RHEL 6 : openssl (RHSA-2014:0015)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2014:0015 advisory. OpenSSL is a toolkit that implements the Secure Sockets Layer SSL v2/v3 and Transport Layer Security TLS v1 protocols, as well as a...

Important: Red Hat Security Advisory: openssl security update

Updated openssl packages that fix three security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are...

Microsoft Releases Security Advisory

Microsoft has released Security Advisory 2862973 impacting applications and services using certificates with the MD5 hashing algorithm. Usage of the MD5 hash algorithm in certificates could allow an attacker to spoof content, perform phishing attacks, or perform man-in-the-middle attacks. US-CERT...

MS KB2862973: Update for Deprecation of MD5 Hashing Algorithm for Microsoft Root Certificate Program

The remote host is missing Microsoft KB2862973, an update that restricts the use of certificates with MD5 hashes. This restriction is limited to certificates issued under roots in the Microsoft root certificate program. This update increases the difficulty of some spoofing, phishing, and...

Ubuntu Forums Password Breach Exposes 1.8 Million Users

Every username, password and email address used by members of the Ubuntu Forums was accessed in a breach reported on Saturday by the free Linux distribution. More than 1.82 million accounts stored in the forums’ database were stolen, according to a notice posted on the forums’ home page Saturday...

PT-2013-77: Using a weak hashing algorithm in SIMATIC WinCC Open Architecture

The specialists of the Positive Research center have detected an Using a weak hashing algorithm vulnerability in SIMATIC WinCC Open Architecture. The SIMATIC WinCC OA server application has a weak hashing algorithm for project users’ credentials. Attackers might be able to escalate their privileg...

Aastra IP Telephone hardcoded telnet admin password

Aastra IP Telephone hardcoded telnet admin password --------------------------------------------------- Affected products ================= Aastra 6753i IP Telephone Firmware Version 3.2.2.56 Firmware Release Code SIP Boot Version 2.5.2.1010 Background ========== "The 6753i from Aastra offers...

CVE-2012-4899

WellinTech KingView 6.5.3 and earlier uses a weak password-hashing algorithm, which makes it easier for local users to discover credentials by reading an unspecified file...

CVE-2012-4899

WellinTech KingView 6.5.3 and earlier uses a weak password-hashing algorithm, which makes it easier for local users to discover credentials by reading an unspecified file...

How The Flame Malware Stayed Hidden For So Long

The past week has brought to light more revelations about the mysterious Flame or sKyWIper worm that was first identified at the end of May. Among them: the eye-popping admission from Microsoft that the malware’s authors found a way to use that company’s Windows Update feature to distribute the...

GetSimple CMS 2.01 / 2.02 Credential Disclosure

Researcher: Michael Brooks Affecting: GetSimple CMS 2.01 and 2.02 Fixed:2.03 Vulnerability: Administrative Credentials Disclosure Vendor's Homepage: http://code.google.com/p/get-simple-cms download url for 2.01: http://www.box.net/get-simple/1/30435008/399754548 download svn for 2.02beta: svn...

Design/Logic Flaw

/opt/rv/Versions/CurrentVersion/Mcu/Config/Mcu.val in Cisco Unified Videoconferencing UVC System 5110 and 5115, when the Linux operating system is used, uses a weak hashing algorithm for the 1 administrator and 2 operator passwords, which makes it easier for local users to obtain sensitive...

CVE-2010-4302

Cisco CVE-2010-4302 affects Cisco Unified Videoconferencing (UVC) System 5110/5115 on Linux, where /opt/rv/Versions/CurrentVersion/Mcu/Config/Mcu.val uses a weak hashing algorithm for administrator and operator passwords. This weak hashing enables local users to recover cleartext passwords of adm...

Hackers Leverage Cloud Computing to Crack Passwords Efficiently

On-demand cloud computing is a valuable tool for companies needing temporary computing capacity without long-term investment in fixed capital. However, this same convenience makes cloud computing useful to hackers. Many hacking activities involve cracking passwords, keys, or other forms of brute...

US CERT Warns on VxWorks Flaws

The U.S. Computer Emergency Readiness Team has issued two warnings on flaws in the embedded systems’ OS technology VxWorks as discovered by researcher HD Moore. One flaw deals with weakness in the hashing algorithm of the API authentication; The second regards debug settings being enabled by...

VxWorks weak wuthentication

Weak password hashing algorythm with large collision probability...

Wind River Systems VxWorks weak default hashing algorithm in standard authentication API (loginLib)

Overview The hashing algorithm that is used in the standard authentication API for VxWorks is susceptible to collisions. An attacker can brute force a password by guessing a string that produces the same hash as a legitimate password. Description An attacker with a known username and access to a...

SSL Certificate Signed Using Weak Hashing Algorithm

Binary data 4803.prm...

SSL Certificate Signed Using Weak Hashing Algorithm

The remote service uses an SSL certificate chain that has been signed using a cryptographically weak hashing algorithm e.g. MD2, MD4, MD5, or SHA1. These signature algorithms are known to be vulnerable to collision attacks. An attacker can exploit this to generate another certificate with the sam...

Unreal ircd ip cloacking protection bypass

To hide real IP hash of IP address with simple hashing algorithm is used...