CRYPTOAdmin 4.1 server with PalmPilot PT-1 token 1.04 PIN Extract ion

@Stake Inc. L0pht Research Labs www.atstake.com www.L0pht.com Security Advisory Advisory Name: CRYPTOCard PalmToken PIN Extraction Release Date: April 10, 2000 Application: CRYPTOAdmin 4.1 server with CRYPTOCard PT-1 token 1.04 Platform: Server software on any environment and token software on Pa...

CVE-2000-0300

The default encryption method of PcAnywhere 9.x uses weak encryption, which allows remote attackers to sniff and decrypt PcAnywhere or NT domain accounts...

icadecrypt.c.txt

/ icadecrypt.c Decrypt stored Citrix ICA passwords in appsrv.ini. Dug Song / include include include include include int hexdecodechar src, uchar dst, int outsize char p, pe; uchar q, qe, ch, cl; pe = src + strlensrc; qe = dst + outsize; for p = src, q = dst; p = '0' && ch = 'a' && ch = '0' && cl...

CVE-1999-0476

A weak encryption algorithm is used for passwords in SCO TermVision, allowing them to be easily decrypted by a local user...

CVE-1999-0476

The CVE-1999-0476 entry concerns SCO TermVision which uses a weak password encryption algorithm. The root cause is weak encryption that allows a local user to easily decrypt passwords stored by TermVision. Impact is limited to confidentiality and integrity of password data, as described in the so...

CVE-1999-0834

CVE-1999-0834 involves a buffer overflow in RSAREF2 used by SSH up to 1.2.27 compiled with RSAREF2. The vulnerability stems from missing bounds checks in RSAREF2 RSA operations (RSAPrivateDecrypt/RSAPublicDecrypt) where the internal pkcsBlock can be overflowed by NN_Encode() writes, enabling arbi...

CVE-1999-0834

Buffer overflow in RSAREF2 via the encryption and decryption functions in the RSAREF library...

CVE-1999-1104

Windows 95 uses weak encryption for the password list .pwl file used when password caching is enabled, which allows local users to gain privileges by decrypting the passwords...

CVE-1999-0834

Buffer overflow in RSAREF2 via the encryption and decryption functions in the RSAREF library...

IBM Websphere 2.0/3.0 - ikeyman Weak Encrypted Password

source: https://www.securityfocus.com/bid/1763/info IBM WebSphere ships with a tool called 'ikeyman' that encrypts server certificates/key pairs when the IBM HTTP Server and SSL connections are enabled. Ikeyman stores the password in a stash file which can be easily decrypted through the use of a...

IBM Websphere 2.03.0 - ikeyman Weak Encrypted Password

IBM Websphere 2.03.0 - ikeyman Weak Encrypted Password source: https://www.securityfocus.com/bid/1763/info IBM WebSphere ships with a tool called 'ikeyman' that encrypts server certificates/key pairs when the IBM HTTP Server and SSL connections are enabled. Ikeyman stores the password in a stash...

CVE-1999-1540

shell-lock in Cactus Software Shell Lock uses weak encryption trivial encoding which allows attackers to easily decrypt and obtain the source code...

coldfusion.fixes.txt

Date: Mon, 24 May 1999 15:00:52 -0700 From: [email protected] To: [email protected] Subject: New Allaire Security Zone Bulletins and KB Articles Dear ColdFusion Customer- Several new security issues that may affect ColdFusion customers have come to our attention recently. Please visit the...

wingate.3.0.txt

Date: Mon, 5 Apr 1999 17:52:51 -0700 From: Marc To: [email protected] Subject: Multiple WinGate VulnerabilitiesTad late At first we were just going to post this advisory to our website but after the subject came up on the NTSEC list and we got a few emails telling us to post it to...

CVE-1999-1078

WSFTP Pro 6.0 uses weak encryption for passwords in its initialization files, which allows remote attackers to easily decrypt the passwords and gain privileges...

CVE-1999-0470

A weak encryption algorithm is used for passwords in Novell Remote.NLM, allowing them to be easily decrypted...

Novell Netware 4.1/4.11 - SP5B Remote.NLM Weak Encryption

source: https://www.securityfocus.com/bid/482/info The encrypted passwords for Remote.NLM are remotely accessible to anyone with the ability to view SYS:System\LDRemote.NCF. The password encryption algorithm for Remote.NLM has been broken and can be decrypted with pencil and paper. The password...

Novell Netware 4.14.11 - SP5B Remote.NLM Weak Encryption

Novell Netware 4.14.11 - SP5B Remote.NLM Weak Encryption source: https://www.securityfocus.com/bid/482/info The encrypted passwords for Remote.NLM are remotely accessible to anyone with the ability to view SYS:System\LDRemote.NCF. The password encryption algorithm for Remote.NLM has been broken a...

PT-2014-1693

Name of the Vulnerable Software and Affected Versions OpenSSL versions prior to 1.0.1i OpenSSL through 1.0.1i PAN-OS versions 6.1.1 and earlier PAN-OS versions 6.0.7 and earlier PAN-OS versions 5.1.x and 5.0.x EOS versions 4.12.0 through 4.12.7.1 EOS versions 4.13.0 through 4.13.6 Apple mac os x...

CVE-1999-1098

Vulnerability in BSD Telnet client with encryption and Kerberos 4 authentication allows remote attackers to decrypt the session via sniffing...