5468 matches found
Vulnerability fixed in Siemens WinCC, PCS 7 and Net PC products
Siemens has fixed a vulnerability in the products SIMATIC PCS 7, SIMATIC WinCC and SIMATIC NET PC. An unauthenticated malicious person with access to the network can exploit the vulnerability exploit to cause a denial-of-service when using encrypted connections are used. Siemens has released...
The vulnerability of the FortiSIEM security management system, related to the use of strictly encrypted credentials, allows attackers to enhance their privileges.
The vulnerability of the FortiSIEM security management system is related to the use of strictly encrypted user credentials for the “tunneluser” user. Exploiting this vulnerability could allow a malicious actor to increase their privileges remotely...
Google Chrome To Bar HTTP File Downloads
Google Chrome will soon restrict certain files, like PDFs or executables, from being downloaded via an HTTP connection, if they are loaded on HTTPS webpages. HTTPS indicates that a website has an encrypted connection. When connecting to an HTTP website, browsers merely look up the IP address and...
Security Bulletin: IBM Sterling B2B Integrator is Vulnerable to a Robot Security Vulnerability (CVE-2017-6168)
Summary IBM Sterling B2B Integrator is vulnerable to a robot security vulnerability. This could allow an attacker to obtain encrypted data in clear text. Vulnerability Details CVEID: CVE-2017-6168 DESCRIPTION: F5 BIG-IP virtual servers configured with a Client SSL profile could allow a remote...
PT-2020-1885 · Broadcom +2 · Broadcom Wi-Fi Chips +2
Name of the Vulnerable Software and Affected Versions: Broadcom and Cypress Wi-Fi chips affected versions not specified Description: The issue is related to errors in synchronization when using a shared resource in Wi-Fi chipsets from Broadcom. This can allow a remote attacker to gain unauthorize...
Nfstream - A Flexible Network Data Analysis Framework
nfstream is a Python package providing fast, flexible, and expressive data structures designed to make working with online or offline network data both easy and intuitive. It aims to be the fundamental high-level building block for doing practical, real world network data analysis in Python...
JVN#00014057: AWMS Mobile App vulnerable to improper server certificate verification
AWMS Mobile App is vulnerable to improper server certificate verification CWE-295. Impact A man-in-the-middle attack may allow an attacker to eavesdrop on an encrypted communication. Solution Update the Software Update to the latest version according to the information provided by the developer...
CVE-2013-1351
Verax NMS prior to 2.10 allows authentication via the encrypted password without knowing the cleartext password...
Design/Logic Flaw
Verax NMS prior to 2.10 allows authentication via the encrypted password without knowing the cleartext password...
CVE-2013-1351
Verax NMS prior to 2.10 allows authentication via the encrypted password without knowing the cleartext password...
CVE-2013-1351
CVE-2013-1351 affects all Verax NMS versions prior to 2.1.0. The vulnerability arises from a client-side RSA-based password encryption in the login flow (clientMain.swf) where private/public keys are hardcoded, allowing an attacker to capture and replay the encrypted password against the service....
Security Bulletin: IBM has announced a release for IBM Security Identity Governance and Intelligence in response to security vulnerability (CVE-2018-12404)
Summary IBM has announced a release for IBM Security Identity Governance and Intelligence IGI in response to security vulnerability. A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a variant of the Adaptive Chosen...
About the security content of macOS Catalina 10.15.3, Security Update 2020-001 Mojave, Security Update 2020-001 High Sierra
About the security content of macOS Catalina 10.15.3, Security Update 2020-001 Mojave, Security Update 2020-001 High Sierra This document describes the security content of macOS Catalina 10.15.3, Security Update 2020-001 Mojave, Security Update 2020-001 High Sierra. About Apple security updates F...
Apple Abandoned Plans for Encrypted iCloud Backup after FBI Complained
This is new from Reuters: More than two years ago, Apple told the FBI that it planned to offer users end-to-end encryption when storing their phone data on iCloud, according to one current and three former FBI officials and one current and one former Apple employee. Under that plan, primarily...
undertow: possible Denial Of Service (DOS) in Undertow HTTP server listening on HTTPS
A vulnerability was found in the Undertow HTTP server listening on HTTPS. An attacker can target the HTTPS port to carry out a Denial Of Service DOS to make the service unavailable on SSL...
Business-central: Encrypted password shown under Object id 7 of errai_security_context
A vulnerability was found in business-central where encoded passwords are stored in erraisecuritycontext. The encoding used for storing the passwords is Base64, not an encryption algorithm, and any recovery of these passwords could lead to user passwords being exposed...
The vulnerability of the etc/shadow microprogramming software components of Cisco RV320 and Cisco RV325 allows a hacker to elevate their privileges to the root level.
The vulnerability of the etc/shadow microprogramming software components in Cisco RV320 and Cisco RV325 routers is related to the use of strictly encrypted login credentials. Exploiting this vulnerability can allow a malicious actor, operating remotely, to elevate their privileges to the root lev...
Creditors Seek to Exhume the Body of a Dead Crypto Executive
Gerry Cotten took at least $137 million to the grave when he died without giving anyone the password to his encrypted laptop...
CVE-2019-8772
An issue existed in the handling of links in encrypted PDFs. This issue was addressed by adding a confirmation prompt. This issue is fixed in macOS Catalina 10.15. An attacker may be able to exfiltrate the contents of an encrypted PDF...
CVE-2019-8772
An issue existed in the handling of links in encrypted PDFs. This issue was addressed by adding a confirmation prompt. This issue is fixed in macOS Catalina 10.15. An attacker may be able to exfiltrate the contents of an encrypted PDF...