Timing Attack

Adyen is vulnerable to a Timing Attack. The vulnerability is due to improper constant-time comparison of HMACs in the isvalidhmac and isvalidhmacnotification methods, allowing an attacker to infer the correct HMAC by measuring timing differences...

CVE-2024-8365

Vault Community Edition and Vault Enterprise experienced a regression where functionality that HMAC’d sensitive headers in the configured audit device, specifically client tokens and token accessors, was removed. This resulted in the plaintext values of client tokens and token accessors being...

CVE-2024-8365

Vault Community Edition and Vault Enterprise regressed by removing the HMAC protection for sensitive headers in the audit device, causing plaintext client tokens and token accessors to be written to audit logs. The issue is documented as CVE-2024-8365 and has been fixed in Vault Community Edition...

IPMI 2.0 RAKP Remote SHA1 Password Hash Retrieval

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'IPMI 2.0 RAKP Remote SHA1 Password Hash Retrieval', 'Description' = %q| This module identifies IPMI 2.0-compatible systems and attempts to retrie...

Apache Tapestry HMAC secret key leak

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Apache Tapestry HMAC secret key leak', 'Description' = %q This exploit finds the HMAC secret key used in Java serialization by Apache Tapestry...

GHSA-F3Q4-GGFP-JV34 Adyen APIs Library for Python timing attack vulnerability

Adyen has utility methods for validating notification HMAC signatures. The isvalidhmac and isvalidhmacnotification methods are vulnerable to a timing attack, you should compare the hash of the HMACs instead...

Adyen APIs Library for Python timing attack vulnerability

Adyen has utility methods for validating notification HMAC signatures. The isvalidhmac and isvalidhmacnotification methods are vulnerable to a timing attack, you should compare the hash of the HMACs instead...

PT-2024-40253 · Adyen · Adyen

Name of the Vulnerable Software and Affected Versions: Adyen affected versions not specified Description: The issue concerns the is valid hmac and is valid hmac notification methods, which are vulnerable to a timing attack. To mitigate this, it is recommended to compare the hash of the HMACs...

Adyen APIs Library for Python timing attack vulnerability

Adyen has utility methods for validating notification HMAC signatures. The isvalidhmac and isvalidhmacnotification methods are vulnerable to a timing attack, you should compare the hash of the HMACs instead...

OESA-2024-2048 booth security update

Booth manages tickets which authorize cluster sites located in geographically dispersed locations to run resources. It facilitates support of geographically distributed clustering in Pacemaker. Security Fixes: A flaw was found in Booth, a cluster ticket manager. If a specially-crafted hash is...

The vulnerability of the Linux operating system’s kernel’s ipv6 component, which allows a hacker to access confidential information

The vulnerability of the Linux operating system’s IPv6 kernel component is related to reading data beyond the boundary during the installation of HMAC. Exploiting this vulnerability can allow an attacker to access confidential information...

SUSE CVE-2024-42255

In the Linux kernel, the following vulnerability has been resolved: tpm: Use auth only after NULL check in tpmbufcheckhmacresponse Dereference auth after NULL check in tpmbufcheckhmacresponse. Otherwise, unless tpm2sessionsinit was called, a call can cause NULL dereference, when TCGTPM2HMAC is...

CVE-2024-42255

In the Linux kernel, the following vulnerability has been resolved: tpm: Use auth only after NULL check in tpmbufcheckhmacresponse Dereference auth after NULL check in tpmbufcheckhmacresponse. Otherwise, unless tpm2sessionsinit was called, a call can cause NULL dereference, when TCGTPM2HMAC is...

CVE-2024-42255 tpm: Use auth only after NULL check in tpm_buf_check_hmac_response()

In the Linux kernel, the following vulnerability has been resolved: tpm: Use auth only after NULL check in tpmbufcheckhmacresponse Dereference auth after NULL check in tpmbufcheckhmacresponse. Otherwise, unless tpm2sessionsinit was called, a call can cause NULL dereference, when TCGTPM2HMAC is...

Security Bulletin: authlib-cve202437568-sec-bypass

Summary Authlib security bypass Vulnerability Details CVEID:CVE-2024-37568 DESCRIPTION: Authlib could allow a remote attacker to bypass security restrictions, caused by an algorithm confusion with asymmetric public keys. By sending a specially crafted request, an attacker could exploit this...

SUSE CVE-2024-39489

In the Linux kernel, the following vulnerability has been resolved: ipv6: sr: fix memleak in seg6hmacinitalgo seg6hmacinitalgo returns without cleaning up the previous allocations if one fails, so it's going to leak all that memory and the crypto tfms. Update seg6hmacexit to only free the memory...

DEBIAN-CVE-2024-39489

In the Linux kernel, the following vulnerability has been resolved: ipv6: sr: fix memleak in seg6hmacinitalgo seg6hmacinitalgo returns without cleaning up the previous allocations if one fails, so it's going to leak all that memory and the crypto tfms. Update seg6hmacexit to only free the memory...

UBUNTU-CVE-2024-39489

In the Linux kernel, the following vulnerability has been resolved: ipv6: sr: fix memleak in seg6hmacinitalgo seg6hmacinitalgo returns without cleaning up the previous allocations if one fails, so it's going to leak all that memory and the crypto tfms. Update seg6hmacexit to only free the memory...

Linux kernel security vulnerabilities

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a memory leak in seg6hmacinitalgo...

SUSE SLES12 Security Update : booth (SUSE-SU-2024:2251-1)

The remote SUSE Linux SLES12 host has a package installed that is affected by a vulnerability as referenced in the SUSE- SU-2024:2251-1 advisory. - CVE-2024-3049: Fixed a vulnerability where a specially crafted hash can lead to invalid HMAC being accepted by Booth server. bsc1226032 Tenable has...