Lucene search
K

171 matches found

Debian CVE
Debian CVE
added 2019/11/06 12:0 a.m.31 views

CVE-2019-14833

A flaw was found in Samba, all versions starting samba 4.5.0 before samba 4.9.15, samba 4.10.10, samba 4.11.2, in the way it handles a user password change or a new password for a samba user. The Samba Active Directory Domain Controller can be configured to use a custom script to check for passwo...

5.4CVSS5.4AI score0.02084EPSS
Exploits0
UbuntuCve
UbuntuCve
added 2019/10/29 12:0 a.m.26 views

CVE-2019-14833

A flaw was found in Samba, all versions starting samba 4.5.0 before samba 4.9.15, samba 4.10.10, samba 4.11.2, in the way it handles a user password change or a new password for a samba user. The Samba Active Directory Domain Controller can be configured to use a custom script to check for passwo...

5.4CVSS6.3AI score0.02084EPSS
Exploits0References3
OSV
OSV
added 2019/10/29 12:0 a.m.3 views

UBUNTU-CVE-2019-14833

A flaw was found in Samba, all versions starting samba 4.5.0 before samba 4.9.15, samba 4.10.10, samba 4.11.2, in the way it handles a user password change or a new password for a samba user. The Samba Active Directory Domain Controller can be configured to use a custom script to check for passwo...

5.4CVSS6.2AI score0.02084EPSS
Exploits0References4
Mageia
Mageia
added 2019/08/31 1:22 p.m.61 views

Updated wpa_supplicant and hostapd packages fix security vulnerability

A number of potential side channel attacks were discovered in the SAE implementations used by both hostapd AP and wpasupplicant infrastructure BSS station/mesh station. SAE Simultaneous Authentication of Equals is also known as WPA3-Personal. The discovered side channel attacks may be able to lea...

5.9CVSS0.9AI score0.03739EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2019/08/06 2:7 a.m.31 views

CVE-2019-13456

An information leak was discovered in the implementation of EAP-pwd in freeradius. An attacker could initiate several EAP-pwd handshakes to leak information, which can then be used to recover the user's WiFi password by performing dictionary and brute-force attacks...

6.5CVSS1.7AI score0.01632EPSS
Exploits1References3
Kitploit
Kitploit
added 2019/05/15 12:54 p.m.84 views

Trigmap - A Wrapper For Nmap To Automate The Pentest

Trigmap is a wrapper for Nmap. You can use it to easily start Nmap scan and especially to collect informations into a well organized directory hierarchy. The use of Nmap makes the script portable easy to run not only on Kali Linux and very efficient thanks to the optimized Nmap algorithms. Detail...

6.9AI score
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2019/04/23 12:0 a.m.38 views

FreeBSD : FreeBSD -- SAE side-channel attacks (7e53f9cc-656d-11e9-8e67-206a8a720317)

Side channel attacks in the SAE implementations used by both hostapd AP and wpasupplicant infrastructure BSS station/mesh station. SAE Simultaneous Authentication of Equals is also known as WPA3-Personal. The discovered side channel attacks may be able to leak information about the used password...

5.9CVSS6.9AI score0.03739EPSS
Exploits0References2
Schneier on Security
Schneier on Security
added 2019/04/15 7:0 p.m.59 views

Vulnerabilities in the WPA3 Wi-Fi Security Protocol

Researchers have found several vulnerabilities in the WPA3 Wi-Fi security protocol: The design flaws we discovered can be divided in two categories. The first category consists of downgrade attacks against WPA3-capable devices, and the second category consists of weaknesses in the Dragonfly...

1.6AI score
Exploits0
The Hacker News
The Hacker News
added 2019/04/10 6:30 p.m.738 views

Security Flaws in WPA3 Protocol Let Attackers Hack WiFi Password

🔥 Breaking — It has been close to just one year since the launch of next-generation Wi-Fi security standard WPA3 and researchers have unveiled several serious vulnerabilities in the wireless security protocol that could allow attackers to recover the password of the Wi-Fi network. WPA, or Wi-Fi...

5.9CVSS0.6AI score0.03739EPSS
Exploits0
UbuntuCve
UbuntuCve
added 2019/02/21 3:29 a.m.33 views

CVE-2013-7469

Seafile through 6.2.11 always uses the same Initialization Vector IV with Cipher Block Chaining CBC Mode to encrypt private data, making it easier to conduct chosen-plaintext attacks or dictionary attacks...

7.5CVSS7.1AI score0.01089EPSS
Exploits0References3
OSV
OSV
added 2019/02/21 3:29 a.m.2 views

DEBIAN-CVE-2013-7469

Seafile through 6.2.11 always uses the same Initialization Vector IV with Cipher Block Chaining CBC Mode to encrypt private data, making it easier to conduct chosen-plaintext attacks or dictionary attacks...

7.5CVSS7AI score0.01089EPSS
Exploits0References1
OSV
OSV
added 2019/02/21 3:29 a.m.26 views

UBUNTU-CVE-2013-7469

Seafile through 6.2.11 always uses the same Initialization Vector IV with Cipher Block Chaining CBC Mode to encrypt private data, making it easier to conduct chosen-plaintext attacks or dictionary attacks...

7.5CVSS5.8AI score0.01089EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2019/02/21 3:0 a.m.16 views

CVE-2013-7469

Seafile through 6.2.11 always uses the same Initialization Vector IV with Cipher Block Chaining CBC Mode to encrypt private data, making it easier to conduct chosen-plaintext attacks or dictionary attacks...

7.5CVSS7.5AI score0.01089EPSS
Exploits0
Prion
Prion
added 2019/02/18 8:29 p.m.10 views

Code injection

The seadroid aka Seafile Android Client application through 2.2.13 for Android always uses the same Initialization Vector IV with Cipher Block Chaining CBC Mode to encrypt private data, making it easier to conduct chosen-plaintext attacks or dictionary attacks...

5CVSS7.4AI score0.01444EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2019/02/18 8:29 p.m.12 views

CVE-2019-8919

The seadroid aka Seafile Android Client application through 2.2.13 for Android always uses the same Initialization Vector IV with Cipher Block Chaining CBC Mode to encrypt private data, making it easier to conduct chosen-plaintext attacks or dictionary attacks...

7.5CVSS6.9AI score
Exploits0References1
CVE
CVE
added 2019/02/18 8:0 p.m.38 views

CVE-2019-8919

The CVE-2019-8919 entry applies to the Seafile Android Client (seadroid) up to version 2.2.13, which uses the same Initialization Vector (IV) for CBC encryption of private data. This IV reuse enables chosen-plaintext and dictionary-style attacks against encrypted data, as described in the NVD ent...

7.5CVSS7.4AI score0.01444EPSS
Exploits0References1Affected Software1
Kitploit
Kitploit
added 2018/12/09 9:14 p.m.194 views

Cameradar v2.1.0 - Hacks Its Way Into RTSP Videosurveillance Cameras

An RTSP stream access tool that comes with its library Cameradar allows you to Detect open RTSP hosts on any accessible target host Detect which device model is streaming Launch automated dictionary attacks to get their stream route e.g.: /live.sdp Launch automated dictionary attacks to get the...

7.1AI score
Exploits0References9
CVE
CVE
added 2018/09/06 9:0 p.m.148 views

CVE-2018-5389

CVE-2018-5389 concerns the IKEv1 main mode with Pre-Shared Keys (PSK). The vulnerability allows an offline dictionary/brute-force attack to recover a weak PSK and can enable impersonation of a host or network, particularly when PSKs are reused across versions/modes. Cross-protocol authentication ...

5.9CVSS5.8AI score0.03038EPSS
Exploits1References5Affected Software1
Debian CVE
Debian CVE
added 2018/09/06 9:0 p.m.21 views

CVE-2018-5389

The Internet Key Exchange v1 main mode is vulnerable to offline dictionary or brute force attacks. Reusing a key pair across different versions and modes of IKE could lead to cross-protocol authentication bypasses. It is well known, that the aggressive mode of IKEv1 PSK is vulnerable to offline...

5.9CVSS5.9AI score0.03038EPSS
Exploits1
Fortinet
Fortinet
added 2018/08/27 12:0 a.m.80 views

Bleichenbacher and Dictionary Attacks on IPsec IKE

Two new attacks on IPsec IKE Internet Key Exchange were recently disclosed 1, involving multiple ways to perform attacks against IKE signature based and PSK Pre-Shared Key authentications. The end goal is to crack IPsec VPN encrypted communications. The relevant CVEs are: CVE-2018-5389: Practical...

4.3CVSS1.2AI score0.03038EPSS
Exploits1
Rows per page
Query Builder