48 matches found
CVE-2020-8150
A cryptographic issue in Nextcloud Server 19.0.1 allowed an attacker to downgrade the encryption scheme and break the integrity of encrypted files...
Design/Logic Flaw
A cryptographic issue in Nextcloud Server 19.0.1 allowed an attacker to downgrade the encryption scheme and break the integrity of encrypted files...
CVE-2020-8150
CVE-2020-8150 relates to Nextcloud Server 19.0.1 and describes a cryptographic downgrade where an attacker can degrade the encryption scheme and break the integrity of encrypted files. Public docs indicate this vulnerability affects Nextcloud Server 19.0.1 and is discussed in the NC-SA-2020-039 a...
CVE-2020-8150
A cryptographic issue in Nextcloud Server 19.0.1 allowed an attacker to downgrade the encryption scheme and break the integrity of encrypted files...
Downgrade encryption scheme and break integrity through known-plaintext attack (NC-SA-2020-039)
A cryptographic issue in Nextcloud Server 19.0.1 allowed an attacker to downgrade the encryption scheme and break the integrity of encrypted files...
Information disclosure
Cryptocat before 2.0.22 has Multiparty Encryption Scheme Information Disclosure...
GHSA-2J2X-HX4G-2GF4 In Bouncy Castle JCE Provider the DHIES implementation allowed the use of ECB mode
In the Bouncy Castle JCE Provider version 1.55 and earlier the DHIES implementation allowed the use of ECB mode. This mode is regarded as unsafe and support for it has been removed from the provider...
Ryuk Ransomware Emerges in Highly Targeted, Highly Lucrative Campaign
A targeted new ransomware has burst on the scene, attacking well-chosen, targeted organizations worldwide with a highly sophisticated operation that may be linked to a well-known APT actor. Over the past two weeks, the Ryuk ransomware has encrypted hundreds of PCs, storage and data centers in eac...
DEBIAN-CVE-2016-1000345
In the Bouncy Castle JCE Provider version 1.55 and earlier the DHIES/ECIES CBC mode vulnerable to padding oracle attack. For BC 1.55 and older, in an environment where timings can be easily observed, it is possible with enough observations to identify when the decryption is failing due to padding...
IEEE P1735 Cryptographic Issue Vulnerability (CNVD-2017-33396)
IEEE P1735 is a standard dedicated to encrypting the intellectual property of electronic designs. The implementation of IEEE P1735 is vulnerable to a cryptographic issue. An attacker could exploit this vulnerability to change the encryption key and inject a hardware Trojan horse into arbitrary...
Barracuda WAF V360 Firmware 8.0.1.014 Credential Disclosure Vulnerability
Firmware reversing of the Barracuda Web Application Firewall uncovered development artifacts that should have been removed on the production images. Once the encryption scheme was broken, many QA and development tools were discovered on the affected partitions. Some of these contained sensitive...
New Version of TeslaCrypt Changes Encryption Scheme
A new version of the nasty TeslaCrypt ransomware is making the rounds, and the creators have added several new features, including an improved encryption scheme and some details designed to mimic CryptoWall. TeslaCrypt is among the more recent variants of ransomware to emerge and the malware, whi...
ArGoSoft FTP Server 1.2.2 .2 Weak Password Encryption Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/3029/info ArGoSoft FTP server is an FTP server for the Windows platform. A design error exists in ArGoSoft FTP which enables an authenticated user to view other users encrypted passwords. However due to a weak encryption...
New Platform Protects Data From Arbitrary Server Compromises
Researchers are in the midst of rolling out a secure new platform for building web applications that can protect confidential data from being stolen in the event attackers gain full access to servers. The platform, Mylar, is the result of a project spearheaded by students at the Massachusetts...
Apple Updates iOS Security Guide
Apple rarely offers anyone a glimpse inside its walled-off security garden. The last time it did was in the spring of 2012 when it released a detailed paper on the security of its iOS operating system for iPhones and iPads. The company also presented a much-anticipated if not anticlimactic...
Microsoft to Roll Out Encrypted Message Service for Office 365
Encryption, once a tool used mainly by security professionals, activists and others with reason to suspect their communications may be at risk, has been moving ever deeper into the mainstream in recent months. Now, Microsoft is planning to roll out a new encrypted email service on its Office 365...
Cryptolocker Ransomware makes different Bitcoin wallet for each victim
When you're online, you expose your vulnerability to malicious virus that have been growing in virulence and ferocity over the last few years. Among home PC users, you may think that you protected from malicious software by Installing an effective, trusted antivirus solution, but most if the...
NETGEAR WNR1000 - Authentication Bypass
NETGEAR WNR1000 - Authentication Bypass Authentication bypass on Netgear WNR1000 ======================================== ADVISORY INFORMATION Title: Authentication bypass on Netgear WNR1000 Discovery date: 10/11/2012 Release date: 29/03/2013 Credits: Roberto Paleari [email protected], twitter:...
Netgear WNR1000 - Authentication Bypass
Exploit for hardware platform in category web applications The web server running on the affected devices is subject to an authentication bypass issue that allows attacker to gain administrative access, circumventing existing authentication mechanisms. Strictly speaking, the web server skips...
CVE-2005-0809
NotifyLink, when configured for client key retrieval, allows remote attackers to obtain AES keys via a direct request to /hwp/get.asp, then uses a weak encryption scheme fixed byte reordering to protect the key, which allows remote attackers to obtain the key via a brute force attack...