CVE-2006-7239

The gnutlsx509oid2macalgorithm function in lib/gnutlsalgorithms.c in GnuTLS before 1.4.2 allows remote attackers to cause a denial of service crash via a crafted X.509 certificate that uses a hash algorithm that is not supported by GnuTLS, which triggers a NULL pointer dereference...

PT-2010-1227 · Gnu · Gnutls

Name of the Vulnerable Software and Affected Versions: GnuTLS versions prior to 1.4.2 Description: The issue allows remote attackers to cause a denial of service crash via a crafted X.509 certificate that uses a hash algorithm not supported by GnuTLS, triggering a NULL pointer dereference in the...

CentOS 5 : openssl (CESA-2010:0054)

Updated openssl packages that fix two security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. OpenSSL is a toolkit that implements the Secure Sockets Layer SSL v2/v3 and Transport Layer...

How to generate Rainbow table-vulnerability warning-the black bar safety net

In a technical Forum accidentally saw a rainbow table download, under a few days of md5 Rainbow tables discover the number of seeds is too little, and the mainstream of the rainbow table is 100G or more online search all over again after the only think you can generate your own. Why bother to...

OpenSSL: Multiple vulnerabilities

Background OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer SSL v2/v3 and Transport Layer Security TLS v1 as well as a general purpose cryptography library. Description Multiple vulnerabilities have been reported in OpenSSL: Marsh Ray of PhoneFactor and Martin Rex of SAP...

deprecate MD2 in SSL cert validation (Kaminsky)

The Network Security Services NSS library before 3.12.3, as used in Firefox; GnuTLS before 2.6.4 and 2.7.4; OpenSSL 0.9.8 through 0.9.8k; and other products support MD2 with X.509 certificates, which might allow remote attackers to spoof certificates by using MD2 design flaws to generate a hash...

With GetHashes software get Windows System Hash password value-the value of vulnerability and early warning-the black bar safety net

For an intruder, get the Windows password is the entire attack process is crucial to a ring, have the system the original user password, will enable the network to penetrate and keep control more easily. Windows System Hash password values with LM-HASH and a NTLM-HASH value of the two parts, once...

CVE-2008-3288

The Server Authentication Module in EMC Dantz Retrospect Backup Server 7.5.508 uses a "weak hash algorithm," which makes it easier for context-dependent attackers to recover passwords...

Authentication flaw

The Server Authentication Module in EMC Dantz Retrospect Backup Server 7.5.508 uses a "weak hash algorithm," which makes it easier for context-dependent attackers to recover passwords...

CVE-2008-3288

The Server Authentication Module in EMC Dantz Retrospect Backup Server 7.5.508 uses a "weak hash algorithm," which makes it easier for context-dependent attackers to recover passwords...

CVE-2008-3288

The CVE-2008-3288 entry documents that the Server Authentication Module in EMC Dantz Retrospect Backup Server 7.5.508 uses a weak hash algorithm for password hashing, enabling context-dependent attackers to recover passwords. This is a network-vector issue with partial confidentiality impact and ...

PT-2005-1108

Name of the Vulnerable Software and Affected Versions SHA-1 affected versions not specified Description The issue is related to the SHA-1 algorithm not being collision resistant, making it easier for attackers to conduct spoofing attacks. This has been demonstrated by attacks on the use of SHA-1 ...

OpenSSH & S/Key information leakage

FIRST: Neither of these information leakage issues is a security bug in itself. Both S/Key and OpenSSH are secure even with this issue. However, this information leakage may assist a hostile attacker. General S/Key Information Leakage: As is commonly known, the S/Key and OPIE one-time password...

sawmill5.0.21 old path bug & weak hash algorithm

Aleph1, Greetings, I did not see this in the archives so I figured I would forward it on. Vendor: Notified. Link: http://www.flowerfire.com/sawmill SawMill is a site log statistics package for UNIX, Windows and MacOS. I have been evaluating it under Linux. In my test configuration I have sawmill...