CVE-2013-0250

The initnsshash function in exec/totemcrypto.c in Corosync 2.0 before 2.3 does not properly initialize the HMAC key, which allows remote attackers to cause a denial of service crash via a crafted packet...

codeigniter -- multiple vulnerabilities

The CodeIgniter changelog reports: Security: The xorencode method in the Encrypt Class has been removed. The Encrypt Class now requires the Mcrypt extension to be installed. Security: The Session Library now uses HMAC authentication instead of a simple MD5 checksum...

oclHashcat v1.2 - GPGPU-based Multi-hash Cracker

oclHashcat is a GPGPU-based multi-hash cracker using a brute-force attack implemented as mask attack, combinator attack, dictionary attack, hybrid attack, mask attack, and rule-based attack. This GPU cracker is a fusioned version of oclHashcat-plus and oclHashcat-lite. GPU Driver requirements: NV...

Private Keys Stolen from OpenVPN Using Heartbleed

You can add OpenVPN to the growing list of products and services vulnerable to the Heartbleed OpenSSL vulnerability. Worse, researchers have been able to chain together exploits to steal private keys from traffic moving through the open source virtual private network software package. A Swedish V...

WordPress 3.8.2 patch analysis HMAC timing attack-vulnerability warning-the black bar safety net

author: [email protected] 0x00 background On github over and over to see for a long time, the official version of the diff only in php where changes to a location: | 1 2 | - if $hmac != $hash + if hashhmac 'md5', $hmac, $key !== hashhmac 'md5', $hash, $key ---|--- WP developers just...

SA-CONTRIB-2014-004 - Secure Cookie Data - Faulty Hashing

This module allows for storing data securely in a cookie through implementing the Secure Cookie Protocol. Ability to alter trusted data in the cookie The module did an incorrect comparison of the HMAC value, allowing a bypass of the HMAC verification which allows changing the cookie value. Known...

[fwknop] Single Packet Authorization and Port Knocking

fwknop stands for the "FireWall KNock OPerator", and implements an authorization scheme called Single Packet Authorization SPA. This method of authorization is based around a default-drop packet filter fwknop supports iptables on Linux, ipfw on FreeBSD and Mac OS X, and PF on OpenBSD and libpcap...

CVE-2013-7081

The old Form Content Element component in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6 allows remote authenticated editors to generate arbitrary HMAC signatures and bypass intended access restrictions via unspecified vectors...

UBUNTU-CVE-2013-7081

The old Form Content Element component in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6 allows remote authenticated editors to generate arbitrary HMAC signatures and bypass intended access restrictions via unspecified vectors...

Design/Logic Flaw

The old Form Content Element component in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6 allows remote authenticated editors to generate arbitrary HMAC signatures and bypass intended access restrictions via unspecified vectors...

CVE-2013-7081

The old Form Content Element component in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6 allows remote authenticated editors to generate arbitrary HMAC signatures and bypass intended access restrictions via unspecified vectors...

TYPO3 Form Content Element授权绕过信息泄露漏洞

TYPO3是一款基于PHP4/PHP5+MYsql的内容管理系统。 TYPO3 Form Content Element存在一个安全漏洞，允许远程通过验证的攻击者生成任意签名HMAC，访问受限资源，获取敏感信息。 0 TYPO3 4.5.0 TYPO3 4.5.31 TYPO3 4.7.0 TYPO3 4.7.16 TYPO3 6.0.0 TYPO3 6.0.11 TYPO3 6.1.0 TYPO3 6.1.6 TYPO3 6.2 厂商补丁： TYPO3 ----- TYPO3 4.5.32, 4.7.17, 6.0.12, 6.1.7已经修复该漏洞，请到厂商的主页下载：...

openssh security, bug fix, and enhancement update

5.3p1-94 - use dracut-fips package to determine if a FIPS module is installed 1001565 5.3p1-93 - use dist tag in suffixes for hmac checksum files 1001565 5.3p1-92 - use hmacsuffix for ssh,d hmac checksums 1001565 5.3p1-91 - fix NSS keys support 1004763 5.3p1-90 - change default value of MaxStartu...

Oracle JavaServer Faces Multiple Partial Directory Traversals

The remote web server contains a JavaServer Faces application that is affected by multiple partial directory traversal vulnerabilities : - A defect exists in the handling of a resource identifier that allows for directory traversal within the application. - A defect exists in the handling of a...

CVE-2013-2061

The openvpndecrypt function in crypto.c in OpenVPN 2.3.0 and earlier, when running in UDP mode, allows remote attackers to obtain sensitive information via a timing attack involving an HMAC comparison function that does not run in constant time and a padding oracle attack on the CBC mode cipher...

DEBIAN-CVE-2013-2061

The openvpndecrypt function in crypto.c in OpenVPN 2.3.0 and earlier, when running in UDP mode, allows remote attackers to obtain sensitive information via a timing attack involving an HMAC comparison function that does not run in constant time and a padding oracle attack on the CBC mode cipher...

CVE-2013-2061

The openvpndecrypt function in crypto.c in OpenVPN 2.3.0 and earlier, when running in UDP mode, allows remote attackers to obtain sensitive information via a timing attack involving an HMAC comparison function that does not run in constant time and a padding oracle attack on the CBC mode cipher...

CVE-2013-2061

The openvpndecrypt function in crypto.c in OpenVPN 2.3.0 and earlier, when running in UDP mode, allows remote attackers to obtain sensitive information via a timing attack involving an HMAC comparison function that does not run in constant time and a padding oracle attack on the CBC mode cipher...

SuSE 11.2 Security Update : Mozilla NSS (SAT Patch Number 8484)

"Mozilla NSS has been updated to 3.15.2 bnc847708 bringing various features and bugfixes : The main feature is TLS 1.2 support and its dependent algorithms. - Support for AES-GCM ciphersuites that use the SHA-256 PRF - MD2, MD4, and MD5 signatures are no longer accepted for OCSP or CRLs - Add...

SuSE 11.2 / 11.3 Security Update : Mozilla NSS (SAT Patch Numbers 8484 / 8485)

"Mozilla NSS has been updated to 3.15.2 bnc847708 bringing various features and bugfixes : The main feature is TLS 1.2 support and its dependent algorithms. - Support for AES-GCM ciphersuites that use the SHA-256 PRF - MD2, MD4, and MD5 signatures are no longer accepted for OCSP or CRLs - Add...