1488 matches found
Phabricator: Phabricator is vulnerable to padding oracle attacks and chosen-ciphertext attacks.
Dear Phabricator bug bounty team, Summary --- Phabricator encrypts data with AES in CBC mode, but does not ensure integrity of the encrypted data. You must authenticate the data, by either using an HMAC or by using an authenticated block cipher mode like GCM. Why does this vulnerability exist? --...
Integer overflow
go-jose before 1.0.5 suffers from a CBC-HMAC integer overflow on 32-bit architectures. An integer overflow could lead to authentication bypass for CBC-HMAC encrypted ciphertexts on 32-bit architectures...
CVE-2016-9123
go-jose before 1.0.5 suffers from a CBC-HMAC integer overflow on 32-bit architectures. An integer overflow could lead to authentication bypass for CBC-HMAC encrypted ciphertexts on 32-bit architectures...
CVE-2016-9123
go-jose before 1.0.5 suffers from a CBC-HMAC integer overflow on 32-bit architectures. An integer overflow could lead to authentication bypass for CBC-HMAC encrypted ciphertexts on 32-bit architectures...
CVE-2016-9123
go-jose before 1.0.5 suffers from a CBC-HMAC integer overflow on 32-bit architectures. An integer overflow could lead to authentication bypass for CBC-HMAC encrypted ciphertexts on 32-bit architectures...
DEBIAN-CVE-2016-9123
go-jose before 1.0.5 suffers from a CBC-HMAC integer overflow on 32-bit architectures. An integer overflow could lead to authentication bypass for CBC-HMAC encrypted ciphertexts on 32-bit architectures...
CVE-2016-9123
go-jose before 1.0.5 suffers from a CBC-HMAC integer overflow on 32-bit architectures. An integer overflow could lead to authentication bypass for CBC-HMAC encrypted ciphertexts on 32-bit architectures...
CVE-2016-9123
The CVE-2016-9123 entry concerns go-jose and its CBC-HMAC implementation. Multiple connected sources confirm a CBC-HMAC integer overflow on 32-bit architectures in go-jose prior to 1.0.5, which could lead to authentication bypass for CBC-HMAC encrypted ciphertexts. Documents consistently describe...
CVE-2016-9123
go-jose before 1.0.5 suffers from a CBC-HMAC integer overflow on 32-bit architectures. An integer overflow could lead to authentication bypass for CBC-HMAC encrypted ciphertexts on 32-bit architectures...
openssh security and bug fix update
5.3p1-122 - Allow to use ibmca crypto hardware 1397547 - CVE-2015-8325: privilege escalation via user's PAM environment and UseLogin=yes 1405374 5.3p1-121 - Fix missing hmac-md5-96 from server offer 1373836 5.3p1-120 - Prevent infinite loop when Ctrl+Z pressed at password prompt 1218424 - Remove...
CVE-2017-3156
It was found that Apache CXF OAuth2 Hawk and JOSE MAC Validation code is not using a constant time MAC signature comparison algorithm which may be exploited by some sophisticated timing attacks. It may only affect OAuth2 Hawk or JWT access tokens or JOSE JWS/JWE interceptors which depend on HMAC...
Timing Attack
salt is vulnerable to timing attacks. This vulnerability is due to the use of a regular string comparison function to verify an HMAC-SHA256 signature...
Security Using Pre-Existing Routing for Mobile Ad hoc Networks: SUPERMAN
Security Using Pre-Existing Routing for Mobile Ad hoc Networks The flexibility and mobility of Mobile Ad hoc Networks MANETs have made them increasing popular in a wide range of use cases. To protect these networks, security protocols have been developed to protect routing and application data...
Timing Attack Via Authentication
python-jose is vulnerable to timing attacks. The vulnerability is possible because it has a flaw in verification function which allows a constant time comparison for HMAC keys...
CVE-2016-7036
python-jose before 1.3.2 allows attackers to have unspecified impact by leveraging failure to use a constant time comparison for HMAC keys...
CVE-2016-7036
python-jose before 1.3.2 allows attackers to have unspecified impact by leveraging failure to use a constant time comparison for HMAC keys...
Code injection
python-jose before 1.3.2 allows attackers to have unspecified impact by leveraging failure to use a constant time comparison for HMAC keys...
PYSEC-2017-28
python-jose before 1.3.2 allows attackers to have unspecified impact by leveraging failure to use a constant time comparison for HMAC keys...
CVE-2016-7036
python-jose before 1.3.2 allows attackers to have unspecified impact by leveraging failure to use a constant time comparison for HMAC keys...
CVE-2016-7036
python-jose before 1.3.2 allows attackers to have unspecified impact by leveraging failure to use a constant time comparison for HMAC keys...