Cisco Firepower System Software Secure Sockets Layer Policy Bypass Vulnerability

A vulnerability in the Secure Sockets Layer SSL Decryption and Inspection feature of Cisco Firepower System Software could allow an unauthenticated, remote attacker to bypass the SSL policy for decrypting and inspecting traffic on an affected system. The vulnerability is due to unexpected...

Design/Logic Flaw

IBM API Connect 5.0.0.0 could allow a user to bypass policy restrictions and create non-compliant passwords which could be intercepted and decrypted using man in the middle techniques. IBM X-Force ID: 127160...

CVE-2017-1386

IBM API Connect 5.0.0.0 could allow a user to bypass policy restrictions and create non-compliant passwords which could be intercepted and decrypted using man in the middle techniques. IBM X-Force ID: 127160...

CVE-2017-1386

CVE-2017-1386 affects IBM API Connect 5.0.0.0 (and related product versions) where a user could bypass password policy and create non‑compliant passwords that might be intercepted and decrypted via man‑in‑the‑middle techniques. The IBM Security Bulletin details affected ranges: API Connect 5.0.0....

A week in security (July 24 – July 30)

Last week, we recognized one of the unsung heroes of our times, explained what the Dark Web is, revealed challenges one of our experienced when putting together his conference presentation for SteelCon, revealed the potential dangers of smart toys to kids, and made a prediction following the...

CVE-2017-2834

An exploitable code execution vulnerability exists in the authentication functionality of FreeRDP 2.0.0-beta1+android11. A specially crafted server response can cause an out-of-bounds write resulting in an exploitable condition. An attacker can compromise the server or use a man in the middle...

CVE-2015-8013

s2k.js in OpenPGP.js will decrypt arbitrary messages regardless of passphrase for crafted PGP keys which allows remote attackers to bypass authentication if message decryption is used as an authentication mechanism via a crafted symmetrically encrypted PGP message...

CVE-2015-8013

CVE-2015-8013 concerns s2k.js in OpenPGP.js, where crafted PGP keys can be decrypted regardless of the provided passphrase, enabling an attacker to bypass authentication if message decryption is used as an authentication mechanism. The concrete technical detail across the connected documents iden...

CVE-2015-8013

s2k.js in OpenPGP.js will decrypt arbitrary messages regardless of passphrase for crafted PGP keys which allows remote attackers to bypass authentication if message decryption is used as an authentication mechanism via a crafted symmetrically encrypted PGP message...

Bye, bye Petya! Decryptor for old versions released.

Following the outbreak of the Petya-based malware in Ukraine, the author of the original version, Janus, decided to release his master key, probably closing the project. You can read the full story here. Based on the released key, we prepared a decryptor that is capable of unlocking all the...

IBM Tivoli Endpoint Manager Encryption Algorithm Vulnerability

IBM BigFix Platform is IBM's dynamic multi-technology platform that integrates message content drivers and management systems, of which Tivoli Endpoint Manager is the endpoint control software. A cryptographic algorithm vulnerability exists in Tivoli Endpoint Manager in the IBM BigFix Platform th...

CVE-2017-1224

IBM Tivoli Endpoint Manager uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 123903...

CVE-2017-1224

IBM Tivoli Endpoint Manager uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 123903...

FileCapsule Deluxe Portable Insecure Dynamic Loading Vulnerability (CNVD-2017-23961)

FileCapsule Deluxe Portable is a file encryption software. A security vulnerability exists in Encrypted Files in Self-Decryption Format in FileCapsule Deluxe Portable 1.0.4.1 and earlier versions. The vulnerability can be exploited to execute arbitrary code...

FileCapsule Deluxe Portable Insecure Dynamic Loading Vulnerability (CNVD-2017-23964)

FileCapsule Deluxe Portable is a file encryption software. A security vulnerability exists in Encrypted Files in Self-Decryption Format in FileCapsule Deluxe Portable 2.0.9 and earlier versions. The vulnerability can be exploited by an attacker to execute arbitrary code...

FileCapsule Deluxe Portable Insecure Dynamic Loading Vulnerability (CNVD-2017-23963)

FileCapsule Deluxe Portable is a file encryption software. A security vulnerability exists in Encrypted Files in Self-Decryption Format in FileCapsule Deluxe Portable 1.0.5.1 and earlier versions. The vulnerability can be exploited to execute arbitrary code...

CVE-2017-2268

Untrusted search path vulnerability in Encrypted files in self-decryption format created by FileCapsule Deluxe Portable Ver.1.0.5.1 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory...

CVE-2017-2270

Untrusted search path vulnerability in Encrypted files in self-decryption format created by FileCapsule Deluxe Portable Ver.2.0.9 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory...

CVE-2017-2270

Untrusted search path vulnerability in Encrypted files in self-decryption format created by FileCapsule Deluxe Portable Ver.2.0.9 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory...

CVE-2017-2266

Untrusted search path vulnerability in Encrypted files in self-decryption format created by FileCapsule Deluxe Portable Ver.1.0.4.1 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory...