357 matches found
CVE-2014-8627
PolarSSL 1.3.8 does not properly negotiate the signature algorithm to use, which allows remote attackers to conduct downgrade attacks via unspecified vectors...
CVE-2014-8627
PolarSSL 1.3.8 does not properly negotiate the signature algorithm to use, which allows remote attackers to conduct downgrade attacks via unspecified vectors...
DEBIAN-CVE-2014-5277
Docker before 1.3.1 and docker-py before 0.5.3 fall back to HTTP when the HTTPS connection to the registry fails, which allows man-in-the-middle attackers to conduct downgrade attacks and obtain authentication and image data by leveraging a network position between the client and the registry to...
UBUNTU-CVE-2014-5277
Docker before 1.3.1 and docker-py before 0.5.3 fall back to HTTP when the HTTPS connection to the registry fails, which allows man-in-the-middle attackers to conduct downgrade attacks and obtain authentication and image data by leveraging a network position between the client and the registry to...
CVE-2014-5277
Docker before 1.3.1 and docker-py before 0.5.3 fall back to HTTP when the HTTPS connection to the registry fails, which allows man-in-the-middle attackers to conduct downgrade attacks and obtain authentication and image data by leveraging a network position between the client and the registry to...
CVE-2014-5277
Docker before 1.3.1 and docker-py before 0.5.3 fall back to HTTP when the HTTPS connection to the registry fails, which allows man-in-the-middle attackers to conduct downgrade attacks and obtain authentication and image data by leveraging a network position between the client and the registry to...
CVE-2014-5277
CVE-2014-5277 affects Docker before 1.3.1 and docker-py before 0.5.3, where fallbacks to HTTP occur if HTTPS to the registry fails. This enables man-in-the-middle downgrade attacks that can lead to exposure of authentication and image data when an attacker sits between the client and registry. Co...
PT-2014-6389 · Docker +1 · Docker +2
Name of the Vulnerable Software and Affected Versions: Docker versions prior to 1.3.1 docker-py versions prior to 0.5.3 Description: The issue allows man-in-the-middle attackers to conduct downgrade attacks. This can be achieved by leveraging a network position between the client and the registry...
OpenSSL TLS Protocol Downgrade Attack (CVE-2014-3511)
OpenSSL allows man-in-the-middle attackers to force the use of TLS 1.0 by triggering ClientHello message fragmentation in communication between a client and server, even though both client and server support later TLS versions...
PT-2015-1696
Name of the Vulnerable Software and Affected Versions TLS protocol versions 1.2 and earlier Description The issue concerns a problem with the TLS protocol where a DHE EXPORT ciphersuite is enabled on a server but not on a client, allowing man-in-the-middle attackers to conduct cipher-downgrade...
zeromq: Man-in-the-middle downgrade and replay attack
CVE-2014-7202 downgrade attack A bug in streamengine.cpp allows man-in-the-middle attackers to conduct downgrade attacks via a crafted connection request. - CVE-2014-7203 replay attack libzmq did not ensure that nonces are unique, which allows man-in-the-middle attackers to conduct replay attacks...
POODLE SSL 3.0 Attack Exploits Widely-used Web Encryption Standard
Another Heartbleed-like vulnerability has been discovered in the decade old but still widely used Secure Sockets Layer SSL 3.0 cryptographic protocol that could allow an attacker to decrypt contents of encrypted connections to websites. Google's Security Team revealed on Tuesday that the most...
CVE-2014-7202
streamengine.cpp in libzmq aka ZeroMQ/C++ 4.0.5 before 4.0.5 allows man-in-the-middle attackers to conduct downgrade attacks via a crafted connection request...
CVE-2014-7202
streamengine.cpp in libzmq aka ZeroMQ/C++ 4.0.5 before 4.0.5 allows man-in-the-middle attackers to conduct downgrade attacks via a crafted connection request...
DEBIAN-CVE-2014-7202
streamengine.cpp in libzmq aka ZeroMQ/C++ 4.0.5 before 4.0.5 allows man-in-the-middle attackers to conduct downgrade attacks via a crafted connection request...
CVE-2014-7202
streamengine.cpp in libzmq aka ZeroMQ/C++ 4.0.5 before 4.0.5 allows man-in-the-middle attackers to conduct downgrade attacks via a crafted connection request...
UBUNTU-CVE-2014-7202
streamengine.cpp in libzmq aka ZeroMQ/C++ 4.0.5 before 4.0.5 allows man-in-the-middle attackers to conduct downgrade attacks via a crafted connection request...
CVE-2014-7202
streamengine.cpp in libzmq aka ZeroMQ/C++ 4.0.5 before 4.0.5 allows man-in-the-middle attackers to conduct downgrade attacks via a crafted connection request...
openssl: TLS protocol downgrade attack
A flaw was found in the way OpenSSL handled fragmented handshake packets. A man-in-the-middle attacker could use this flaw to force a TLS/SSL server using OpenSSL to use TLS 1.0, even if both the client and the server supported newer protocol versions...
Unicorn - Tool for using a PowerShell downgrade attack and inject shellcode straight into memory
Magic Unicorn is a simple tool for using a PowerShell downgrade attack and inject shellcode straight into memory. Based on Matthew Graeber's powershell attacks and the powershell bypass technique presented by David Kennedy TrustedSec and Josh Kelly at Defcon 18. Usage is simple, just run Magic...