Lucene search
+L

733 matches found

cvelist
cvelist
added 2003/03/21 5:0 a.m.32 views

CVE-2003-0139

Certain weaknesses in the implementation of version 4 of the Kerberos protocol krb4 in the krb5 distribution, when triple-DES keys are used to key krb4 services, allow an attacker to create krb4 tickets for unauthorized principals using a cut-and-paste attack and "ticket splicing."...

9.2AI score0.04284EPSS
Exploits0References11
debiancve
debiancve
added 2003/03/21 5:0 a.m.42 views

CVE-2003-0139

Certain weaknesses in the implementation of version 4 of the Kerberos protocol krb4 in the krb5 distribution, when triple-DES keys are used to key krb4 services, allow an attacker to create krb4 tickets for unauthorized principals using a cut-and-paste attack and "ticket splicing."...

7.5CVSS6.2AI score0.04284EPSS
Exploits0
cve
cve
added 2003/03/21 5:0 a.m.88 views

CVE-2003-0139

The connected Debian advisory (DSA-266-1) confirms CVE-2003-0139 concerns MIT Kerberos 4 (krb4) weaknesses in the krb5 distribution. Specifically, when using triple-DES keys to protect krb4 services, an attacker can craft krb4 tickets for unauthorized principals via a cut-and-paste/ticket-splicin...

7.5CVSS9.2AI score0.04284EPSS
Exploits0References11Affected Software1
cert
cert
added 2003/03/20 12:0 a.m.42 views

MIT Kerberos vulnerable to ticket splicing when using Kerberos4 triple DES service tickets

Overview Several cryptographic vulnerabilities exist in the basic Kerberos version 4 protocol that could allow an attacker to impersonate any user in a Kerberos realm and gain any privilege authorized through that Kerberos realm. Description The MIT Kerberos Development team has discovered a...

7.5CVSS9.4AI score0.04284EPSS
Exploits0References1
securityvulns
securityvulns
added 2003/03/19 12:0 a.m.30 views

PHP Message Board/Guestbook

Product : PHP Message Board/Guestbook Version : First WebSite : http://www.cyber-cats.com/php Problem : Viewing passwords file Description: ------------ In this script passwords are in passwd.txt file They are encrypted by DES algorithm. In Shrot, all who want see the passwords can make it...

0.4AI score
Exploits0
securityvulns
securityvulns
added 2003/03/17 12:0 a.m.40 views

MITKRB5-SA-2003-004: Cryptographic weaknesses in Kerberos v4 protocol

-----BEGIN PGP SIGNED MESSAGE----- MIT krb5 Security Advisory 2003-004 2003-03-17 Topic: Cryptographic weaknesses in Kerberos v4 protocol Severity: CRITICAL SUMMARY ======= A cryptographic weakness in version 4 of the Kerberos protocol allows an attacker to use a chosen-plaintext attack to...

0.1AI score
Exploits0
nessus
nessus
added 2003/03/10 12:0 a.m.34 views

SSH ssh-keygen with Secure-RPC SUN-DES-1 Phrase Recovery

The remote host is running a version of SSH Communications Security SSH comprised between versions 1.2.27 and 1.2.30. With Secure-RPC, this version can allow local attackers to recover a SUN-DES-1 magic phrase generated by another user, which the attacker can use to decrypt that user's private ke...

3.6CVSS5.5AI score0.00842EPSS
Exploits1References1
securityvulns
securityvulns
added 2002/07/24 12:0 a.m.52 views

VNC authentication weakness

VNC authentication weakness --------------------------- VNC uses a DES-encrypted challenge-response system to avoid passing passwords over the wire in plaintext. However, it seems that a weakness in the way the challenge is generated by some servers would make this useless. The following program...

0.5AI score
Exploits0
securityvulns
securityvulns
added 2002/07/04 12:0 a.m.51 views

Weak encryption in SunPCi II VNC

Password is DES encoded with random key generated by server and moved over the wire...

2.5AI score
Exploits0References1Affected Software1
cve
cve
added 2002/03/09 5:0 a.m.49 views

CVE-1999-1100

CVE-1999-1100 affects Cisco PIX Private Link 4.1.6 and earlier. The vulnerability arises because certain configuration-file commands cause the DES key length to effectively shrink from 56 bits to 48 bits, easing brute-force key discovery. This is the root cause and the primary impact described in...

