34 matches found
Artificial Noise Versus Artificial Noise Elimination: Redefining Scaling Laws of Physical Layer Security
Artificial noise AN is a key physical-layer security scheme for wireless communications over multiple-input multiple-output wiretap channels. Recently, artificial noise elimination ANE has emerged as a strategy to mitigate the impact of AN on eavesdroppers. However, the influence of ANE on the...
Pattern Based Quantum Key Distribution Using the Five Qubit Perfect Code for Eavesdropper Detection
I propose a new quantum key distribution protocol that uses the five qubit error correction code to detect the presence of eavesdropper reliably. The protocol turns any information theoretical attacks into a classical guess about the pattern. The logical qubit is encoded with a specific pattern...
CKM-Assisted Physical-Layer Security for Resilience against Unknown Eavesdropping Location
Channel Knowledge Map CKM is an emerging data-driven toolbox that captures our awareness of the wireless channel and enables efficient communication and resource allocation beyond the state of the art. In this work, we consider CKM for improving physical-layer security PLS in the presence of a...
CVE-2022-47930
An issue was discovered in IO FinNet tss-lib before 2.0.0. The parameter ssid for defining a session id is not used through the MPC implementation, which makes replaying and spoofing of messages easier. In particular, the Schnorr proof of knowledge implemented in sch.go does not utilize a session...
CBL Mariner 2.0 Security Update: postgresql (CVE-2024-4317)
The version of postgresql installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-4317 advisory. - Missing authorization in PostgreSQL built-in views pgstatsext and pgstatsextexprs allows an unprivileged...
LTESniffer - An Open-source LTE Downlink/Uplink Eavesdropper
LTESniffer is An Open-source LTE Downlink/Uplink Eavesdropper It first decodes the Physical Downlink Control Channel PDCCH to obtain the Downlink Control Informations DCIs and Radio Network Temporary Identifiers RNTIs of all active users. Using decoded DCIs and RNTIs, LTESniffer further decodes t...
Input validation
If a TLS 1.3 client gets neither a PSK pre shared key extension nor a KSE key share extension when connecting to a malicious server, a default predictable buffer gets used for the IKM Input Keying Material value when generating the session master secret. Using a potentially known IKM value when...
CVE-2023-3724
If a TLS 1.3 client gets neither a PSK pre shared key extension nor a KSE key share extension when connecting to a malicious server, a default predictable buffer gets used for the IKM Input Keying Material value when generating the session master secret. Using a potentially known IKM value when...
CVE-2023-3724 TLS 1.3 client issue handling malicious server when not including a KSE and PSK extension
If a TLS 1.3 client gets neither a PSK pre shared key extension nor a KSE key share extension when connecting to a malicious server, a default predictable buffer gets used for the IKM Input Keying Material value when generating the session master secret. Using a potentially known IKM value when...
CVE-2023-3724 TLS 1.3 client issue handling malicious server when not including a KSE and PSK extension
If a TLS 1.3 client gets neither a PSK pre shared key extension nor a KSE key share extension when connecting to a malicious server, a default predictable buffer gets used for the IKM Input Keying Material value when generating the session master secret. Using a potentially known IKM value when...
IO FinNet tss-lib vulnerable to replay attacks involving proofs
An issue was discovered in IO FinNet tss-lib before 2.0.0. The parameter ssid for defining a session id is not used through the MPC implementation, which makes replaying and spoofing of messages easier. In particular, the Schnorr proof of knowledge implemented in sch.go does not utilize a session...
Design/Logic Flaw
An issue was discovered in IO FinNet tss-lib before 2.0.0. The parameter ssid for defining a session id is not used through the MPC implementation, which makes replaying and spoofing of messages easier. In particular, the Schnorr proof of knowledge implemented in sch.go does not utilize a session...
Authentication Bypass by Capture-replay
An issue was discovered in IO FinNet tss-lib before 2.0.0. The parameter ssid for defining a session id is not used through the MPC implementation, which makes replaying and spoofing of messages easier. In particular, the Schnorr proof of knowledge implemented in sch.go does not utilize a session...
Debian: Security Advisory (DLA-426-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
TPM 1.2 key authorization values vulnerable to TPM transport eavesdropper in go-tpm
Impact TPM 2.0 users are unaffected by this issue. An adversary eavesdropping on the TPM 1.2 transport path can calculate usageAuth for a key created with CreateWrapKey, even though this value is encrypted as part of the TPM 1.2 command protocol. The TPM 1.2 CreateWrapKey command accepts two...
GHSA-5X29-3HR9-6WPW TPM 1.2 key authorization values vulnerable to TPM transport eavesdropper in go-tpm
Impact TPM 2.0 users are unaffected by this issue. An adversary eavesdropping on the TPM 1.2 transport path can calculate usageAuth for a key created with CreateWrapKey, even though this value is encrypted as part of the TPM 1.2 command protocol. The TPM 1.2 CreateWrapKey command accepts two...
“Eavesdropper” Flaw Exposes Millions of Call, Texts and Recordings
By Uzair Amir Eavesdropper is a dangerous new vulnerability identified by researchers from This is a post from HackRead.com Read the original post: Eavesdropper Flaw Exposes Millions of Call, Texts and Recordings...
Eavesdropper Vulnerability Exposes Mobile Call, Text Data
UPDATE Mobile app developers who code using the Twilio cloud-based platform and are forgetful about removing their hardcoded credentials have put businesses messaging data at risk for exposure. The so-called Eavesdropper vulnerability, disclosed today by Appthority, has been around since 2011 and...
Debian Security Advisory DSA 3488-1 (libssh - security update)
Aris Adamantiadis discovered that libssh, a tiny C SSH library, incorrectly generated a short ephemeral secret for the diffie-hellman-group1 and diffie-hellman-group14 key exchange methods. The resulting secret is 128 bits long, instead of the recommended sizes of 1024 and 2048 bits respectively...
Debian: Security Advisory (DSA-3488-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...