Security Bulletin: Multiple vulnerabilities in Java affect the IBM FlashSystem 900 (CVEs 2015-0204, 2015-0488, and 2015-1916)

Summary There are multiple vulnerabilities in IBM SDK Java Technology Edition version that is used by the IBM FlashSystem 900. These issues were disclosed as part of the IBM SDK, Java Technology Edition Quarterly CPU - April 2015. A man-in-the-middle exploit of one of these vulnerabilities could...

Security Bulletin: Vulnerability with RSA Export Keys may affect IBM WebSphere Application Server shipped with IBM Tivoli Network Performance Manager (CVE-2015-0138)

Summary The “FREAK: Factoring Attack on RSA-EXPORT keys" TLS/SSL client and server vulnerability CVE-2015-0138 may affect some configurations of IBM WebSphere Application Server Full Profile shipped with IBM Tivoli Network Performance Manager Vulnerability Details CVEID: CVE-2015-0138 DESCRIPTION...

Security Bulletin: Vulnerability in IBM Java SDK affects Rational Insight (CVE-2015-0138)

Summary The “FREAK: Factoring Attack on RSA-EXPORT keys" TLS/SSL client and server vulnerability affects IBM® SDK Java™ Technology Edition, Version 6 that is used by Rational Insight. Vulnerability Details CVEID: CVE-2015-0138 DESCRIPTION: A vulnerability in various IBM SSL/TLS implementations...

Security Bulletin: Vulnerabilities in IBM SDK Java Technology Edition, Versions 1.6 and 1.7, affect IBM SPSS Analytic Server (CVE-2015-0138)

Summary The “FREAK: Factoring Attack on RSA-EXPORT keys" TLS/SSL client and server vulnerability affects IBM® SDK Java™ Technology Edition, Version 1.6 and 1.7, that is used by IBM SPSS Analytic Server. Vulnerability Details CVEID: CVE-2015-0138 DESCRIPTION : A vulnerability in various IBM SSL/TL...

Security Bulletin: A security vulnerability has been identified in WebSphere Application Server shipped with IBM Business Monitor (CVE-2015-0138)

Summary WebSphere Application Server is shipped as a component of IBM Business Monitor. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin. Vulnerability Details CVEID: CVE-2015-0138 DESCRIPTION: A vulnerability in various I...

Security Bulletin: Vulnerability in IBM WebSphere Application Server affects IBM MQ Light (CVE-2015-0138)

Summary The “FREAK: Factoring Attack on RSA-EXPORT keys" TLS/SSL client and server vulnerability affects IBM WebSphere Application Server Liberty Profile Version 8.5.5 that is used by IBM MQ Light. Vulnerability Details CVEID: CVE-2015-0138 DESCRIPTION: A vulnerability in various IBM SSL/TLS...

Security Bulletin: Vulnerability with RSA Export Keys may affect IBM WebSphere Application Server (CVE-2015-0138)

Summary The “FREAK: Factoring Attack on RSA-EXPORT keys" TLS/SSL client and server vulnerability CVE-2015-0138 may affect some configurations of IBM WebSphere Application Server Full Profile, IBM WebSphere Application Server Liberty Profile, and IBM WebSphere Application Server Hypervisor Edition...

Brute Force Decryption

OpenSSL is vulnerable to brute-force decryption attacks and RSA-to-EXPORTRSA downgrade attacks. These attacks are possible through the ssl3getkeyexchange function which offers a weak ephemeral RSA key in a noncompliant role, related to the "FREAK" issue...

CVE-2015-0204

The ssl3getkeyexchange function in s3clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct RSA-to-EXPORTRSA downgrade attacks and facilitate brute-force decryption by offering a weak ephemeral RSA key in a noncompliant role, related to...

[TCHead] TrueCrypt Password Cracking Tool

TCHead is software that decrypts and verifies TrueCrypt headers. TCHead supports all the current hashes, individual ciphers, standard volume headers, hidden volume headers and system drive encrypted headers preboot authentication. Brute-force TrueCrypt : However, TrueCrypt passwords go through ma...