GNU Privacy Guard 1.0.x - Format String

source: https://www.securityfocus.com/bid/2797/info GnuPG is a popular open source public/private key encryption system. It is possible for attackers to create an encrypted document that will exploit a format string vulnerability in the GnuPG client when the document is decrypted. This...

CVE-1999-0757

The ColdFusion CFCRYPT program for encrypting CFML templates has weak encryption, allowing attackers to decrypt the templates...

CVE-1999-0757

CVE-1999-0757 concerns the ColdFusion CFCRYPT program used for encrypting CFML templates. Multiple sources (NVD, Red Hat and CVE records) describe the issue as weak encryption that allows an attacker to decrypt the encrypted templates. The affected component is CFCRYPT, and the underlying impact ...

CVE-1999-0757

The ColdFusion CFCRYPT program for encrypting CFML templates has weak encryption, allowing attackers to decrypt the templates...

CVE-2000-1158

NAI Sniffer Agent uses base64 encoding for authentication, which allows attackers to sniff the network and easily decrypt usernames and passwords...

Decrypting passwords for SmartServer 3

Product: Smart Server 3 by NetCPlus Version: 3.75 others? OS: Windows NT/2000/9x Description: SmartServer3 SS3 is a small business email server from NetCPlus. It installs by default in C:Program Filessmartserver3 . In this folder it stores a configuration file called 'dialsrv.ini' . This file is...

CVE-2000-0678

PGP 5.5.x through 6.5.3 does not properly check if an Additional Decryption Key ADK is stored in the signed portion of a public certificate, which allows an attacker who can modify a victim's public certificate to decrypt any data that has been encrypted with the modified certificate...

CVE-2000-0678

CVE-2000-0678 affects PGP 5.5.x through 6.5.3. The flaw: ADKs are not checked in the signed portion of a public certificate, so an attacker who modifies a victim’s certificate can decrypt data encrypted with that modified certificate. Exploitation requires a modified certificate and a sender usin...

CVE-2000-0678

PGP 5.5.x through 6.5.3 does not properly check if an Additional Decryption Key ADK is stored in the signed portion of a public certificate, which allows an attacker who can modify a victim's public certificate to decrypt any data that has been encrypted with the modified certificate...

CVE-2000-0789

The CVE-2000-0789 entry targets WinU 5.x and earlier. The vulnerability arises because the product stores its configuration password with weak encryption, enabling local users to decrypt the password and gain privileges. This is based on the NVD/CVE descriptions indicating weak encryption used fo...

Advisory CA-2000-18

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CERT Advisory CA-2000-18 PGP May Encrypt Data With Unauthorized ADKs Original release date: August 24, 2000 Last revised: -- Source: CERT/CC A complete revision history is at the end of this file. Systems Affected PGP versions 5.5.x through 6.5.3,...

Переполнение буфера в gopherd

Переполнения буфера в подпрограмме дешифрации DES и в других местах...

CVE-2000-0625

CVE-2000-0625 refers to NetZero 3.0 and earlier, which stores login credentials using weak encryption. The underlying issue is insecure storage that allows a local user to decrypt the password. No remediation details are provided in the sources; the impact is partial confidentiality and integrity...

CVE-2000-0492

PassWD 1.2 uses weak encryption trivial encoding to store passwords, which allows an attacker who can read the password file to easliy decrypt the passwords...

CVE-2000-0492

CVE-2000-0492 concerns PassWD 1.2, where passwords are stored with weak, trivially decodable encryption. The vulnerability occurs because the password file can be read and the stored passwords decrypted due to the weak encoding. Affected component: PassWD 1.2 password storage. Root cause: use of ...

CVE-2000-0559

eTrust Intrusion Detection System formerly SessionWall-3 uses weak encryption XOR to store administrative passwords in the registry, which allows local users to easily decrypt the passwords...

CVE-2000-0420

CVE-2000-0420 concerns Windows 2000 SYSKEY: the default SYSKEY configuration stores the startup key in the registry, which could allow an attacker with local access to recover the key and decrypt EFS data. The linked records reiterate the vulnerability description and do not provide exploit code ...

Computer Associates eTrust Intrusion Detection 1.4.1.13 - Weak Encryption

source: https://www.securityfocus.com/bid/1341/info A weak encryption scheme exists in Computer Associates eTrust Intrusion Detection System formerly known as SessionWall-3 password which authorizes users to view and configure the application's registry settings. Provided that either a remote or...

Computer Associates eTrust Intrusion Detection 1.4.1.13 - Weak Encryption

Computer Associates eTrust Intrusion Detection 1.4.1.13 - Weak Encryption source: https://www.securityfocus.com/bid/1341/info A weak encryption scheme exists in Computer Associates eTrust Intrusion Detection System formerly known as SessionWall-3 password which authorizes users to view and...

CVE-2000-0492

PassWD 1.2 uses weak encryption trivial encoding to store passwords, which allows an attacker who can read the password file to easliy decrypt the passwords...