181 matches found
Beaker information leakage
Information leakage in AES ECB mode...
CVE-2012-3458
Beaker before 1.6.4, when using PyCrypto to encrypt sessions, uses AES in ECB cipher mode, which might allow remote attackers to obtain portions of sensitive session data via unspecified vectors...
CVE-2012-3458
Beaker before 1.6.4, when using PyCrypto to encrypt sessions, uses AES in ECB cipher mode, which might allow remote attackers to obtain portions of sensitive session data via unspecified vectors...
DEBIAN-CVE-2012-3458
Beaker before 1.6.4, when using PyCrypto to encrypt sessions, uses AES in ECB cipher mode, which might allow remote attackers to obtain portions of sensitive session data via unspecified vectors...
CVE-2012-3458
Beaker before 1.6.4, when using PyCrypto to encrypt sessions, uses AES in ECB cipher mode, which might allow remote attackers to obtain portions of sensitive session data via unspecified vectors...
PYSEC-2012-1
Beaker before 1.6.4, when using PyCrypto to encrypt sessions, uses AES in ECB cipher mode, which might allow remote attackers to obtain portions of sensitive session data via unspecified vectors...
Code injection
Beaker before 1.6.4, when using PyCrypto to encrypt sessions, uses AES in ECB cipher mode, which might allow remote attackers to obtain portions of sensitive session data via unspecified vectors...
PYSEC-2012-1
Beaker before 1.6.4, when using PyCrypto to encrypt sessions, uses AES in ECB cipher mode, which might allow remote attackers to obtain portions of sensitive session data via unspecified vectors...
CVE-2012-3458
Beaker before 1.6.4, when using PyCrypto to encrypt sessions, uses AES in ECB cipher mode, which might allow remote attackers to obtain portions of sensitive session data via unspecified vectors...
CVE-2012-3458
CVE-2012-3458 affects Beaker prior to 1.6.4, where sessions encrypted with PyCrypto use AES in ECB mode. The ECB usage can allow remote attackers to obtain portions of sensitive session data via unspecified vectors. All connected sources corroborate that Beaker before 1.6.4 is vulnerable to this ...
CVE-2012-3458
Beaker before 1.6.4, when using PyCrypto to encrypt sessions, uses AES in ECB cipher mode, which might allow remote attackers to obtain portions of sensitive session data via unspecified vectors...
Debian DSA-2541-1 : beaker - information disclosure
It was discovered that Beaker, a cache and session library for Python, when using the python-crypto backend, is vulnerable to information disclosure due to a cryptographic weakness related to the use of the AES cipher in ECB mode. Systems that have the python-pycryptopp package should not be...
DSA-2541-1 beaker - information disclosure
Bulletin has no description...
Windows Gather McAfee ePO 4.6 Config SQL Credentials
This module extracts connection details and decrypts the saved password for the SQL database in use by a McAfee ePO 4.6 server. The passwords are stored in a config file. They are encrypted with AES-128-ECB and a static key. This module requires Metasploit: https://metasploit.com/download Current...
Windows Gather CoreFTP Saved Password Extraction
This module extracts saved passwords from the CoreFTP FTP client. These passwords are stored in the registry. They are encrypted with AES-128-ECB. This module extracts and decrypts these passwords. This module requires Metasploit: https://metasploit.com/download Current source:...
CVE-2006-4021
The cryptographic module in ScatterChat 1.0.x allows attackers to identify patterns in large numbers of messages by identifying collisions using a birthday attack on the custom padding mechanism for ECB mode encryption...
CVE-2006-4021
The cryptographic module in ScatterChat 1.0.x allows attackers to identify patterns in large numbers of messages by identifying collisions using a birthday attack on the custom padding mechanism for ECB mode encryption...
CVE-2006-4021
The CVE-2006-4021 issue affects ScatterChat 1.0.x. It concerns the cryptographic module where a custom padding mechanism used with ECB mode encryption allows attackers to identify patterns across large message sets via a birthday-attack on the padding scheme. Practically, this can reveal repeatin...
CVE-2002-1697
VTun ECB vulnerability (CVE-2002-1697) : The ECB mode used in VTun 2.0–2.5 produces identical ciphertext for identical plaintext blocks, enabling a remote attacker to potentially gain sensitive information. Affected products: VTun versions 2.0 through 2.5. Root cause: use of ECB encryption mode. ...
CVE-2002-1697
Electronic Code Book ECB mode in VTun 2.0 through 2.5 uses a weak encryption algorithm that produces the same ciphertext from the same plaintext blocks, which could allow remote attackers to gain sensitive information...