197 matches found
Security Bulletin: Fixes for Multiple Security Vulnerabilities in IBM Security Identity Manager Virtual Appliance available
Summary There are multiple security vulnerabilities in various components used by IBM Security Identity Manager Virtual Appliance Vulnerability Details CVEID: CVE-2016-0327 DESCRIPTION: IBM Security Identity Manager Virtual Appliance could allow a local user to injection commands that would be...
Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM QRadar SIEM and QRadar Incident Forensics.
Summary OpenSSL vulnerabilities were disclosed on March 1, 2016 by the OpenSSL Project. OpenSSL is used by IBM QRadar SIEM and Incident Forensics. IBM QRadar SIEM and Incident Forensics has addressed the applicable CVEs including the “DROWN: Decrypting RSA with Obsolete and Weakened encryption"...
Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Security Guardium
Summary OpenSSL vulnerabilities were disclosed on March 1, 2016 by the OpenSSL Project. OpenSSL is used by IBM Security Guardium. IBM Security Guardium has addressed the applicable CVEs including the “DROWN: Decrypting RSA with Obsolete and Weakened eNcryption" vulnerability. Vulnerability Detail...
Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Security Network Protection
Summary OpenSSL vulnerabilities were disclosed on March 1, 2016 by the OpenSSL Project. OpenSSL is used by IBM Security Network Protection. IBM Security Network Protection has addressed the applicable CVEs including the “DROWN: Decrypting RSA with Obsolete and Weakened eNcryption" vulnerability...
Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM MQ Appliance
Summary OpenSSL vulnerabilities were disclosed on March 1, 2016 by the OpenSSL Project. OpenSSL is used by IBM MQ Appliance. IBM MQ Appliance has addressed the applicable CVEs including the “DROWN: Decrypting RSA with Obsolete and Weakened eNcryption" vulnerability. Vulnerability Details CVEID:...
Arista Networks EOS Multiple Vulnerabilities (SA0018) (DROWN)
The version of Arista Networks EOS running on the remote device is affected by multiple vulnerabilities in the included OpenSSL library : - A cipher algorithm downgrade vulnerability exists due to a flaw that is triggered when handling cipher negotiation. A remote attacker can exploit this to...
19-Year-Old TLS Vulnerability Weakens Website Crypto
A vulnerability called ROBOT, first identified in 1998, has resurfaced. Impacted are leading websites ranging from Facebook to Paypal, which are vulnerable to attackers that could decrypt encrypted data and sign communications using the sites’ own private encryption key. The vulnerability is foun...
F5 Networks BIG-IP : OpenSSL vulnerability (K23196136) (DROWN)
The SSLv2 protocol, as used in OpenSSL before 1.0.1s and 1.0.2 before 1.0.2g and other products, requires a server to send a ServerVerify message before establishing that a client possesses certain plaintext RSA data, which makes it easier for remote attackers to decrypt TLS ciphertext data by...
EulerOS 2.0 SP2 : openssl098e (EulerOS-SA-2017-1039)
According to the versions of the openssl098e package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The BNbn2dec function in crypto/bn/bnprint.c in OpenSSL before 1.1.0 does not properly validate division results, which allows remote...
DROWN Attack
OpenSSL is vulnerable to the DROWN attack. The DROWN attack is also known as a Bleichenbacher RSA padding oracle. This vulnerability allows a malicious user to recover a session key from SSL2.0 connections, allowing them to decrypt such connections...
Extreme ExtremeXOS DROWN Vulnerability (VN-2016-004)
Extreme ExtremeXOS is prone to the OpenSSL SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/o:extremenetworks:exos"; if description...
Juniper ScreenOS 6.3.x < 6.3.0r23 Multiple Vulnerabilities in OpenSSL (JSA10759) (DROWN)
The version of Juniper ScreenOS running on the remote host is 6.3.x prior to 6.3.0r23. It is, therefore, affected by multiple vulnerabilities in its bundled version of OpenSSL : - A flaw exists in the SSLv2 implementation, specifically in the getclientmasterkey function within file s2srvr.c, due ...
Mozilla Reduces Threat of Export-Grade Crypto to Firefox
Logjam was one of several downgrade attacks discovered in the last 18 months that could theoretically allow a resourced attacker to take advantage of lingering export-grade cryptography to read and modify data over a supposedly secure connection. While the severity of this particular attack again...
Internet Bug Bounty: SSLv2 doesn't block disabled ciphers (CVE-2015-3197)
This is a DROWN-related issue that essentially circumvented the instructions on how to disable SSLv2 at the time. Its primary effect was that a lot of servers were vulnerable to DROWN even though they thought they had SSLv2 disabled. It was reported to OpenSSL and fixed in versions 1.0.2f and...
Internet Bug Bounty: Cross-protocol attack on TLS using SSLv2 (DROWN) (CVE-2016-0800)
General DROWN was responsibly disclosed to the OpenSSL team prior to the public disclosure. This OpenSSL blog post, by Viktor Dukhovni and Emilia Käsper, describes the vulnerability: https://www.openssl.org/blog/blog/2016/03/01/an-openssl-users-guide-to-drown/ This is probably a good opportunity ...
FreeBSD : FreeBSD -- Multiple OpenSSL vulnerabilities (7b1a4a27-600a-11e6-a6c3-14dae9d210b8) (DROWN)
A cross-protocol attack was discovered that could lead to decryption of TLS sessions by using a server supporting SSLv2 and EXPORT cipher suites as a Bleichenbacher RSA padding oracle. Note that traffic between clients and non-vulnerable servers can be decrypted provided another server supporting...
A2SV - Auto Scanning to SSL Vulnerability
█████╗ ██████╗ ███████╗██╗ ██╗ ██╔══██╗╚════██╗██╔════╝██║ ██║ ███████║ █████╔╝███████╗██║ ██║ .o oOOOOOOOo ██╔══██║██╔═══╝ ╚════██║╚██╗ ██╔╝ OOOo Ob.OOOOOOOo O ██║ ██║███████╗███████║ ╚████╔╝ .adOOOOOOO OboO'''''''''' ╚═╝ ╚═╝╚══════╝╚══════╝ ╚═══╝ ''''''''''OO OOP.oOOOOOOOOOOO 'POOOOOOOOOOOo...
OpenSSL 0.9.8 < 0.9.8zf / 1.0.0 < 1.0.0r / 1.0.1 < 1.0.1m / 1.0.2 < 1.0.2a Information Disclosure (DROWN)
Binary data 9462.prm...
Export-Grade Crypto Patching Improves
LAS VEGAS – The FREAK, LOGJAM and DROWN attacks of the last 17 months weren’t just the work of academics and security researchers who found a cool way to unmask encrypted traffic. They were ugly reminders of the Crypto Wars of the 1990s and why export-grade cryptography and intentional encryption...
Critical: Red Hat Security Advisory: Red Hat JBoss Operations Network 3.3.6 update
Red Hat JBoss Operations Network 3.3 update 6, which fixes two security issues and several bugs, is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which...