CVE-2019-5723

An issue was discovered in portier vision 4.4.4.2 and 4.4.4.6. Passwords are stored using reversible encryption rather than as a hash value, and the used Vigenere algorithm is badly outdated. Moreover, the encryption key is static and too short. Due to this, the passwords stored by the applicatio...

PYSEC-2019-45

python-gnupg 0.4.3 allows context-dependent attackers to trick gnupg to decrypt other ciphertext than intended. To perform the attack, the passphrase to gnupg must be controlled by the adversary and the ciphertext should be trusted. Related to a "CWE-20: Improper Input Validation" issue affecting...

CVE-2017-1713

IBM InfoSphere Streams 4.2.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 134632...

Code injection

IBM InfoSphere Streams 4.2.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 134632...

CVE-2017-1713

IBM InfoSphere Streams 4.2.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 134632...

UBUNTU-CVE-2019-6690

python-gnupg 0.4.3 allows context-dependent attackers to trick gnupg to decrypt other ciphertext than intended. To perform the attack, the passphrase to gnupg must be controlled by the adversary and the ciphertext should be trusted. Related to a "CWE-20: Improper Input Validation" issue affecting...

CVE-2019-6690

python-gnupg 0.4.3 allows context-dependent attackers to trick gnupg to decrypt other ciphertext than intended. To perform the attack, the passphrase to gnupg must be controlled by the adversary and the ciphertext should be trusted. Related to a "CWE-20: Improper Input Validation" issue affecting...

CVE-2019-6690

CVE-2019-6690 affects python-gnupg 0.4.3. A context-dependent flaw lets an attacker, if they control the GnuPG passphrase and the ciphertext is trusted, cause decryption of ciphertext other than intended (CWE-20: Improper Input Validation). Impact described in sources includes manipulation of enc...

CVE-2019-6690

python-gnupg 0.4.3 allows context-dependent attackers to trick gnupg to decrypt other ciphertext than intended. To perform the attack, the passphrase to gnupg must be controlled by the adversary and the ciphertext should be trusted. Related to a "CWE-20: Improper Input Validation" issue affecting...

I Was Cited in a Court Decision

An article I co-wrote -- my first law journal article -- was cited by the Massachusetts Supreme Judicial Court -- the state supreme court -- in a case on compelled decryption. Here's the first, in footnote 1: We understand the word "password" to be synonymous with other terms that cell phone user...

August 30, 2018—KB4343889 (OS Build 15063.1292)

August 30, 2018—KB4343889 OS Build 15063.1292 Improvements and fixes This update includes quality improvements. No new operating system features are being introduced in this update. Key changes include: Addresses an issue that causes win32kfull.sys to stop working Stop 3B when cancelling journal...

SUSE-SU-2019:0600-1 Security update for openssl-1_0_0

This update for openssl-100 fixes the following issues: Security issues fixed: - The 9 Lives of Bleichenbacher's CAT: Cache Attacks on TLS Implementations bsc1117951 - CVE-2019-1559: Fixed OpenSSL 0-byte Record Padding Oracle which under certain circumstances a TLS server can be forced to respond...

50m-ctf: CTF Writeup - c8889970d9fb722066f31e804e351993

CTF Code: c8889970d9fb722066f31e804e351993 HackerOne $50M CTF Write-Up ============ I came across this tweet announcing the HackerOne CTF for invitations to the HackerOne event in Vegas during DEFCON. I tried searching for a URL for the CTF, but couldn't find anything online, so I assumed that th...

Multi Gather Ubiquiti UniFi Controller Backup

On an Ubiquiti UniFi controller, reads the system.properties configuration file and downloads the backup and autobackup files. The files are then decrypted using a known encryption key, then attempted to be repaired by zip. Meterpreter must be used due to the large file sizes, which can be flaky ...

SUSE-SU-2019:0572-1 Security update for openssl-1_0_0

This update for openssl-100 fixes the following issues: Security issues fixed: - The 9 Lives of Bleichenbacher's CAT: Cache Attacks on TLS Implementations bsc1117951 - CVE-2019-1559: Fixed OpenSSL 0-byte Record Padding Oracle which under certain circumstances a TLS server can be forced to respond...

MGASA-2019-0106 Updated openssl packages fix security vulnerability

If an application encounters a fatal protocol error and then calls SSLshutdown twice once to send a closenotify, and once to receive one then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received...

MGASA-2019-0103 Updated gnutls packages fix security vulnerability

A Bleichenbacher type side-channel based padding oracle attack was found in the way gnutls handles verification of RSA decrypted PKCS1 v1.5 data. An attacker who is able to run process on the same physical core as the victim process, could use this to extract plaintext or in some cases downgrade...

Updated gnutls packages fix security vulnerability

A Bleichenbacher type side-channel based padding oracle attack was found in the way gnutls handles verification of RSA decrypted PKCS1 v1.5 data. An attacker who is able to run process on the same physical core as the victim process, could use this to extract plaintext or in some cases downgrade...

Security Bulletin: Vulnerability in SSLv3 affects IBM Personal Communications v6.0.x (CVE-2014-3566)

Summary SSLv3 contains a vulnerability that has been referred to as the Padding Oracle On Downgraded Legacy Encryption POODLE attack. SSLv3 is enabled in IBM Personal Communications v6.0.x Vulnerability Details CVE-ID: CVE-2014-3566 Description: Product could allow a remote attacker to obtain...

[ASA-201903-6] lib32-openssl-1.0: information disclosure

Arch Linux Security Advisory ASA-201903-6 ========================================= Severity: Medium Date : 2019-03-03 CVE-ID : CVE-2019-1559 Package : lib32-openssl-1.0 Type : information disclosure Remote : Yes Link : https://security.archlinux.org/AVG-918 Summary ======= The package...