SSH ssh-keygen with Secure-RPC SUN-DES-1 Phrase Recovery

The remote host is running a version of SSH Communications Security SSH comprised between versions 1.2.27 and 1.2.30. With Secure-RPC, this version can allow local attackers to recover a SUN-DES-1 magic phrase generated by another user, which the attacker can use to decrypt that user's private ke...

CVE-2002-1872

Microsoft SQL Server 6.0 through 2000, with SQL Authentication enabled, uses weak password encryption XOR, which allows remote attackers to sniff and decrypt the password...

CVE-2002-2207

Buffer overflow in ssldump 0.9b2 and earlier, when running in decryption mode, allows remote attackers to execute arbitrary code via a long RSA PreMasterSecret...

DEBIAN-CVE-2002-2207

Buffer overflow in ssldump 0.9b2 and earlier, when running in decryption mode, allows remote attackers to execute arbitrary code via a long RSA PreMasterSecret...

DEBIAN-CVE-2002-1318

Buffer overflow in samba 2.2.2 through 2.2.6 allows remote attackers to cause a denial of service and possibly execute arbitrary code via an encrypted password that causes the overflow during decryption in which a DOS codepage string is converted to a little-endian UCS2 unicode string...

CVE-2002-0954

The encryption algorithms for enable and passwd commands on Cisco PIX Firewall can be executed quickly due to a limited number of rounds, which make it easier for an attacker to decrypt the passwords using brute force techniques...

CVE-2002-0954

The encryption algorithms for enable and passwd commands on Cisco PIX Firewall can be executed quickly due to a limited number of rounds, which make it easier for an attacker to decrypt the passwords using brute force techniques...

CVE-2001-1260

Technical details about CVE-2001-1260 (affected products, versions, impact, remediation) are not publicly available in the provided documents. Monitor for updates.

CVE-1999-1098

Vulnerability in BSD Telnet client with encryption and Kerberos 4 authentication allows remote attackers to decrypt the session via sniffing...

CVE-2001-1003

Respondus 1.1.2 for WebCT uses weak encryption to remember usernames and passwords, which allows local users who can read the WEBCT.SVR file to decrypt the passwords and gain additional privileges...

[SNS Advisory No.44] Trend Micro OfficeScan Corporate Edition(Virus Buster Corporate Edition) Configuration File Disclosure Vulnerability

---------------------------------------------------------------------- SNS Advisory No.44 Trend Micro OfficeScan Corporate EditionVirus Buster Corporate Edition Configuration File Disclosure Vulnerability Problem first discovered: Wed, 29 Aug 2001 Published: Tue, 16 Oct 2001...

CVE-2001-0361

CVE-2001-0361 affects SSH v1.5 implementations, notably OpenSSH up to 2.3.0, AppGate, and ssh-1 up to 1.2.31, when configured in certain ways. The issue enables a remote attacker to decrypt and/or alter traffic via a Bleichenbacher attack on PKCS#1 version 1.5. The connected PT security entries (...

CVE-1999-1540

CVE-1999-1540 affects Cactus Software Shell Lock, where weak encryption (trivial encoding) enables local attackers to decrypt and obtain the source code. According to NVD, the baseline impact is Partial confidentiality with no integrity or availability impact, and the exploit is local with low ov...

CVE-1999-1078

WSFTP Pro 6.0 uses weak encryption for passwords in its initialization files, which allows remote attackers to easily decrypt the passwords and gain privileges...

UltraEdit 8.2 - FTP Client Weak Password Encryption

source: https://www.securityfocus.com/bid/3234/info UltraEdit is a multi-featured commercial text editor with support for HTML, C/C++, VB, Java, Perl, XML, and C. It also includes a hex editor and a small FTP client. UltraEdit's FTP client has a feature which will remember FTP passwords for later...

Sambar Server 4.x5.0 - Insecure Default Password Protection

Sambar Server 4.x5.0 - Insecure Default Password Protection source: https://www.securityfocus.com/bid/3095/info Sambar Server is a multi-threaded HTTP server for Microsoft Windows and Unix systems. Sambar Server provides insecure default protection for user passwords. The default password...

NetWin Authentication Module 3.0b password storage vulnerabilities / buffer overflows

NetWin Authentication Module 3.0b password storage vulnerabilities / buffer overflows AFFECTED SYSTEMS NWAuth module as used by DMail, SurgeFTP, others... cfr www.netwinsite.com I've tested SurgeFTP in particular The source code for NWAuth 2.0 can be found at...

ArGoSoft FTP Server 1.2.2.2 Weak password encryption

ArGoSoft FTP Server 1.2.2.2 Weak password encryption AFFECTED SYSTEMS ArGoSoft FTP Server 1.2.2.2 DESCRIPTION ArGoSoft FTP Server 1.2.2.2 for win32 is vulnerable to decryption of the password file. As a matter of fact the programmers are aware of this since they have implemented decryption...

ArGoSoft FTP Server 1.2.2.2 - Weak Password Encryption

ArGoSoft FTP Server 1.2.2.2 - Weak Password Encryption // source: https://www.securityfocus.com/bid/3029/info ArGoSoft FTP server is an FTP server for the Windows platform. A design error exists in ArGoSoft FTP which enables an authenticated user to view other users encrypted passwords. However d...

ArGoSoft FTP Server 1.2.2.2 - Weak Password Encryption

// source: https://www.securityfocus.com/bid/3029/info ArGoSoft FTP server is an FTP server for the Windows platform. A design error exists in ArGoSoft FTP which enables an authenticated user to view other users encrypted passwords. However due to a weak encryption scheme it is possible for a use...