The vulnerability of the CmtViewer application for controlling programmable panels stems from the use of a less secure encryption algorithm, allowing an intruder to obtain the password.

The vulnerability of the CmtViewer application for controlling programmable panels is related to the use of a less secure encryption algorithm. Exploiting this vulnerability could allow an attacker to obtain the password through brute-force hashing...

IBM Cloud Pak for Security Weak Encryption Algorithm Vulnerability

IBM Cloud Pak for Security is an integrated security tool that uses a unified interface to provide deep insight into threats in hybrid multi-cloud environments. A weak cryptographic algorithm vulnerability exists in IBM Cloud Pak for Security 1.3.0.1. The vulnerability stems from the product usin...

CVE-2020-29063

An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, 97042P, 97084P, 97168P, FD1002S, FD1104, FD1104B, FD1104S, FD1104SN, FD1108S, FD1204S-R2, FD1204SN, FD1204SN-R2, FD1208S-R2, FD1216S-R1, FD1608GS, FD1608SN, FD1616GS, FD1616SN, and FD8000 devices. ...

Design/Logic Flaw

FusionCompute versions 8.0.0 have an insecure encryption algorithm vulnerability. Attackers with high permissions can exploit this vulnerability to cause information leak...

CVE-2020-9128

FusionCompute versions 8.0.0 have an insecure encryption algorithm vulnerability. Attackers with high permissions can exploit this vulnerability to cause information leak...

CVE-2020-11031

CVE-2020-11031 affects GLPI prior to 9.5.0 where the encryption algorithm is insecure and data security relies on user-chosen password strength. An attacker could decrypt data if a weak/predictable password is used. The issue is addressed in GLPI 9.5.0 by switching to a more secure library (sodiu...

Design/Logic Flaw

A ZTE product is impacted by the cryptographic issues vulnerability. The encryption algorithm is not properly used, so remote attackers could use this vulnerability for account credential enumeration attack or brute-force attack for password guessing. This affects: ZXIPTV, ZXIPTV-WEB-PV5.09.08.04...

CVE-2020-6874

Technical details (affected products, root cause, exact vulnerable component, and fixes) are not publicly provided in the connected documents. Monitor for updates from vendors/authorities.

CVE-2020-8912

A vulnerability in the in-band key negotiation exists in the AWS S3 Crypto SDK for GoLang versions prior to V2. An attacker with write access to the targeted bucket can change the encryption algorithm of an object in the bucket, which can then allow them to change AES-GCM to AES-CTR. Using this i...

Authentication flaw

A vulnerability in the in-band key negotiation exists in the AWS S3 Crypto SDK for GoLang versions prior to V2. An attacker with write access to the targeted bucket can change the encryption algorithm of an object in the bucket, which can then allow them to change AES-GCM to AES-CTR. Using this i...

CVE-2020-8912 In-band key negotiation issue in AWS S3 Crypto SDK for GoLang

A vulnerability in the in-band key negotiation exists in the AWS S3 Crypto SDK for GoLang versions prior to V2. An attacker with write access to the targeted bucket can change the encryption algorithm of an object in the bucket, which can then allow them to change AES-GCM to AES-CTR. Using this i...

PT-2020-20365 · Amazon Web Services · Aws S3 Crypto Sdk For Golang

Name of the Vulnerable Software and Affected Versions: AWS S3 Crypto SDK for GoLang versions prior to V2 Description: A vulnerability exists in the in-band key negotiation of the AWS S3 Crypto SDK for GoLang. An attacker with write access to the targeted bucket can change the encryption algorithm...

NETGEAR R6700 Encryption Issues Vulnerabilities

The NETGEAR R6700 is a wireless router from NETGEAR. A cryptographic issue vulnerability exists in the encryption of the firmware update image in the NETGEAR R6700 V1.0.4.8410.0.58 release, which stems from an incorrect encryption algorithm. An attacker could exploit this vulnerability among othe...

CDATA OLTs Backdoor / Privilege Escalation / Information Disclosure Vulnerabilities

Various CDATA OLTs suffer from backdoor access with telnet, credential leaks, shell escape with root privileges, denial of service, and weak encryption algorithm vulnerabilities. Advisory Information Title: Multiple vulnerabilities found in CDATA OLTs Advisory URL:...

Web skimming with Google Analytics

Web skimming is a common class of attacks generally aimed at online shoppers. The principle is quite simple: malicious code is injected into the compromised site, which collects and sends user-entered data to a cybercriminal resource. If the attack is successful, the cybercriminals gain access to...

(0Day) (Pwn2Own) NETGEAR R6700 check_ra Use of a Broken or Risky Cryptographic Algorithm Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the encryption of firmware update images. The issue results from the use...

freerdp: Out-of-bounds write in crypto_rsa_common in libfreerdp/crypto/crypto.c

An issue was found in freerdp's libfreerdp/crypto/crypto.c, in versions before 2.1.1, where buffer access with an incorrect length value, leads to an out-of-bounds write. This flaw allows a remote, unauthenticated, attacker running an RDP server, or a local attacker, using a specially crafted...

Huawei Data Communication: Configuring OSPF Authentication

OSP authentication is configured to prevent attackers from attempting to use control plane protocols to destroy entries on which forwarding depends, such as routes. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C b...

Huawei Data Communication: Deploying IS-IS Authentication

IS-IS authentication is deployed to prevent attackers from attempting to use the control plane protocol to destroy entries on which forwarding depends, such as routes. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright ...

Variant of Paradise Ransomware Targets Office IQY Files

A new variant of the Paradise ransomware attacks rarely-targeted Microsoft Office Excel IQY files, providing a new and relatively inobtrusive way to infiltrate and hijack an organization’s network, researchers have found. Lastline Labs’ James Haughom discovered the variant in December in a spam...