Computer Associates eTrust Intrusion Detection 1.4.1.13 - Weak Encryption

source: https://www.securityfocus.com/bid/1341/info A weak encryption scheme exists in Computer Associates eTrust Intrusion Detection System formerly known as SessionWall-3 password which authorizes users to view and configure the application's registry settings. Provided that either a remote or...

CVE-2000-0492

PassWD 1.2 uses weak encryption trivial encoding to store passwords, which allows an attacker who can read the password file to easliy decrypt the passwords...

CVE-2000-0326

The CVE describes Meeting Maker using a weak polyalphabetic substitution cipher for passwords, enabling remote attackers to sniff and decrypt Meeting Maker account passwords. Technical detail confirms the affected component is the password handling mechanism (encryption scheme) but does not speci...

Слабость EFS в Windows 2000

При использовании Encrypted File System в Windows 2000 возможно дешифрование файлов, т.к. локальная база данных безопасности хранится на диске. Для предотвращения этого необходимо использовать syskey с паролем или хранением ключа на дискете...

CVE-2000-0250

The crypt function in QNX uses weak encryption, which allows local users to decrypt passwords...

CVE-2000-0300

The default encryption method of PcAnywhere 9.x uses weak encryption, which allows remote attackers to sniff and decrypt PcAnywhere or NT domain accounts...

CVE-2000-0250

CVE-2000-0250 : The crypt function in QNX uses weak encryption, enabling local users to decrypt passwords. The available documents state this vulnerability stems from weak cryptography used by QNX’s crypt function, with impact described as complete confidentiality loss for locally accessible pass...

CRYPTOAdmin 4.1 server with PalmPilot PT-1 token 1.04 PIN Extract ion

@Stake Inc. L0pht Research Labs www.atstake.com www.L0pht.com Security Advisory Advisory Name: CRYPTOCard PalmToken PIN Extraction Release Date: April 10, 2000 Application: CRYPTOAdmin 4.1 server with CRYPTOCard PT-1 token 1.04 Platform: Server software on any environment and token software on Pa...

CVE-2000-0300

The default encryption method of PcAnywhere 9.x uses weak encryption, which allows remote attackers to sniff and decrypt PcAnywhere or NT domain accounts...

icadecrypt.c.txt

/ icadecrypt.c Decrypt stored Citrix ICA passwords in appsrv.ini. Dug Song / include include include include include int hexdecodechar src, uchar dst, int outsize char p, pe; uchar q, qe, ch, cl; pe = src + strlensrc; qe = dst + outsize; for p = src, q = dst; p = '0' && ch = 'a' && ch = '0' && cl...

CVE-1999-0476

The CVE-1999-0476 entry concerns SCO TermVision which uses a weak password encryption algorithm. The root cause is weak encryption that allows a local user to easily decrypt passwords stored by TermVision. Impact is limited to confidentiality and integrity of password data, as described in the so...

CVE-1999-0476

A weak encryption algorithm is used for passwords in SCO TermVision, allowing them to be easily decrypted by a local user...

CVE-1999-0834

Buffer overflow in RSAREF2 via the encryption and decryption functions in the RSAREF library...

CVE-1999-0834

CVE-1999-0834 involves a buffer overflow in RSAREF2 used by SSH up to 1.2.27 compiled with RSAREF2. The vulnerability stems from missing bounds checks in RSAREF2 RSA operations (RSAPrivateDecrypt/RSAPublicDecrypt) where the internal pkcsBlock can be overflowed by NN_Encode() writes, enabling arbi...

CVE-1999-1104

Windows 95 uses weak encryption for the password list .pwl file used when password caching is enabled, which allows local users to gain privileges by decrypting the passwords...

CVE-1999-0834

Buffer overflow in RSAREF2 via the encryption and decryption functions in the RSAREF library...

IBM Websphere 2.0/3.0 - ikeyman Weak Encrypted Password

source: https://www.securityfocus.com/bid/1763/info IBM WebSphere ships with a tool called 'ikeyman' that encrypts server certificates/key pairs when the IBM HTTP Server and SSL connections are enabled. Ikeyman stores the password in a stash file which can be easily decrypted through the use of a...

IBM Websphere 2.03.0 - ikeyman Weak Encrypted Password

IBM Websphere 2.03.0 - ikeyman Weak Encrypted Password source: https://www.securityfocus.com/bid/1763/info IBM WebSphere ships with a tool called 'ikeyman' that encrypts server certificates/key pairs when the IBM HTTP Server and SSL connections are enabled. Ikeyman stores the password in a stash...

CVE-1999-1540

shell-lock in Cactus Software Shell Lock uses weak encryption trivial encoding which allows attackers to easily decrypt and obtain the source code...

coldfusion.fixes.txt

Date: Mon, 24 May 1999 15:00:52 -0700 From: [email protected] To: [email protected] Subject: New Allaire Security Zone Bulletins and KB Articles Dear ColdFusion Customer- Several new security issues that may affect ColdFusion customers have come to our attention recently. Please visit the...