CVE-2002-2172

Informed 1 Designer and 2 Filler 3.05 does not zero out newly allocated disk blocks as an encrypted file grows in size, which may allow attackers to obtain sensitive information...

CVE-2002-1977

Network Associates PGP 7.0.4 and 7.1 does not time out according to the value set in the "Passphrase Cache" option, which could allow attackers to open encrypted files without providing a passphrase...

DEBIAN-CVE-2002-1318

Buffer overflow in samba 2.2.2 through 2.2.6 allows remote attackers to cause a denial of service and possibly execute arbitrary code via an encrypted password that causes the overflow during decryption in which a DOS codepage string is converted to a little-endian UCS2 unicode string...

CVE-2002-1318

Buffer overflow in samba 2.2.2 through 2.2.6 allows remote attackers to cause a denial of service and possibly execute arbitrary code via an encrypted password that causes the overflow during decryption in which a DOS codepage string is converted to a little-endian UCS2 unicode string...

CVE-2002-0994

SunPCi II VNC uses a weak authentication scheme, which allows remote attackers to obtain the VNC password by sniffing the random byte challenge, which is used as the key for encrypted communications...

CVE-2002-0994

SunPCi II VNC uses a weak authentication scheme, which allows remote attackers to obtain the VNC password by sniffing the random byte challenge, which is used as the key for encrypted communications...

CVE-2002-0788

An interaction between PGP 7.0.3 with the "wipe deleted files" option, when used on Windows Encrypted File System EFS, creates a cleartext temporary files that cannot be wiped or deleted due to strong permissions, which could allow certain local users or attackers with physical access to obtain...

CVE-2002-0790

clchkspuser and clpasswdremote in AIX expose an encrypted password in the cspoc.log file, which could allow local users to gain privileges...

PT-2002-1809 · Pgp +1 · Pgp +1

Name of the Vulnerable Software and Affected Versions: PGP version 7.0.3 Description: The issue arises from an interaction between PGP and the Windows Encrypted File System EFS when the "wipe deleted files" option is used. This interaction creates cleartext temporary files that cannot be wiped or...

CVE-2002-0197

Technical details (affected products, versions, vulnerabilities, exploitation) are not publicly provided in the connected documents. Monitor for updates.

CVE-2002-0570

The encrypted loop device in Linux kernel 2.4.10 and earlier does not authenticate the entity that is encrypting data, which allows local users to modify encrypted data without knowing the key...

NTFS and PGP interact to expose EFS encrypted data

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 NTFS and PGP interact to expose EFS encrypted data c 2002 Ry Jones, Airgap Networks. Summary: NTFS, a feature of Windows XP, supports an "encrypted" attribute. PGP 7.0.3 Freeware, a product of Network Associates, supports wiping files as they are...

CVE-2002-0202

CVE-2002-0202 affects PaintBBS 1.2. The vulnerability arises from insecure permissions on installed files/directories, enabling local users to access the encrypted server password via the world-readable oekakibbs.conf and to modify the server configuration through the world-writable /oekaki/ dire...

CVE-2001-1151

Affected product : Trend Micro OfficeScan Corporate Edition (Virus Buster Corporate Edition). Vulnerability : Remote disclosure of sensitive configuration data via unauthenticated access to /officescan/hotdownload, specifically reading the configuration file ofcscan.ini which contains a weakly en...

CVE-2001-0522

Format string vulnerability in Gnu Privacy Guard aka GnuPG or gpg 1.05 and earlier can allow an attacker to gain privileges via format strings in the original filename that is stored in an encrypted file...

Vulnerabilty in PaintBBS v1.2

PaintBBS Server v1.2 Advisory Author: John Bissell A.K.A. HighT1mes Vulnerable: PaintBBS Server Ver.1.2 Build 010514 Impact: PaintBBS Server 0wn3d Release Date: January, 22, 2002 Contact: [email protected] Vendor Homepage: http://www.ax.sakura.ne.jp/aotama/...

Вставка символов в шифрованные каналы psyBNC (protection bypass)

Зашифрованными считаются все строки начинающиеся с B...

psyBNC 2.3 Beta - encrypted text "spoofable" in others' irc terminal

BACKGROUND: psyBNC http://www.psychoid.lam3rz.de is an IRC bouncer with a variety of fantastic features. one of these features in encryption of irc text, with keys set on a per-channel basis. SUMMARY: someone call them person A in an irc channel where psyBNC users are chatting encrypted can...

FreeBSD-SA-02:02.pw

-----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-02:02 Security Advisory FreeBSD, Inc. Topic: pw8 race condition may allow disclosure of master.passwd Category: core Module: pw Announced: 2002-01-04 Credits: ryan beasley...

Проблемы с encrypted loop device под linux (data injection)

Данные предохраняются от несанкционированного доступа, но возможно несанкционированное добавление данных...