CVE-2017-9645

An Inadequate Encryption Strength issue was discovered in Mirion Technologies DMC 3000 Transmitter Module, iPam Transmitter f/DMC 2000, RDS-31 iTX and variants including RSD31-AM Package, DRM-1/2 and variants including Solar PWR Package, DRM and RDS Based Boundary Monitors, External Transmitters,...

CVE-2017-9645

An Inadequate Encryption Strength issue was discovered in Mirion Technologies DMC 3000 Transmitter Module, iPam Transmitter f/DMC 2000, RDS-31 iTX and variants including RSD31-AM Package, DRM-1/2 and variants including Solar PWR Package, DRM and RDS Based Boundary Monitors, External Transmitters,...

CVE-2017-9645

CVE-2017-9645 affects Mirion Technologies Telemetry Enabled Devices including DMC 3000 Transmitter Module, iPam Transmitter f/DMC 2000, RDS-31 iTX (and variants), DRM-1/2 (and variants), DRM and RDS Based Boundary Monitors, External Transmitters, Telepole II, and MESH Repeater. Description: Inade...

D-link ten vulnerabilities 0Day studies attach detailed procedures-vulnerability warning-the black bar safety net

Security researcher Pierre Kim recently revealed the D-Link DIR 850LAC1200-Type Dual-Band Gigabit cloud router is exposed 10 a safety score comprisesXSSattack invasion, shortage of proper firmware cover, back door and root mention the right. Here are 10 Safety scores are: Firmware to. The firmwar...

Das U-Boot AES-CBC encryption implementation contains multiple vulnerabilities

Overview Das U-Boot is a device bootloader that can read its configuration from an AES encrypted file. For devices utilizing this environment encryption mode, U-Boot's use of a zero initialization vector and improper handling of an error condition may allow attacks against the underlying...

Stack overflow in PlugX RAT-vulnerability warning-the black bar safety net

Black Hat USA 2017@professorplum share a few rare RAT（Xtreme, the PlugX And Gh0st in the presence of flaws, the application of these flaws to be able to reverse the onslaught of C&C Server, here in the PlugX RAT, for example, to stop flaws in elucidating it. 1. Flaws elucidating 1.1 Delphi ! Plug...

CVE-2017-12735

A vulnerability has been identified in LOGO! 8 BM incl. SIPLUS variants All versions V8.3. An attacker who performs a Man-in-the-Middle attack between the LOGO! BM and other devices could potentially decrypt and modify network traffic...

Design/Logic Flaw

ZTE OX-330P, ZXHN H108N, W300V1.0.0SZRDTR1D68, HG110, GAN9.8T101A-B, MF28G, ZXHN H108N use non-unique X.509 certificates and SSH host keys, which might allow remote attackers to obtain credentials or other sensitive information via a man-in-the-middle attack, passive decryption attack, or...

CVE-2015-7255

ZTE OX-330P, ZXHN H108N, W300V1.0.0SZRDTR1D68, HG110, GAN9.8T101A-B, MF28G, ZXHN H108N use non-unique X.509 certificates and SSH host keys, which might allow remote attackers to obtain credentials or other sensitive information via a man-in-the-middle attack, passive decryption attack, or...

CVE-2015-7255

CVE-2015-7255 concerns multiple ZTE devices (e.g., OX-330P, ZXHN H108N, MF28G, HG110, and others) that use non-unique X.509 certificates and SSH host keys. The underlying issue is the reuse of cryptographic material across devices, which can enable a remote attacker to impersonate a device or per...

Multiple Westermo Routers Hardcoded Password Vulnerability

The RD-305-DIN, MRD-315, MRD-355, and MRD-455 are all Westermo router devices. Multiple Westermo routers are vulnerable to a hard-coded password vulnerability where the device uses a hard-coded special key that allows an attacker to decrypt traffic from any other source...

CVE-2016-5816

A Use of Hard-Coded Cryptographic Key issue was discovered in MRD-305-DIN versions older than 1.7.5.0, and MRD-315, MRD-355, MRD-455 versions older than 1.7.5.0. The device utilizes hard-coded private cryptographic keys that may allow an attacker to decrypt traffic from any other source...

CVE-2017-12973

Nimbus JOSE+JWT before 4.39 proceeds improperly after detection of an invalid HMAC in authenticated AES-CBC decryption, which allows attackers to conduct a padding oracle attack...

CVE-2017-12973

Nimbus JOSE+JWT prior to 4.39 proceeds after detecting an invalid HMAC in authenticated AES-CBC decryption, enabling a padding oracle attack. Affected: Nimbus JOSE+JWT library (Connect2id). Risk: padding oracle could leak data or enable exploitation. Remediation: upgrade to version 4.39 or later ...

It's Not Exactly Open Season on the iOS Secure Enclave

The black box that is Apple’s iOS Secure Enclave may have been pried open, but that doesn’t necessarily mean it’s open season on iPhones and iPads worldwide. Yesterday’s public disclosure of the decryption key for the Secure Enclave Processor firmware does indeed allow white and black hats to pok...

Hacker Publishes iOS Secure Enclave Firmware Decryption Key

A hacker Thursday afternoon published what he says is the decryption key for Apple iOS’ Secure Enclave Processor SEP firmware. The hacker, identified only as xerub, told Threatpost that the key unlocks only the SEP firmware, and that this would not impact user data. “Everybody can look and poke a...

Locky Ransomware Variant Slips Past Some Defenses

A variant of the notorious Locky ransomware is part of a large scale email-based campaign managing to slip past the defenses of some unsuspecting companies. Beginning on Aug. 9, and lasting three days, ransomware called IKARUSdilapidated landed in tens of thousands of inboxes with email that...

Legal Robot: Weak Cryptography for Passwords

Hi Team, I saw while creating new account.Password is being encrypted that's good best practice. But Issue is: 1. It is showing in the request What type of encryptionAlgorithm is used in request. 2. I copied the encrypted password and past it online tool http://md5decrypt.net/en/Sha256/ and i was...

UPDATE: WarBerryPi Version 5!

PenTestIT RSS Feed If you remember, I had posted about this Red Teaming Hardware Implant in an earlier post. It now happens that it was updated and we now have WarBerryPi Version 5! As you remember, it is a Raspberry Pi based hardware implant allowing you to be stealthy during red teaming...

The high-pass encryption and decryption engine to mention the right vulnerability analysis-vulnerability warning-the black bar safety net

CVE-2016-3935 and CVE-2016-6738 we found that the high-pass encryption and decryption engine Qualcomm crypto engine two mention the right vulnerability, respectively, in 2016, 10 months, and 11 on the Google android vulnerabilities list is publicly acknowledged, while the high-pass also in 2016,...