181 matches found
CVE-2016-1000344
CVE-2016-1000344 : The vulnerability stems from the DHIES implementation in the Bouncy Castle JCE Provider (versions 1.55 and earlier) allowing ECB mode. IBM security bulletins note this BC vulnerability affecting IBM Sterling products (e.g., Sterling File Gateway and Sterling B2B Integrator) and...
CVE-2016-1000344
In the Bouncy Castle JCE Provider version 1.55 and earlier the DHIES implementation allowed the use of ECB mode. This mode is regarded as unsafe and support for it has been removed from the provider...
CVE-2016-1000352
In CVE-2016-1000352, the Bouncy Castle JCE Provider (BC) up to version 1.55 allowed ECB mode in ECIES, which is insecure. Affected product: BC JCE Provider
CVE-2016-1000344
In the Bouncy Castle JCE Provider version 1.55 and earlier the DHIES implementation allowed the use of ECB mode. This mode is regarded as unsafe and support for it has been removed from the provider...
CVE-2016-1000352
In the Bouncy Castle JCE Provider version 1.55 and earlier the ECIES implementation allowed the use of ECB mode. This mode is regarded as unsafe and support for it has been removed from the provider...
PT-2018-4638 · Bouncy Castle +2 · Bouncy Castle Jce Provider +2
Name of the Vulnerable Software and Affected Versions: Bouncy Castle JCE Provider versions 1.55 and earlier Description: The issue concerns the use of ECB mode in the DHIES implementation, which is considered unsafe. Support for this mode has been removed from the provider. Recommendations: For...
CVE-2017-2598
Jenkins before versions 2.44, 2.32.2 uses AES ECB block cipher mode without IV for encrypting secrets which makes Jenkins and the stored secrets vulnerable to unnecessary risks SECURITY-304...
CVE-2017-2598
Jenkins before versions 2.44, 2.32.2 uses AES ECB block cipher mode without IV for encrypting secrets which makes Jenkins and the stored secrets vulnerable to unnecessary risks SECURITY-304...
Design/Logic Flaw
Jenkins before versions 2.44, 2.32.2 uses AES ECB block cipher mode without IV for encrypting secrets which makes Jenkins and the stored secrets vulnerable to unnecessary risks SECURITY-304...
CVE-2017-2598
Jenkins before versions 2.44, 2.32.2 uses AES ECB block cipher mode without IV for encrypting secrets which makes Jenkins and the stored secrets vulnerable to unnecessary risks SECURITY-304...
CVE-2017-2598
Jenkins before versions 2.44, 2.32.2 uses AES ECB block cipher mode without IV for encrypting secrets which makes Jenkins and the stored secrets vulnerable to unnecessary risks SECURITY-304...
CVE-2017-2598
CVE-2017-2598 : Jenkins prior to 2.44 and 2.32.2 uses AES ECB without an IV to encrypt secrets, enabling potential exposure of stored secrets. The description explicitly ties this to Jenkins and the handling of secrets; no exploitation details are provided in the supplied documents. The available...
Variant of SynAck Malware Adopts Doppelgänging Technique
Researchers have identified a new variant of the SynAck ransomware that is now using the newly identified Process Doppelgänging to slip past antivirus programs. Researchers said this is the first ransomware seen in the wild to employ the approach. Both SynAck ransomware and Process Doppelgänging...
First-Ever Ransomware Found Using 'Process Doppelgänging' Attack to Evade Detection
Security researchers have spotted the first-ever ransomware exploiting Process Doppelgänging, a new fileless code injection technique that could help malware evade detection. The Process Doppelgänging attack takes advantage of a built-in Windows function, i.e., NTFS Transactions, and an outdated...
Path traversal
Elemental Path's CogniToys Dino smart toys through firmware version 0.0.794 use AES-128 with ECB mode to encrypt voice traffic between the device and remote server, allowing a malicious user to map encrypted traffic to a particular AES key index and gaining further access to eavesdrop on...
CVE-2017-8867
The CVE-2017-8867 entry covers CogniToys Dino smart toys (firmware up to 0.0.794). Affected component: voice traffic encryption uses AES-128 in ECB mode, which the documents state can be mapped to an AES key index, enabling eavesdropping on privacy-sensitive voice communications. Root cause is th...
CVE-2016-0736
In Apache HTTP Server versions 2.4.0 to 2.4.23, modsessioncrypto was encrypting its data/cookie using the configured ciphers with possibly either CBC or ECB modes of operation AES256-CBC by default, hence no selectable or builtin authenticated encryption. This made it vulnerable to padding oracle...
Code injection
In Apache HTTP Server versions 2.4.0 to 2.4.23, modsessioncrypto was encrypting its data/cookie using the configured ciphers with possibly either CBC or ECB modes of operation AES256-CBC by default, hence no selectable or builtin authenticated encryption. This made it vulnerable to padding oracle...
CVE-2016-0736
In Apache HTTP Server versions 2.4.0 to 2.4.23, modsessioncrypto was encrypting its data/cookie using the configured ciphers with possibly either CBC or ECB modes of operation AES256-CBC by default, hence no selectable or builtin authenticated encryption. This made it vulnerable to padding oracle...
Ubuntu 14.04 LTS / 16.04 LTS : Apache HTTP Server vulnerabilities (USN-3279-1)
The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3279-1 advisory. It was discovered that the Apache modsessioncrypto module was encrypting data and cookies using either CBC or ECB modes. A remote attacker...