274 matches found
CVE-2020-23250
GigaVUE-OS GVOS 5.4 - 5.9 uses a weak algorithm for a hash stored in internal database...
Code injection
GigaVUE-OS GVOS 5.4 - 5.9 uses a weak algorithm for a hash stored in internal database...
Mcafee Database Security Server 和 Sensor 加密问题漏洞
Mcafee Database Security Server and Mcafee Database Security sensor are both products of Mcafee Corporation, China.Mcafee Database Security Server is a database security software. Mcafee Database Security Server is a database security software that provides users with an overall view of the...
CVE-2020-27693
CVE-2020-27693 affects Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1. The vulnerability is that administrative passwords are stored using an outdated hash. Public details in connected sources include an SEC Consult advisory listing IMSVA vulnerability data with vulnerable...
USN-4516-1 gnupg2 vulnerability
It was discovered that GnuPG signatures could be forged when the SHA-1 algorithm is being used. This update removes validating signatures based on SHA-1 that were generated after 2019-01-19. In environments where this is still required, a new option --allow-weak-key-signatures can be used to reve...
Microsoft Windows/Windows Server Information Disclosure Vulnerability (CNVD-2021-63323)
Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation, an operating system for personal devices, and Microsoft Windows Server is a server operating system. Microsoft Windows/Windows Server has an information disclosure vulnerability that stems from the use of a...
Baselining PassGAN: Adventures in the rhubarb
Cracking is a complex topic full of misunderstandings, confusing terminology and weird people. This blog post is front-loaded with some terminology, some explanations, and maybe some apologies. Password cracking: This is fundamentally one thing: guessing. Were not reversing, or talking to spirits...
OpenSSH now supports FIDO U2F security keys for 2-factor authentication
Here's excellent news for sysadmins. You can now use a physical security key as hardware-based two-factor authentication to securely log into a remote system via SSH protocol. OpenSSH, one of the most widely used open-source implementations of the Secure Shell SSH Protocol, yesterday announced th...
CVE-2020-5229
Opencast before 8.1 stores passwords using the rather outdated and cryptographically insecure MD5 hash algorithm. Furthermore, the hashes are salted using the username instead of a random salt, causing hashes for users with the same username and password to collide which is problematic especially...
CVE-2020-5229
Opencast CVE-2020-5229 concerns weak password hashing: previous releases stored passwords with MD5 salted by username, causing vulnerability where attacker with DB access could attempt password cracking. Opencast 8.1 switched to bcrypt, but legacy MD5 hashes remain until passwords are updated. Af...
UBUNTU-CVE-2019-16370
The PGP signing plugin in Gradle before 6.0 relies on the SHA-1 algorithm, which might allow an attacker to replace an artifact with a different one that has the same SHA-1 message digest, a related issue to CVE-2005-4900...
Check Point Gaia Operating System Administrator password truncation (sk155172)
The remote host is running a version of the Gaia Operating System which is affected by a vulnerability. Administrators who set their password while firmware R77.20.85, R77.20.86 or R77.20.87 Build 990172921 were installed can authenticate to the SMB appliance using only the first 8 characters. Th...
CVE-2019-11841
A message-forgery issue was discovered in crypto/openpgp/clearsign/clearsign.go in supplementary Go cryptography libraries 2019-03-25. According to the OpenPGP Message Format specification in RFC 4880 chapter 7, a cleartext signed message can contain one or more optional "Hash" Armor Headers. The...
Unauthorized Modification
Java SE and Java SE Embedded are vulnerable to unauthenticated modification attacks. An unauthenticated attacker can exploit a flaw in the Security component of OpenJDK which does not allow users to restrict the set of algorithms allowed for Jar integrity verification allowing an attacker to modi...
Cisco ASR 9000 Series Aggregation Services Routers ACL Bypass Vulnerability
A vulnerability in the TCP flags inspection feature for access control lists ACLs on Cisco ASR 9000 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to bypass protection offered by a configured ACL on an affected device. The vulnerability is due to incorrect...
Denial Of Service (DoS)
gnutls is vulnerable to denial of service DoS attacks. The vulnerability exists as the gnutlsx509oid2macalgorithm function in lib/gnutlsalgorithms.c allows remote attackers to cause a denial of service through a crafted X.509 certificate that uses a hash algorithm that is not supported by GnuTLS,...
kernel: HMAC implementation does not validate that the underlying cryptographic hash algorithm is unkeyed allowing local attackers to cause denial-of-service
The HMAC implementation crypto/hmac.c in the Linux kernel, before 4.14.8, does not validate that the underlying cryptographic hash algorithm is unkeyed. This allows a local attacker, able to use the AFALG-based hash interface CONFIGCRYPTOUSERAPIHASH and the SHA-3 hash algorithm CONFIGCRYPTOSHA3, ...
bouncycastle: BKS-V1 keystore files vulnerable to trivial hash collisions
A flaw involving a risky cryptographic algorithm was found in Bouncycastle. BKS-V1 contained a design flaw resulting from using the SHA-1 hash function, as it contains a 16-bit MAC key size and a 160-bit SHA-1 hash function. This flaw allows an attacker to brute force the password due to the...
Security Bulletin: Vulnerability in IBM Java SDK affects Rational Functional Tester (CVE-2016-5542)
Summary If a JAR file is signed with old, weak hash algorithms, the class files within it can be modified without the change being caught. This potentially enables attackers to inject malicious code into signed code from a trusted third party. Vulnerability Details CVEID: CVE-2016-5542 DESCRIPTIO...
EulerOS Virtualization 2.5.0 : kernel (EulerOS-SA-2018-1232)
According to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - The Salsa20 encryption algorithm in the Linux kernel before 4.14.8 does not correctly handle zero-length inputs, allowing a local...