CoreDNS TSIG authentication bypass on encrypted DNS transports

...

CVE-2026-33190

CoreDNS TSIG authentication bypass vulnerability (CVE-2026-33190) affects versions prior to 1.14.3 on non-plain-DNS transports. The tsig plugin trusts the transport writer’s TsigStatus() instead of verifying TSIG itself, causing unauthenticated remote access over DoT, DoH, DoH3, DoQ, and gRPC. Do...

CVE-2026-33190 CoreDNS TSIG authentication bypass on encrypted DNS transports

CoreDNS is a DNS server that chains plugins. In versions prior to 1.14.3, the tsig plugin can be bypassed on non-plain-DNS transports DoT, DoH, DoH3, DoQ, and gRPC because it trusts the transport writer's TsigStatus instead of performing verification itself. The DoH and DoH3 writer's TsigStatus...

Astra Linux - уязвимость в firefox

In certain cases, SNI could be sent unencrypted even when encrypted DNS was enabled. This vulnerability was fixed in Firefox 139 and Thunderbird 139...

SUSE CVE-2025-5270

In certain cases, SNI could have been sent unencrypted even when encrypted DNS was enabled. This vulnerability was fixed in Firefox 139 and Thunderbird 139...

CVE-2025-5270

In certain cases, SNI could have been sent unencrypted even when encrypted DNS was enabled. This vulnerability was fixed in Firefox 139 and Thunderbird 139...

UBUNTU-CVE-2025-5270

In certain cases, SNI could have been sent unencrypted even when encrypted DNS was enabled. This vulnerability was fixed in Firefox 139 and Thunderbird 139...

CVE-2025-5270 SNI was sometimes unencrypted

In certain cases, SNI could have been sent unencrypted even when encrypted DNS was enabled. This vulnerability was fixed in Firefox 139 and Thunderbird 139...

CVE-2025-5270

CVE-2025-5270 concerns Mozilla Firefox and Thunderbird where SNI could be sent unencrypted even when encrypted DNS is enabled. Affected products are Firefox versions earlier than 139 and Thunderbird versions earlier than 139. The vulnerability’s impact includes potential disclosure of sensitive i...

PT-2025-22995

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 139 Description The issue arises when SNI Server Name Indication could be sent unencrypted despite having encrypted DNS enabled. This affects Firefox, potentially exposing user data. Recommendations For versions prior...

Mozilla Firefox < 139.0

The version of Firefox installed on the remote Windows host is prior to 139.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2025-42 advisory. - Memory safety bugs present in Firefox 138, Thunderbird 138, Firefox ESR 128.10, and Thunderbird 128.10. Some of these...

Firefox -- unencrypted SNI

[email protected] reports: In certain cases, SNI could have been sent unencrypted even when encrypted DNS was enabled...

New Generative AI category added to Talos reputation services

Cisco Talos is preparing to release the first in a series of changes to our Web Categorization system, which is designed to simplify the verbiage we use. In mid-June, were adding a new "Generative AI" category that will apply to certain websites. The "Content Category" appears whenever a user...

It’s always DNS, here’s why…

Introduction Theres an old adage in network and Internet support: When something breaks in any network "it was DNS". Sadly its usually true. …or at least it is when you have certain timeouts, or when a company you used to work for moves from the stable Unix based DNS to a Windows based one and th...

[SECURITY] Fedora 36 Update: dnscrypt-proxy-2.1.1-5.fc36

A flexible DNS proxy, with support for modern encrypted DNS protocols such as DNSCrypt v2 and DNS-over-HTTP/2. Features: - DNS traffic encryption and authentication. Supports DNS-over-HTTPS DoH and DNSCrypt. - DNSSEC compatible - DNS query monitoring, with separate log files for regular and...

NSA Releases Guidance on Encrypted DNS in Enterprise Environments  

The National Security Agency NSA has released an information sheet with guidance on adopting encrypted Domain Name System DNS over Hypertext Transfer Protocol over Transport Layer Security HTTPS, referred to as DNS over HTTPS DoH. When configured appropriately, strong enterprise DNS controls can...

Simplifying the ISP Transition to DNS Encryption

New protocols to encrypt DNS traffic, DNS over HTTPS DoH and DNS over TLS DoT, have been a visible Internet topic for the past two years. Akamai participated in the definition of DoH/DoT standards and recently released support in the high-performance CacheServe resolver. Major features include:...

Google to Experiment 'DNS over HTTPS' (DoH) Feature in Chrome 78

Immediately after Mozilla announced its plan to soon enable 'DNS over HTTPS ' DoH by default for Firefox users in the United States, Google today says it is planning an experiment with the privacy-focused technology in its upcoming Chrome 78. Under development since 2017, 'DNS over HTTPS' perform...