SSL Certificate Signed Using Weak Hashing Algorithm (Known CA)

The remote service uses a known CA certificate in the SSL certificate chain that has been signed using a cryptographically weak hashing algorithm e.g., MD2, MD4, MD5, or SHA1. These signature algorithms are known to be vulnerable to collision attacks CVE-2004-2761, for example. An attacker can...

Uber: Authentication Issue for easter egg on bonjour.uber.com

This probably ok, almost definitely is just informative but thought I would throw it out here anyways. : bonjour.uber.com hosts an easter egg view source and scroll down where the passcode is insecurely stored as a javascript variable. The source for the easter egg is: html //error easter egg -...

TLS Certificate Signed Using Weak Hashing Algorithm - MD5

Binary data 7201.pasl...

TLS Certificate Signed Using Weak Hashing Algorithm - SHA-1

Binary data 7200.pasl...

MS KB3123479: Deprecation of SHA-1 Hashing Algorithm for Microsoft Root Certificate Program

The remote Windows host is missing Microsoft KB3123479, an update that restricts the use of certificates with SHA1 hashes, this restriction being limited to certificates issued under roots in the Microsoft root certificate program. This update increases the difficulty of carrying out some spoofin...

Siemens SIMATIC STEP 7 TIA Portal Vulnerabilities

OVERVIEW Aleksandr Timorin from Positive Technologies has identified authentication vulnerabilities in the Siemens SIMATIC STEP 7 TIA Portal application. Siemens has produced a service pack that mitigates these vulnerabilities. AFFECTED PRODUCTS The following Siemens products are affected: SIMATI...

Password Cracking Group Decodes 11 Million Ashley Madison Passwords

A San Diego-based password cracking group has taken a big step towards deciphering some of the 36 million odd passwords leaked in last month’s Ashley Madison breach, a move that could quickly lead to the widespread hacking of any users who used the same password on other services. Hackers had...

Amazon Linux AMI : gnutls (ALAS-2015-575)

It was found that GnuTLS did not check activation and expiration dates of CA certificates. This could cause an application using GnuTLS to incorrectly accept a certificate as valid when its issuing CA is already expired. CVE-2014-8155 It was found that GnuTLS did not verify whether a hashing...

Medium: gnutls

Issue Overview: It was found that GnuTLS did not check activation and expiration dates of CA certificates. This could cause an application using GnuTLS to incorrectly accept a certificate as valid when its issuing CA is already expired. CVE-2014-8155 It was found that GnuTLS did not verify whethe...

Scientific Linux Security Update : gnutls on SL6.x i386/x86_64 (20150722)

It was found that GnuTLS did not check activation and expiration dates of CA certificates. This could cause an application using GnuTLS to incorrectly accept a certificate as valid when its issuing CA is already expired. CVE-2014-8155 It was found that GnuTLS did not verify whether a hashing...

CentOS 6 : gnutls (CESA-2015:1457)

Updated gnutls packages that fix three security issues and one bug are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are...

gnutls security update

CentOS Errata and Security Advisory CESA-2015:1457 Updated gnutls packages that fix three security issues and one bug are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base...

Moderate: Red Hat Security Advisory: gnutls security and bug fix update

Updated gnutls packages that fix three security issues and one bug are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are...

QSSL QNX 4.25 A crypt() Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/1114/info A design error in the operation of the crypt3 function exists in QNX, from QNX System Software, Limited QSSL. The flaw allows the recovery of passwords from the hashes. On most Unix variants, crypt3 is based on ...

Schneider Electric SCADA Expert ClearSCADA Vulnerabilities (Update A)

OVERVIEW This updated advisory is a follow-up to the original advisory titled ICSA-14-259-01 Schneider Electric SCADA Expert ClearSCADA Vulnerabilities that was published September 16, 2014, on the NCCIC/ICS-CERT web site. Independent researcher Aditya Sood has identified a weak hashing algorithm...

eBay Password Database Hack Raises Questions

As is the case with most high-profile data breaches, despite an initial disclosure of information, more questions are inevitable. The eBay password database hack is a prime example. Inquiring minds still want to know more about how the stolen passwords are secured and why the online auction house...

json-c security vulnerabilities

Buffer overflow, weak hashing algorithm...

Null pointer dereference

A certain hashing algorithm in Telepathy Gabble 0.16.x before 0.16.5 and 0.17.x before 0.17.3 allows remote attackers to cause a denial of service NULL pointer dereference and crash via a crafted message...

CVE-2013-1769

A certain hashing algorithm in Telepathy Gabble 0.16.x before 0.16.5 and 0.17.x before 0.17.3 allows remote attackers to cause a denial of service NULL pointer dereference and crash via a crafted message...

CVE-2013-1769

The CVE affects Telepathy Gabble: versions 0.16.x before 0.16.5 and 0.17.x before 0.17.3 are vulnerable due to a hashing algorithm that can trigger a NULL pointer dereference, causing a remote denial of service (crash). No exploitation details are provided beyond this, but the impact is a crash/D...