819 matches found
CVE-2001-0161
Cisco 340-series Aironet access point using firmware 11.01 does not use 6 of the 24 available IV bits for WEP encryption, which makes it easier for remote attackers to mount brute force attacks...
Secure Computing e.iD Authenticator for Palm 2.0 - PIN Brute Force
source: https://www.securityfocus.com/bid/2105/info Summary: An attacker that obtains access to the "sceiddb.pdb" file, part of Secure Computing's e.iD Authenticator for Palm, can determine the user's PIN. Problem Description: Secure Computing's SafeWord is a system of authentication services tha...
Passwords sent via SSH encrypted with RC4 can be easily cracked
Overview Passwords sent using SSH with RC4 encryption can be easily cracked by an attacker who is able to capture and replay the session. This problem occurs for three reasons: SSH sessions can be replayed, the RC4 encryption algorithm has some specific weaknesses, and the SSH daemon provides too...
Advisory CA-2000-18
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CERT Advisory CA-2000-18 PGP May Encrypt Data With Unauthorized ADKs Original release date: August 24, 2000 Last revised: -- Source: CERT/CC A complete revision history is at the end of this file. Systems Affected PGP versions 5.5.x through 6.5.3,...
CVE-2000-0487
The Protected Store in Windows 2000 does not properly select the strongest encryption when available, which causes it to use a default of 40-bit encryption instead of 56-bit DES encryption, aka the "Protected Store Key Length" vulnerability...
NT admin password change algorithms expose user plaintext passwords
eye-catching subject line, huh? well, under specific circumstances, unfortunately, it's true. as it's now early morning, i shall be reasonably brief. conditions required if using NTLMv1 LmCompatibilibyLevel=0: - NT admin runs USRMGR.EXE or SRVMGR.EXE and either adds a new user, workstation or...
CVE-2000-0487
The Protected Store in Windows 2000 does not properly select the strongest encryption when available, which causes it to use a default of 40-bit encryption instead of 56-bit DES encryption, aka the "Protected Store Key Length" vulnerability...
ISS SAVANT Advisory 00/26
Internet Security Systems SAVANT Windows 2000 Advisory No: 00/26 Dated: 10 May 2000 Platforms Affected: Windows 2000 Server Windows 2000 Professional Subject: Default configuration of SYSKEY permits compromise of Encrypting File System Summary: The Encrypting File System EFS permits files and...
CVE-2000-0275
CRYPTOCard CryptoAdmin for PalmOS uses weak encryption to store a user's PIN number, which allows an attacker with access to the .PDB file to generate valid PT-1 tokens after cracking the PIN...
Newsletter 35
RSA Web site defaced Amazon.com, eBay & CNN all targeted with DDoS President Clinton convenes meeting on internet security Infosec professionals like yourself can't afford to miss out on late breaking news, in-depth analysis, product reviews and more in each issue of Information Security Magazine...
Ipswitch IMail Server 5.0/5.0.5/5.0.6/5.0.7/5.0.8/6.0 - Weak Password Encryption
// source: https://www.securityfocus.com/bid/880/info IMail keeps the encrypted passwords for email accounts in a registry key, HKLM\SOFTWARE\Ipswitch\Imail\Domains\DomainName\Users\UserName, in a string value called "Password". The encryption scheme used is weak and has been broken. The followin...
afio.pgp.txt
Date: Fri, 11 Jun 1999 16:55:30 -0000 From: [email protected] To: [email protected] Subject: fwd SECURITY: afio: security hole in 'afio -P pgp' encrypted archives Hello, Just found it on comp.os.linux.announce. Sorry if it was already on the list. cezar -----BEGIN PGP SIGNED MESSAGE----- I belie...
lydia.passwd.txt
Yet Another password storing problem was: Re: Possible Netscape Yiorgos Adamopoulos [email protected] Fri, 19 Feb 1999 16:58:13 +0200 On Tue, Feb 16, 1999 at 01:02:08PM -0600, HD Moore wrote: The password is still in the registry after you close netscape, Now that we are talking about...
Ogopogo Autothenticate 1.1.5 - Weak Password Encryption
source: https://www.securityfocus.com/bid/552/info Autothenticate is an extension for MacOS that remembers usernames and passwords from visited websites, and atomatically enters them when the site is visited again. It can be configured to store the username and password, the username only, or...
Novell Netware 4.1/4.11 - SP5B Remote.NLM Weak Encryption
source: https://www.securityfocus.com/bid/482/info The encrypted passwords for Remote.NLM are remotely accessible to anyone with the ability to view SYS:System\LDRemote.NCF. The password encryption algorithm for Remote.NLM has been broken and can be decrypted with pencil and paper. The password...
Novell Netware 4.14.11 - SP5B Remote.NLM Weak Encryption
Novell Netware 4.14.11 - SP5B Remote.NLM Weak Encryption source: https://www.securityfocus.com/bid/482/info The encrypted passwords for Remote.NLM are remotely accessible to anyone with the ability to view SYS:System\LDRemote.NCF. The password encryption algorithm for Remote.NLM has been broken a...
CVE-1999-1556
Microsoft SQL Server 6.5 uses weak encryption for the password for the SQLExecutiveCmdExec account and stores it in an accessible portion of the registry, which could allow local users to gain privileges by reading and decrypting the CmdExecAccount value...
Allaire ColdFusion Server 4.0.1 - 'CFCRYPT.EXE' Decrypt Pages
/ source: https://www.securityfocus.com/bid/275/info A vulnerability in ColdFusion allows pages encrypted with the CFCRYPT.EXE utility to be decrypted. ColdFusion supports the ability to "encrypt" the CFML templates in an application or component, using the CFCRYPT.EXE utility, so they can be...
CVE-1999-1098
Vulnerability in BSD Telnet client with encryption and Kerberos 4 authentication allows remote attackers to decrypt the session via sniffing...