EulerOS Virtualization 3.0.6.0 : nss (EulerOS-SA-2020-1718)

According to the version of the nss packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a...

CVE-2020-14474

The Cellebrite UFED physical device 5.0 through 7.5.0.845 relies on key material hardcoded within both the executable code supporting the decryption process, and within the encrypted files themselves by using a key enveloping technique. The recovered key material is the same for every device...

CVE-2020-14474

The Cellebrite UFED physical device 5.0 through 7.5.0.845 relies on key material hardcoded within both the executable code supporting the decryption process, and within the encrypted files themselves by using a key enveloping technique. The recovered key material is the same for every device...

Hardcoded credentials

The Cellebrite UFED physical device 5.0 through 7.5.0.845 relies on key material hardcoded within both the executable code supporting the decryption process, and within the encrypted files themselves by using a key enveloping technique. The recovered key material is the same for every device...

CVE-2020-14474

The Cellebrite UFED physical device 5.0 through 7.5.0.845 relies on key material hardcoded within both the executable code supporting the decryption process, and within the encrypted files themselves by using a key enveloping technique. The recovered key material is the same for every device...

CVE-2020-14474

CVE-2020-14474 affects Cellebrite UFED 5.0–7.5.0.845. The vulnerability arises from hardcoded AES key material used for decryption, present both in executable code and in encrypted headers/files via a key enveloping technique. The recovered key material is identical across devices of the same sof...

UCSF Pays $1.14M After NetWalker Ransomware Attack

The University of California, San Francisco UCSF has paid a $1.14 million ransom to recover data related to “important” academic work. The data was encrypted after the NetWalker ransomware reportedly hit the UCSF medical school. The UCSF, which includes a medical school and a medical center UCSF...

Cellebrite EPR Decryption Hardcoded AES Key Material

KL-001-2020-003 : Cellebrite EPR Decryption Relies on Hardcoded AES Key Material Title: Cellebrite EPR Decryption Relies on Hardcoded AES Key Material Advisory ID: KL-001-2020-003 Publication Date: 2020.06.29 Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2020-003.txt 1...

Cellebrite EPR Decryption Hardcoded AES Key Material Vulnerability

The Cellebrite UFED Physical device relies on key material hardcoded within both the executable code supporting the decryption process and within the encrypted files themselves by using a key enveloping technique. The recovered key material is the same for every device running the same version of...

Protect

Use of a hard-coded cryptographic key to encrypt password data in CLI configuration in FortiOS, FortiManager and FortiAnalyzer may allow an attacker with access to the CLI configuration or the CLI backup file to decrypt the sensitive data, via knowledge of the hard-coded key...

CVE-2019-18256

BIOTRONIK CardioMessenger II, The affected products use individual per-device credentials that are stored in a recoverable format. An attacker with physical access to the CardioMessenger can use these credentials for network authentication and decryption of local data in transit...

CVE-2019-18256

BIOTRONIK CardioMessenger II, The affected products use individual per-device credentials that are stored in a recoverable format. An attacker with physical access to the CardioMessenger can use these credentials for network authentication and decryption of local data in transit...

Authentication flaw

BIOTRONIK CardioMessenger II, The affected products use individual per-device credentials that are stored in a recoverable format. An attacker with physical access to the CardioMessenger can use these credentials for network authentication and decryption of local data in transit...

IBM API Connect Information Disclosure Vulnerability (CNVD-2020-36386)

IBM API Connect APIConnect is a suite of integrated solutions for managing the API lifecycle from IBM USA. The product supports creating, running, managing, and securing APIs, microservices, and more. A security vulnerability exists in IBM API Connect versions 2018.4.1.0 through 2018.4.1.11, whic...

Cellebrite EPR Decryption Relies on Hardcoded AES Key Material

Vulnerability Details Affected Vendor: Cellebrite Affected Product: UFED Affected Version: 5.0 - 7.5.0.845 Platform: Embedded Windows CWE Classification: CWE-321: Hardcoded Use of Cryptography Keys CVE ID: CVE-2020-14474 2. Vulnerability Description The Cellebrite UFED Physical device relies on...

RSA PKCS#1 decryption vulnerability with prepending zeros in jsrsasign

Impact Jsrsasign supports RSA PKCS1 v1.5 i.e. RSAES-PKCS1-v15 and RSA-OAEP encryption and decryption. Its encrypted message is represented as BigInteger. When there is a valid encrypted message, a crafted message with prepending zeros can be decrypted by this vulnerability. - If you don't use RSA...

GHSA-XXXQ-CHMP-67G4 RSA PKCS#1 decryption vulnerability with prepending zeros in jsrsasign

Impact Jsrsasign supports RSA PKCS1 v1.5 i.e. RSAES-PKCS1-v15 and RSA-OAEP encryption and decryption. Its encrypted message is represented as BigInteger. When there is a valid encrypted message, a crafted message with prepending zeros can be decrypted by this vulnerability. - If you don't use RSA...

Emerging Ransomware Targets Photos, Videos on Android Devices

A new strain of ransomware has arisen in Canada, targeting Android users and locking up personal photos and videos. Called CryCryptor, it has initially been spotted pretending to be the official COVID-19 tracing app provided by Health Canada. It’s propagating via two different bogus websites that...

Insecure RSA Signature Validation

jsrsasign does not properly validate RSA signatures. The decryption implementation does not detect ciphertext modification prepended by \0 bytes to ciphertexts, allowing an attacker to prepend NULL bytes with the goal of triggering memory corruption issues...

CVE-2020-14967

An issue was discovered in the jsrsasign package before 8.0.18 for Node.js. Its RSA PKCS1 v1.5 decryption implementation does not detect ciphertext modification by prepending '\0' bytes to ciphertexts it decrypts modified ciphertexts without error. An attacker might prepend these bytes with the...