openSUSE Security Update : python-PyJWT (openSUSE-2015-620)

python-PyJWT was updated to fix unsafe usage of asymmetric keys in combination with HMAC algorithm bsc935544 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update openSUSE-2015-620. The text...

WordPress 3.8.2 cookie 伪造漏洞

0x00 背景 看了WordPress 3.8.2补丁分析 HMAC timing attack，眼界大开，原来还可以利用时间差来判断HMAC。 但我总觉得这个漏洞并不是简单的修复这个问题。 查看了官方提供的资料:“该漏洞是由WordPress的安全团队成员Jon Cave发现。”。 也许漏洞还有这样利用的可能。 0x01 PHP的特性 当PHP在进行 ”==”,”!=”等非严格匹配的情况下，会按照值的实际情况，进行强制转换。 当有一个对比参数是整数的时候，会把另外一个参数强制转换为整数。 0x02 分析修复的代码 官方版的diff只在php里改动了一个位置:...

[SECURITY] [DSA 3293-1] pyjwt security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3293-1 [email protected] https://www.debian.org/security/ Alessandro Ghedini June 20, 2015 https://www.debian.org/security/faq -...

Debian DSA-3293-1 : pyjwt - security update

Tim McLean discovered that pyjwt, a Python implementation of JSON Web Token, would try to verify an HMAC signature using an RSA or ECDSA public key as secret. This could allow remote attackers to trick applications expecting tokens signed with asymmetric keys, into accepting arbitrary tokens. For...

SUSE SLED12 / SLES12 Security Update : strongswan (SUSE-SU-2015:0281-1)

This strongswan update fixes the following security and non security issues. - Disallow brainpool elliptic curve groups in fips mode bnc856322. - Applied an upstream fix for a denial-of-service vulnerability, which can be triggered by an IKEv2 Key Exchange payload, that contains the Diffie-Hellma...

The vulnerability of the OpenSUSE operating system allows malicious actors to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the kernel-debug-hmac package in the operating system openSUSE can lead to violations of confidentiality, integrity, and accessibility of protected information. This vulnerability can be exploited locally...

The vulnerability of the OpenSUSE operating system allows malicious actors to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the kernel-vmi-hmac package of the operating system openSUSE can lead to breaches of confidentiality, integrity, and accessibility of protected information. This vulnerability can be exploited locally...

The vulnerability of the OpenSUSE operating system allows malicious actors to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the kernel-pae-hmac package in the operating system openSUSE can lead to violations of confidentiality, integrity, and accessibility of protected information. This vulnerability can be exploited locally...

The vulnerability of the OpenSUSE operating system allows malicious actors to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the kernel-default-hmac package in the OpenSUSE operating system can lead to breaches of confidentiality, integrity, and accessibility of protected information. This vulnerability can be exploited locally...

The vulnerability of the OpenSUSE operating system allows malicious actors to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the kernel-xen-hmac package of the OpenSUSE operating system can lead to breaches of confidentiality, integrity, and accessibility of protected information. This vulnerability can be exploited locally...

The vulnerability of the OpenSUSE operating system allows malicious actors to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the kernel-desktop-hmac package in the OpenSUSE operating system can lead to violations of confidentiality, integrity, and accessibility of protected information. This vulnerability can be exploited locally...

Shopify: Multiple issues on Checkout Process

Description While reviewing the Shopify POS application we found that the application was encrypting the CHD information, but it was leaving the amount outside of the payload and the post lacked any sort of HMAC signature preventing replay attacks. In addition, given the application does not...

Critical Vulnerabilities Affecting JSON Web Token Libraries

Critical vulnerabilities exist in several JSON Web Token JWT libraries – namely the JavaScript and PHP versions – that could let an attacker bypass the verification step. Tim McLean, a Canadian security researcher who specializes in cryptography and dug up the issues, points out that attackers...

Single Packet Authorization: fwknop

fwknop implements an authorization scheme known as Single Packet Authorization SPA for strong service concealment. SPA requires only a single packet which is encrypted, non-replayable, and authenticated via an HMAC in order to communicate desired access to a service that is hidden behind a firewa...

Microsoft Windows Kerberos - Privilege Escalation (MS14-068)

Microsoft Windows Kerberos - Privilege Escalation MS14-068 !/usr/bin/python MS14-068 Exploit Author ------ Sylvain Monne Contact : sylvain dot monne at solucom dot fr http://twitter.com/bidord import sys, os from random import getrandbits from time import time, localtime, strftime from kek.ccache...

F5 Networks BIG-IP : SNMPv3 HMAC verification vulnerability (SOL8939)

SNMPv3 HMAC verification relies on the client to specify the HMAC length. This flexibility allows remote attackers to bypass SNMP authentication by specifying a length value of 1 , which only checks the first byte. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and...

USN-2368-1: OpenVPN vulnerability

It was discovered that OpenVPN incorrectly handled HMAC comparisons when running in UDP mode. If a remote attacker were able to perform a machine-in-the-middle attack, this flaw could possibly be used to perform a plaintext recovery attack...

Linux Kernel < 2.6.26.4 - SCTP Kernel Memory Disclosure Exploit

No description provided by source. / cve-2008-4113.c Linux Kernel 2.6.26.4 SCTP kernel memory disclosure Jon Oberheide [email protected] http://jon.oberheide.org Information: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4113 The sctpgetsockopthmacident function in net/sctp/socket.c in t...

openSUSE Security Update : openvpn (openSUSE-SU-2013:1645-1)

The following security issues were fixed : - Applied upstream patch changing to use a constant time memcmp when comparing HMACs in openvpndecrypt to address ciphertext injection in UDP mode CVE-2013-2061, bnc843509. 0006-openvpn-2.0.9-HMAC-memcmp-CVE-2013-2061bnc843509. patch Changes in openvpn :...

CVE-2013-0250

The initnsshash function in exec/totemcrypto.c in Corosync 2.0 before 2.3 does not properly initialize the HMAC key, which allows remote attackers to cause a denial of service crash via a crafted packet...