1487 matches found
Authentication flaw
SNMPv3 HMAC verification in 1 Net-SNMP 5.2.x before 5.2.4.1, 5.3.x before 5.3.2.1, and 5.4.x before 5.4.1.1; 2 UCD-SNMP; 3 eCos; 4 Juniper Session and Resource Control SRC C-series 1.0.0 through 2.0.0; 5 NetApp aka Network Appliance Data ONTAP 7.3RC1 and 7.3RC2; 6 SNMP Research before 16.2; 7...
CVE-2008-0960
SNMPv3 HMAC verification in 1 Net-SNMP 5.2.x before 5.2.4.1, 5.3.x before 5.3.2.1, and 5.4.x before 5.4.1.1; 2 UCD-SNMP; 3 eCos; 4 Juniper Session and Resource Control SRC C-series 1.0.0 through 2.0.0; 5 NetApp aka Network Appliance Data ONTAP 7.3RC1 and 7.3RC2; 6 SNMP Research before 16.2; 7...
CVE-2008-0960
SNMPv3 HMAC verification in 1 Net-SNMP 5.2.x before 5.2.4.1, 5.3.x before 5.3.2.1, and 5.4.x before 5.4.1.1; 2 UCD-SNMP; 3 eCos; 4 Juniper Session and Resource Control SRC C-series 1.0.0 through 2.0.0; 5 NetApp aka Network Appliance Data ONTAP 7.3RC1 and 7.3RC2; 6 SNMP Research before 16.2; 7...
CVE-2008-0960
SNMPv3 HMAC verification in 1 Net-SNMP 5.2.x before 5.2.4.1, 5.3.x before 5.3.2.1, and 5.4.x before 5.4.1.1; 2 UCD-SNMP; 3 eCos; 4 Juniper Session and Resource Control SRC C-series 1.0.0 through 2.0.0; 5 NetApp aka Network Appliance Data ONTAP 7.3RC1 and 7.3RC2; 6 SNMP Research before 16.2; 7...
CVE-2008-0960
CVE-2008-0960 describes an SNMPv3 HMAC verification flaw where the client specifies the HMAC length, enabling spoofing of authenticated SNMPv3 packets. Affected implementations include Net-SNMP 5.2.x (pre-5.2.4.1), 5.3.x (pre-5.3.2.1), 5.4.x (pre-5.4.1.1); UCD-SNMP; eCos; Juniper SRC C-series (1....
CVE-2008-0960
SNMPv3 HMAC verification in 1 Net-SNMP 5.2.x before 5.2.4.1, 5.3.x before 5.3.2.1, and 5.4.x before 5.4.1.1; 2 UCD-SNMP; 3 eCos; 4 Juniper Session and Resource Control SRC C-series 1.0.0 through 2.0.0; 5 NetApp aka Network Appliance Data ONTAP 7.3RC1 and 7.3RC2; 6 SNMP Research before 16.2; 7...
net-snmp SNMPv3 authentication bypass (VU#877044)
SNMPv3 HMAC verification in 1 Net-SNMP 5.2.x before 5.2.4.1, 5.3.x before 5.3.2.1, and 5.4.x before 5.4.1.1; 2 UCD-SNMP; 3 eCos; 4 Juniper Session and Resource Control SRC C-series 1.0.0 through 2.0.0; 5 NetApp aka Network Appliance Data ONTAP 7.3RC1 and 7.3RC2; 6 SNMP Research before 16.2; 7...
Moderate: Red Hat Security Advisory: net-snmp security update
Updated net-snmp packages that fix a security issue are now available for Red Hat Enterprise Linux 3, 4, and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Simple Network Management Protocol SNMP is a protocol used for network managemen...
net-snmp SNMPv3 authentication bypass (VU#877044)
SNMPv3 HMAC verification in 1 Net-SNMP 5.2.x before 5.2.4.1, 5.3.x before 5.3.2.1, and 5.4.x before 5.4.1.1; 2 UCD-SNMP; 3 eCos; 4 Juniper Session and Resource Control SRC C-series 1.0.0 through 2.0.0; 5 NetApp aka Network Appliance Data ONTAP 7.3RC1 and 7.3RC2; 6 SNMP Research before 16.2; 7...
Moderate: Red Hat Security Advisory: ucd-snmp security update
Updated ucd-snmp packages that fix a security issue are now available for Red Hat Enterprise Linux 2.1. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Simple Network Management Protocol SNMP is a protocol used for network management. A fla...
[oCERT-2008-006] multiple SNMP implementations HMAC authentication spoofing
2008/06/09 2008-006 multiple SNMP implementations HMAC authentication spoofing Description: Some SNMP implementations include incomplete HMAC authentication code that allows spoofing of authenticated SNMPv3 packets. The authentication code reads the length to be checked from sender input, this...
SNMPv3 improper HMAC validation allows authentication bypass
Overview A vulnerability in the way implementations of SNMPv3 handle specially crafted packets may allow authentication bypass. Description SNMP can be configured to utilize version 3, which is the current standard version of SNMP. SNMPv3 incorporates security features such as authentication and...
Authentication flaw
Plone CMS 3.x uses invariant data a client username and a server secret when calculating an HMAC-SHA1 value for an authentication cookie, which makes it easier for remote attackers to gain permanent access to an account by sniffing the network...
CVE-2008-1396
Plone CMS 3.x uses invariant data a client username and a server secret when calculating an HMAC-SHA1 value for an authentication cookie, which makes it easier for remote attackers to gain permanent access to an account by sniffing the network...
CVE-2008-1396
Plone CMS 3.x uses invariant data a client username and a server secret when calculating an HMAC-SHA1 value for an authentication cookie, which makes it easier for remote attackers to gain permanent access to an account by sniffing the network...
Design/Logic Flaw
The SILCSERVERCMDFUNC function in apps/silcd/command.c in silc-server 1.0.2 allows remote attackers to cause a denial of service NULL dereference and daemon crash via a request without a cipher algorithm and an invalid HMAC algorithm...
CVE-2007-1327
The SILCSERVERCMDFUNC function in apps/silcd/command.c in silc-server 1.0.2 allows remote attackers to cause a denial of service NULL dereference and daemon crash via a request without a cipher algorithm and an invalid HMAC algorithm...
CVE-2006-6858
Miredo 0.9.8 through 1.0.5 does not properly authenticate a Teredo bubble during UDP hole punching with HMAC-MD5-64 hashing, which allows remote attackers to impersonate an arbitrary Teredo client...
CVE-2006-6858
Miredo versions 0.9.8 through 1.0.5 fail to properly authenticate a Teredo bubble during UDP hole punching when using HMAC-MD5-64, enabling remote attackers to impersonate an arbitrary Teredo client. The vulnerability is described in CVE-2006-6858 and is evidenced in multiple data sources (NVD, C...
Miredo authentication bypass
HMAC-MD5-64 authentication can be bypassed...