CVE-2018-10844

It was found that the GnuTLS implementation of HMAC-SHA-256 was vulnerable to a Lucky thirteen style attack. Remote attackers could use this flaw to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data using crafted packets...

CVE-2018-10844

It was found that the GnuTLS implementation of HMAC-SHA-256 was vulnerable to a Lucky thirteen style attack. Remote attackers could use this flaw to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data using crafted packets...

CVE-2018-10845

CVE-2018-10845 affects GnuTLS HMAC-SHA-384 and enables a Lucky Thirteen–style timing side-channel leading to potential plaintext recovery. The connected IBM advisories confirm remote exploitation via crafted packets to obtain information, with MEDIUM base scores and impact on confidentiality. Rem...

CVE-2018-10845

It was found that the GnuTLS implementation of HMAC-SHA-384 was vulnerable to a Lucky thirteen style attack. Remote attackers could use this flaw to conduct distinguishing attacks and plain text recovery attacks via statistical analysis of timing data using crafted packets...

CVE-2018-10844

CVE-2018-10844 affects GnuTLS HMAC-SHA-256 and is described in multiple sources (IBM advisories and third‑party feeds) as a Lucky Thirteen–style timing attack enabling distinguishing and plaintext‑recovery via crafted packets. Affected products include IBM Power Hardware Management Console and IB...

CVE-2018-10845

It was found that the GnuTLS implementation of HMAC-SHA-384 was vulnerable to a Lucky thirteen style attack. Remote attackers could use this flaw to conduct distinguishing attacks and plain text recovery attacks via statistical analysis of timing data using crafted packets...

CVE-2018-10844

It was found that the GnuTLS implementation of HMAC-SHA-256 was vulnerable to a Lucky thirteen style attack. Remote attackers could use this flaw to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data using crafted packets...

UBUNTU-CVE-2018-10845

It was found that the GnuTLS implementation of HMAC-SHA-384 was vulnerable to a Lucky thirteen style attack. Remote attackers could use this flaw to conduct distinguishing attacks and plain text recovery attacks via statistical analysis of timing data using crafted packets...

CVE-2018-10845

It was found that the GnuTLS implementation of HMAC-SHA-384 was vulnerable to a Lucky thirteen style attack. Remote attackers could use this flaw to conduct distinguishing attacks and plain text recovery attacks via statistical analysis of timing data using crafted packets...

CVE-2018-10844

It was found that the GnuTLS implementation of HMAC-SHA-256 was vulnerable to a Lucky thirteen style attack. Remote attackers could use this flaw to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data using crafted packets...

PT-2018-3451 · Gnu +5 · Gnutls +5

Name of the Vulnerable Software and Affected Versions: GnuTLS affected versions not specified Description: The issue is related to the GnuTLS implementation of HMAC-SHA-384, which is vulnerable to a Lucky thirteen style attack. This allows remote attackers to conduct distinguishing attacks and...

Fresh Approach to WiFi Cracking Uses Packet-Sniffing

Legacy WiFi just became a little less safe, according to Jens Steube, the developer of the password-cracking tool known as Hashcat. He has found a faster, easier way to crack some WPA/WPA2-protected WiFi networks. Hackers have compromised the WPA/WPA2 encryption protocols in the past, but it’s an...

openSUSE Security Update : libgcrypt (openSUSE-2018-795)

This update for libgcrypt fixes the following issues : The following security vulnerability was addressed : - CVE-2018-0495: Mitigate a novel side-channel attack by enabling blinding for ECDSA signatures bsc1097410. The following other issues were fixed : - Extended the fipsdrv dsa-sign and...

Security update for libgcrypt (moderate)

This update for libgcrypt fixes the following issues: The following security vulnerability was addressed: - CVE-2018-0495: Mitigate a novel side-channel attack by enabling blinding for ECDSA signatures bsc1097410. The following other issues were fixed: - Extended the fipsdrv dsa-sign and dsa-veri...

openSUSE Security Update : libgcrypt (openSUSE-2018-769)

This update for libgcrypt fixes the following issue : The following security issue was fixed : - CVE-2018-0495: Fixed a novel side-channel attack, by enabling blinding for ECDSA signatures bsc1097410 This update was imported from the SUSE:SLE-15:Update update project. %NASLMINLEVEL 70300 C Tenabl...

SUSE SLED12 / SLES12 Security Update : libgcrypt (SUSE-SU-2018:2089-1)

This update for libgcrypt fixes the following issues: The following security vulnerability was addressed : - CVE-2018-0495: Mitigate a novel side-channel attack by enabling blinding for ECDSA signatures bsc1097410. The following other issues were fixed : - Extended the fipsdrv dsa-sign and...

openssl: Insufficient TLS session ticket HMAC length checks

An integer underflow flaw leading to a buffer over-read was found in the way OpenSSL parsed TLS session tickets. A remote attacker could use this flaw to crash a TLS server using OpenSSL if it used SHA-512 as HMAC for session tickets...

openssl: Insufficient TLS session ticket HMAC length checks

An integer underflow flaw leading to a buffer over-read was found in the way OpenSSL parsed TLS session tickets. A remote attacker could use this flaw to crash a TLS server using OpenSSL if it used SHA-512 as HMAC for session tickets...

Debian DSA-4229-1 : strongswan - security update

Two vulnerabilities were discovered in strongSwan, an IKE/IPsec suite. - CVE-2018-5388 The stroke plugin did not verify the message length when reading from its control socket. This vulnerability could lead to denial of service. On Debian write access to the socket requires root permission on...

Microsoft Windows: Network security: Encryption types allowed for Kerberos

This policy setting allows you to set the encryption types that Kerberos is allowed to use. If not selected, the encryption type will not be allowed. This setting may affect compatibility with client computers or services and applications. Multiple selections are permitted. C Microsoft Corporatio...