BIT-VAULT-2023-2197 Vault Enterprise Vulnerable to Padding Oracle Attacks When Using a CBC-based Encryption Mechanism with a HSM

HashiCorp Vault Enterprise 1.13.0 up to 1.13.1 is vulnerable to a padding oracle attack when using an HSM in conjunction with the CKMAESCBCPAD or CKMAESCBC encryption mechanisms. An attacker with privileges to modify storage and restart Vault may be able to intercept or modify cipher text in orde...

CVE-2023-2197

CVE-2023-2197 affects HashiCorp Vault Enterprise 1.13.0 to 1.13.1, where using an HSM with CBC-based encryption (CKM_AES_CBC_PAD or CKM_AES_CBC) enables a padding oracle condition. An attacker with storage-modification privileges and Vault restart capability could intercept or modify ciphertext t...

Design/Logic Flaw

The GridServer Broker, GridServer Driver, and GridServer Engine components of TIBCO Software Inc. TIBCO DataSynapse GridServer Manager contain vulnerabilities related to both the improper use of encryption mechanisms and the use of weak ciphers. A malicious actor could theoretically compromise th...

Book Review: Hacking Point of Sale, In-Depth Study on Payment Applications

Point-of-sale POS is the hottest topic in payment structures and its one of the most popular technology topics as well. A Point-of-sale POS machine is a computerized replacement for a cash register. It has ability to quickly process a customer's transaction, accurately keep the records, process...

Skype security advisory

Synopsis ======== The EADS/CRC security team discovered a flaw in Skype client. Skype is a P2P VoIP software that can bypass firewalls and NAT to connect to the Skype network. Skype is very popular because of its sound quality and ease of use. Skype client is available for Windows, Linux, Mac OS ...