CVE-2020-35284

Flamingo aka FlamingoIM through 2020-09-29 allows ../ directory traversal because the only ostensibly unpredictable part of a file-transfer request is an MD5 computation; however, this computation occurs on the client side, and the computation details can be easily determined because the product'...

CVE-2020-26228

TYPO3 prior to versions 9.5.23 and 10.4.10 stores user session identifiers in cleartext (no extra cryptographic hashing). The issue cannot be exploited directly and requires a chained attack (e.g., SQL injection in another component). Affected software is TYPO3 CMS (PHP-based). The remediation is...

Tiandy IPC / NVR 9.12.7 Credential Disclosure

Exploit Title: Tiandy IPC and NVR 9.12.7 - Credential Disclosure Date: 2020-09-10 Exploit Author: zb3 Vendor Homepage: http://en.tiandy.com Product Link: http://en.tiandy.com/index.php?s=/home/product/index/category/products.html Software Link:...

Microsoft Security Advisory: Update for deprecation of MD5 hashing algorithm for Microsoft root certificate program: August 13, 2013

Microsoft Security Advisory: Update for deprecation of MD5 hashing algorithm for Microsoft root certificate program: August 13, 2013 INTRODUCTION Microsoft has released a Microsoft security advisory about this issue for IT professionals. The security advisory contains additional security-related...

Microsoft security advisory: Deprecation of SHA-1 hashing algorithm for Microsoft root certificate program: January 12, 2016

Microsoft security advisory: Deprecation of SHA-1 hashing algorithm for Microsoft root certificate program: January 12, 2016 Summary Microsoft has released a Microsoft security advisory about this issue for IT professionals. The security advisory contains additional security-related information. ...

CVE-2020-10601

VISAM VBASE Editor version 11.5.0.2 and VBASE Web-Remote Module allow weak hashing algorithm and insecure permissions which may allow a local attacker to bypass the password-protected mechanism through brute-force attacks, cracking techniques, or overwriting the password hash...

Design/Logic Flaw

VISAM VBASE Editor version 11.5.0.2 and VBASE Web-Remote Module allow weak hashing algorithm and insecure permissions which may allow a local attacker to bypass the password-protected mechanism through brute-force attacks, cracking techniques, or overwriting the password hash...

CVE-2020-10601

CVE-2020-10601 affects VISAM VBASE Editor (11.5.0.2) and VBASE Web-Remote Module. The root cause is a weak hashing algorithm and insecure permissions, enabling a local attacker to bypass the password‑protected mechanism via brute-force or by overwriting the password hash. Impact is local, allowin...

CVE-2020-10601

VISAM VBASE Editor version 11.5.0.2 and VBASE Web-Remote Module allow weak hashing algorithm and insecure permissions which may allow a local attacker to bypass the password-protected mechanism through brute-force attacks, cracking techniques, or overwriting the password hash...

Linux: Password hashing algorithm

The hashing algorithm can be set in following module: - pamunix: Module for traditional password authentication Use the sha512 option to enforce encryption with the SHA512 algorithm. If the SHA512 algorithm is not known to the crypt function, fall back to MD5. Copyright C 2020 Greenbone Networks...

XKCD Forum Hacked – Over 562,000 Users' Account Details Leaked

XKCD—one of the most popular webcomic platforms known for its geeky tech humor and other science-laden comic strips on romance, sarcasm, math, and language—has suffered a data breach exposing data of its forum users. The security breach occurred two months ago, according to security researcher Tr...

Hostinger Data Breach: 14M Customer Passwords, Personal Data at Risk

Web hosting company Hostinger is warning that a breach of one of its servers potentially gave bad actors access to the hashed passwords and personal data of more than 14 million customers. Hostinger, a popular web, cloud and virtual private server hosting provider and domain registrar with 29...

Computrols CBAS Insufficient Encryption Strength Vulnerability

CBAS Web is a Web-based building management system BMS from Computrols. Computrols CBAS Web suffers from an insufficient encryption strength vulnerability. The vulnerability stems from the fact that this application stores passwords in a database using MD5 hashes, and the MD5 algorithm is...

Improper Signature Validation

The GnuTLS library provides support for cryptographic algorithms and for protocols such as Transport Layer Security TLS. It was found that GnuTLS did not check activation and expiration dates of CA certificates. This could cause an application using GnuTLS to incorrectly accept a certificate as...

Improper Signature Validation

The GnuTLS library provides support for cryptographic algorithms and for protocols such as Transport Layer Security TLS. It was found that GnuTLS did not check activation and expiration dates of CA certificates. This could cause an application using GnuTLS to incorrectly accept a certificate as...

Cybersecurity Teardown: Understanding Hash Values

We just started a new series called “Cybersecurity Teardown.” In this series, we’ll be ripping apart ideas and attacks, then reassembling them with a Carbon Black mindset. Each idea or attack will be broken down into three phases: What, Why, and How. In this first entry, I wanted to call your...

CVE-2018-15796

Cloud Foundry Bits Service Release, versions prior to 2.14.0, uses an insecure hashing algorithm to sign URLs. A remote malicious user may obtain a signed URL and extract the signing key, allowing them complete read and write access to the the Bits Service storage...

CVE-2018-15796

The CVE-2018-15796 vulnerability affects Cloud Foundry Bits Service releases prior to 2.14.0, where an insecure hashing algorithm signs URLs. A remote attacker could obtain a signed URL and extract the signing key, gaining complete read/write access to the Bits Service storage. Mitigation: upgrad...

Wind River VxWorks Vulnerabilities

Overview A security researcher has identified two vulnerabilities affecting the Wind River Systems’ VxWorks platform. The vulnerabilities are a debug service enabled by default VU362332 and a weak hashing algorithm used in authentication VU840249. ICS-CERT has been coordinating with CERT/CC in...

CVE-2018-15124

Weak hashing algorithm in Zipato Zipabox Smart Home Controller BOARD REV - 1 with System Version -118 allows unauthenticated attacker extract clear text passwords and get root access on the device...