7.5CVSS7AI score0.01362EPSS
Exploits0References3Affected Software1
cvelist
cvelist
added 2002/03/09 5:0 a.m.16 views

CVE-1999-1100

Cisco PIX Private Link 4.1.6 and earlier does not properly process certain commands in the configuration file, which reduces the effective key length of the DES key to 48 bits instead of 56 bits, which makes it easier for an attacker to find the proper key via a brute force attack...

6.6AI score0.01362EPSS
Exploits0References3
cve
cve
added 2001/11/22 5:0 a.m.57 views

CVE-2001-0856

The CVE-2001-0856 entry concerns IBM 4758 cryptographic hardware (CCA). The affected component is the CCA functionality used to protect DES/3DES keys. According to the description, an attacker with physical access and Combine_Key_Parts permissions can perform a brute-force attack to create a 3DES...

4.6CVSS6.4AI score0.00468EPSS
Exploits1References4Affected Software1
securityvulns
securityvulns
added 2001/11/10 12:0 a.m.40 views

Извлечение криптографических ключей из IBM 4758 (unauthorized access)

Существует возможность экспорта DES/3DES ключей при определенных условиях...

2AI score
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2001/11/10 12:0 a.m.31 views

Extracting a 3DES key from an IBM 4758

Extracting a 3DES key from an IBM 4758 The IBM 4758 is an extremely secure crytographic co-processor. It is used by banking systems and in other security conscious applications to hold keying material. It is designed to make it impossible to extract this keying material unless you have the correc...

0.9AI score
Exploits0
securityvulns
securityvulns
added 2001/08/17 12:0 a.m.96 views

Уязвимости Arkeia Backup (weak encryption)

Весь протокол обмена трафиком между клиентом и сервером не зашифрован. Используются стандартные DES-пароли...

2AI score
Exploits0References1
nvd
nvd
added 2001/06/02 4:0 a.m.22 views

CVE-2001-0259

ssh-keygen in ssh 1.2.27 - 1.2.30 with Secure-RPC can allow local attackers to recover a SUN-DES-1 magic phrase generated by another user, which the attacker can use to decrypt that user's private key file...

3.6CVSS6.2AI score0.00842EPSS
Exploits1References4
cvelist
cvelist
added 2001/05/07 4:0 a.m.31 views

CVE-2001-0259

ssh-keygen in ssh 1.2.27 - 1.2.30 with Secure-RPC can allow local attackers to recover a SUN-DES-1 magic phrase generated by another user, which the attacker can use to decrypt that user's private key file...

6.2AI score0.00842EPSS
Exploits1References4
cve
cve
added 2001/05/07 4:0 a.m.60 views

CVE-2001-0259

The connected sources confirm a vulnerability in SSH Communications Security SSH versions 1.2.27–1.2.30 when Secure-RPC is enabled. A local attacker can cause the system to recover the SUN-DES-1 magic phrase generated for another user, which can then decrypt that user’s private key file. This wea...

3.6CVSS6.2AI score0.00842EPSS
Exploits1References4Affected Software1
securityvulns
securityvulns
added 2001/03/12 12:0 a.m.77 views

Cisco PIX Security Notes

Cisco PIX Notes -- Introduction This is a simples paper on which i wrote down some note about "Cisco PIX Firewall" so it isn't well organized or talk specifically about a vulnerability . All test it's about THE latest pix release on this pix: Cisco Secure PIX Firewall Version 5.31 Hardware: SE442...

0.2AI score
Exploits0
exploitpack
exploitpack
added 2001/01/16 12:0 a.m.21 views

SSH 1.2.x - Secure-RPC Weak Encrypted Authentication

SSH 1.2.x - Secure-RPC Weak Encrypted Authentication // source: https://www.securityfocus.com/bid/2222/info SSH is a package designed to encrypt traffic between two end points using the IETF specified SSH protocol. The SSH1 package is distributed and maintained by SSH Communications Security. A...

0.2AI score
Exploits0
Rows per page
Query Builder