt the sensitive data, via knowledge of the hard-coded key...

CVE-2020-9289

Use of a hard-coded cryptographic key to encrypt password data in CLI configuration in FortiManager 6.2.3 and below, FortiAnalyzer 6.2.3 and below may allow an attacker with access to the CLI configuration or the CLI backup file to decrypt the sensitive data, via knowledge of the hard-coded key...

Information Disclosure

ssb-db and ssb-server are vulnerable to information disclosure. A flaw in the get method leads to a decryption of any messages it can decrypt and returning of decrypted sensitive data by default instead of only decrypting when asked...

SOS JobScheduler 1.13.3 - Stored Password Decryption Exploit

Exploit Title: SOS JobScheduler 1.13.3 - Stored Password Decryption Exploit Author: Sander Ubink Vendor Homepage: www.sos-berlin.com Software Link: www.sos-berlin.com/en/jobscheduler-downloads Version: Tested on 1.12.9 and 1.13.3, vendor reported 1.12 and 1.13 Tested on: Windows and Linux CVE:...

SOS JobScheduler 1.13.3 Stored Password Decryption

Exploit Title: SOS JobScheduler 1.13.3 - Stored Password Decryption Google Dork: N/A Date: 2020-04-20 Exploit Author: Sander Ubink Vendor Homepage: www.sos-berlin.com Software Link: www.sos-berlin.com/en/jobscheduler-downloads Version: Tested on 1.12.9 and 1.13.3, vendor reported 1.12 and 1.13...

SOS JobScheduler 1.13.3 - Stored Password Decryption

Exploit Title: SOS JobScheduler 1.13.3 - Stored Password Decryption Google Dork: N/A Date: 2020-04-20 Exploit Author: Sander Ubink Vendor Homepage: www.sos-berlin.com Software Link: www.sos-berlin.com/en/jobscheduler-downloads Version: Tested on 1.12.9 and 1.13.3, vendor reported 1.12 and 1.13...

CVE-2020-4045

SSB-DB version 20.0.0 has an information disclosure vulnerability. The get method is supposed to only decrypt messages when you explicitly ask it to, but there is a bug where it's decrypting any message that it can. This means that it is returning the decrypted content of private messages, which ...

CVE-2020-4045

SSB-DB 20.0.0 contains an information-disclosure vulnerability in the get() method that can decrypt any decryptable message and return private data. The issue affects peers with private messages, and exploitation is tied to SSB-OOO (default in SSB-Server), which exposes a wrapper around get() to ...

Information disclosure in SSB-DB

Impact What kind of vulnerability is it? Who is impacted? Servers running SSB-DB 20.0.0 which is packaged with SSB-Server 16.0.0 must upgrade immediately. There is no evidence that other SSB apps are vulnerable or that this problem has been exploited in the wild. The get method is supposed to onl...

CVE-2020-12712

A vulnerability based on insecure user/password encryption in the JOE job editor component of SOS JobScheduler 1.12 and 1.13 allows attackers to decrypt the user/password that is optionally stored with a user's profile...

The vulnerability of the Schneider Electric Easergy Builder software in terms of controller configuration lies in the use and storage of the cryptographic key in an unencrypted form. This allows a hacker to decrypt user passwords.

The vulnerability of the Schneider Electric Easergy Builder software for configuring controllers is related to the use and storage of the cryptographic key in an unencrypted form. Exploiting this vulnerability could allow a hacker to decrypt user passwords...

CVE-2020-4191

IBM Security Guardium 11.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 174852...