733 matches found
CVE-2003-0139
Certain weaknesses in the implementation of version 4 of the Kerberos protocol krb4 in the krb5 distribution, when triple-DES keys are used to key krb4 services, allow an attacker to create krb4 tickets for unauthorized principals using a cut-and-paste attack and "ticket splicing."...
CVE-2003-0139
Certain weaknesses in the implementation of version 4 of the Kerberos protocol krb4 in the krb5 distribution, when triple-DES keys are used to key krb4 services, allow an attacker to create krb4 tickets for unauthorized principals using a cut-and-paste attack and "ticket splicing."...
CVE-2003-0139
The connected Debian advisory (DSA-266-1) confirms CVE-2003-0139 concerns MIT Kerberos 4 (krb4) weaknesses in the krb5 distribution. Specifically, when using triple-DES keys to protect krb4 services, an attacker can craft krb4 tickets for unauthorized principals via a cut-and-paste/ticket-splicin...
MIT Kerberos vulnerable to ticket splicing when using Kerberos4 triple DES service tickets
Overview Several cryptographic vulnerabilities exist in the basic Kerberos version 4 protocol that could allow an attacker to impersonate any user in a Kerberos realm and gain any privilege authorized through that Kerberos realm. Description The MIT Kerberos Development team has discovered a...
PHP Message Board/Guestbook
Product : PHP Message Board/Guestbook Version : First WebSite : http://www.cyber-cats.com/php Problem : Viewing passwords file Description: ------------ In this script passwords are in passwd.txt file They are encrypted by DES algorithm. In Shrot, all who want see the passwords can make it...
MITKRB5-SA-2003-004: Cryptographic weaknesses in Kerberos v4 protocol
-----BEGIN PGP SIGNED MESSAGE----- MIT krb5 Security Advisory 2003-004 2003-03-17 Topic: Cryptographic weaknesses in Kerberos v4 protocol Severity: CRITICAL SUMMARY ======= A cryptographic weakness in version 4 of the Kerberos protocol allows an attacker to use a chosen-plaintext attack to...
SSH ssh-keygen with Secure-RPC SUN-DES-1 Phrase Recovery
The remote host is running a version of SSH Communications Security SSH comprised between versions 1.2.27 and 1.2.30. With Secure-RPC, this version can allow local attackers to recover a SUN-DES-1 magic phrase generated by another user, which the attacker can use to decrypt that user's private ke...
VNC authentication weakness
VNC authentication weakness --------------------------- VNC uses a DES-encrypted challenge-response system to avoid passing passwords over the wire in plaintext. However, it seems that a weakness in the way the challenge is generated by some servers would make this useless. The following program...
Weak encryption in SunPCi II VNC
Password is DES encoded with random key generated by server and moved over the wire...
CVE-1999-1100
CVE-1999-1100 affects Cisco PIX Private Link 4.1.6 and earlier. The vulnerability arises because certain configuration-file commands cause the DES key length to effectively shrink from 56 bits to 48 bits, easing brute-force key discovery. This is the root cause and the primary impact described in...
CVE-1999-1100
Cisco PIX Private Link 4.1.6 and earlier does not properly process certain commands in the configuration file, which reduces the effective key length of the DES key to 48 bits instead of 56 bits, which makes it easier for an attacker to find the proper key via a brute force attack...
CVE-2001-0856
The CVE-2001-0856 entry concerns IBM 4758 cryptographic hardware (CCA). The affected component is the CCA functionality used to protect DES/3DES keys. According to the description, an attacker with physical access and Combine_Key_Parts permissions can perform a brute-force attack to create a 3DES...
Извлечение криптографических ключей из IBM 4758 (unauthorized access)
Существует возможность экспорта DES/3DES ключей при определенных условиях...
Extracting a 3DES key from an IBM 4758
Extracting a 3DES key from an IBM 4758 The IBM 4758 is an extremely secure crytographic co-processor. It is used by banking systems and in other security conscious applications to hold keying material. It is designed to make it impossible to extract this keying material unless you have the correc...
Уязвимости Arkeia Backup (weak encryption)
Весь протокол обмена трафиком между клиентом и сервером не зашифрован. Используются стандартные DES-пароли...
CVE-2001-0259
ssh-keygen in ssh 1.2.27 - 1.2.30 with Secure-RPC can allow local attackers to recover a SUN-DES-1 magic phrase generated by another user, which the attacker can use to decrypt that user's private key file...
CVE-2001-0259
ssh-keygen in ssh 1.2.27 - 1.2.30 with Secure-RPC can allow local attackers to recover a SUN-DES-1 magic phrase generated by another user, which the attacker can use to decrypt that user's private key file...
CVE-2001-0259
The connected sources confirm a vulnerability in SSH Communications Security SSH versions 1.2.27–1.2.30 when Secure-RPC is enabled. A local attacker can cause the system to recover the SUN-DES-1 magic phrase generated for another user, which can then decrypt that user’s private key file. This wea...
Cisco PIX Security Notes
Cisco PIX Notes -- Introduction This is a simples paper on which i wrote down some note about "Cisco PIX Firewall" so it isn't well organized or talk specifically about a vulnerability . All test it's about THE latest pix release on this pix: Cisco Secure PIX Firewall Version 5.31 Hardware: SE442...
SSH 1.2.x - Secure-RPC Weak Encrypted Authentication
SSH 1.2.x - Secure-RPC Weak Encrypted Authentication // source: https://www.securityfocus.com/bid/2222/info SSH is a package designed to encrypt traffic between two end points using the IETF specified SSH protocol. The SSH1 package is distributed and maintained by SSH Communications Security. A...