259 matches found
CVE-2020-5408
Spring Security versions 5.3.x prior to 5.3.2, 5.2.x prior to 5.2.4, 5.1.x prior to 5.1.10, 5.0.x prior to 5.0.16 and 4.2.x prior to 4.2.16 use a fixed null initialization vector with CBC Mode in the implementation of the queryable text encryptor. A malicious user with access to the data that has...
CVE-2020-5408 Dictionary attack with Spring Security queryable text encryptor
Spring Security versions 5.3.x prior to 5.3.2, 5.2.x prior to 5.2.4, 5.1.x prior to 5.1.10, 5.0.x prior to 5.0.16 and 4.2.x prior to 4.2.16 use a fixed null initialization vector with CBC Mode in the implementation of the queryable text encryptor. A malicious user with access to the data that has...
CVE-2020-5408
CVE-2020-5408 (IBM) affects IBM Sterling Connect:Direct Web Services. A fixed null initialization vector in CBC mode for the queryable text encryptor may allow a dictionary attack to derive unencrypted values, exposing sensitive information. Remediation is via upgrading to supported fixes: IBM St...
freeradius: eap-pwd: Information leak due to aborting when needing more than 10 iterations
An information leak was discovered in the implementation of EAP-pwd in freeradius. An attacker could initiate several EAP-pwd handshakes to leak information, which can then be used to recover the user's WiFi password by performing dictionary and brute-force attacks...
CVE-2019-20575
An issue was discovered on Samsung mobile devices with P9.0 software. The WPA3 handshake feature allows a downgrade or dictionary attack. The Samsung ID is SVE-2019-14204 August 2019...
CVE-2019-20575
An issue was discovered on Samsung mobile devices with P9.0 software. The WPA3 handshake feature allows a downgrade or dictionary attack. The Samsung ID is SVE-2019-14204 August 2019...
Design/Logic Flaw
An issue was discovered on Samsung mobile devices with P9.0 software. The WPA3 handshake feature allows a downgrade or dictionary attack. The Samsung ID is SVE-2019-14204 August 2019...
CVE-2019-20575
The CVE-2019-20575 entry concerns Samsung mobile devices running P(9.0). The vulnerability lies in the WPA3 handshake, allowing a downgrade or dictionary attack. Affected component: WPA3 handshake implementation on Samsung devices (SVE-2019-14204 reference). The available connected records corrob...
CVE-2019-14833
CVE-2019-14833 affects Samba, specifically the AD DC password handling where a custom script for password complexity may fail to verify non‑ASCII passwords, potentially allowing weak passwords and dictionary attacks. Affected releases include Samba 4.5.0 up to but not including 4.9.15, and also 4...
D-Link DAP-1320 Authorization Issues Vulnerability
The D-Link DAP-1320 is a wireless signal extender from AUO D-Link of Taiwan, China. A security vulnerability exists in the D-Link DAP-1320 A2-V1.21 version, which originates from some web interfaces that do not require authentication. An attacker could obtain the user's Wi-Fi SSID and password to...
CVE-2019-12941
AutoPi Wi-Fi/NB and 4G/LTE devices before 2019-10-15 allows an attacker to perform a brute-force attack or dictionary attack to gain access to the WiFi network, which provides root access to the device. The default WiFi password and WiFi SSID are derived from the same hash function output input i...
CVE-2019-12941
AutoPi Wi-Fi/NB and 4G/LTE devices before 2019-10-15 allows an attacker to perform a brute-force attack or dictionary attack to gain access to the WiFi network, which provides root access to the device. The default WiFi password and WiFi SSID are derived from the same hash function output input i...
CVE-2019-12941
Summary : CVE-2019-12941 affects AutoPi Wi‑Fi/NB and AutoPi 4G/LTE devices prior to 2019-10-15. The default WiFi password and WiFi SSID are derived from the same hash function output using an 8‑character input, enabling an attacker to perform brute‑force or dictionary attacks to gain access to th...
Authentication flaw
D-Link DAP-1320 A2-V1.21 routers have some web interfaces without authentication requirements, as demonstrated by uplinkinfo.xml. An attacker can remotely obtain a user's Wi-Fi SSID and password, which could be used to connect to Wi-Fi or perform a dictionary attack...
CVE-2019-17505
D-Link DAP-1320 A2-V1.21 routers have some web interfaces without authentication requirements, as demonstrated by uplinkinfo.xml. An attacker can remotely obtain a user's Wi-Fi SSID and password, which could be used to connect to Wi-Fi or perform a dictionary attack...
CVE-2019-11277
Cloud Foundry NFS Volume Service, 1.7.x versions prior to 1.7.11 and 2.x versions prior to 2.3.0, is vulnerable to LDAP injection. A remote authenticated malicious space developer can potentially inject LDAP filters via service instance creation, facilitating the malicious space developer to deny...
Design/Logic Flaw
Cloud Foundry NFS Volume Service, 1.7.x versions prior to 1.7.11 and 2.x versions prior to 2.3.0, is vulnerable to LDAP injection. A remote authenticated malicious space developer can potentially inject LDAP filters via service instance creation, facilitating the malicious space developer to deny...
MGASA-2019-0229 Updated wpa_supplicant and hostapd packages fix security vulnerability
A number of potential side channel attacks were discovered in the SAE implementations used by both hostapd AP and wpasupplicant infrastructure BSS station/mesh station. SAE Simultaneous Authentication of Equals is also known as WPA3-Personal. The discovered side channel attacks may be able to lea...
Brutemap - Tool That Automates Testing Accounts To The Site's Login Page
Brutemap is an open source penetration testing tool that automates testing accounts to the site's login page, based on Dictionary Attack. With this, you no longer need to search for other bruteforce tools and you also no longer need to ask CMS What is this? only to find parameter forms, because...
JWT Tool - A Toolkit For Testing, Tweaking And Cracking JSON Web Tokens
jwttool.py is a toolkit for validating, forging and cracking JWTs JSON Web Tokens. Its functionality includes: Checking the validity of a token Testing for the RS/HS256 public key mismatch vulnerability Testing for the alg=None signature-bypass vulnerability Testing the validity of a secret/key/k...