Keylime registrar and (untrusted) Agent can be bypassed by an attacker

Impact A security issue was found in the Keylime registrar code which allows an attacker to effectively bypass the challenge-response protocol used to verify that an agent has indeed access to an AIK which in indeed related to the EK. When an agent starts up, it will contact a registrar and provi...

PSF-2023-6 hmac.compare_digest() accumulator not constant-time

An issue was discovered in comparedigest in Lib/hmac.py in Python through 3.9.1. Constant-time-defeating optimisations were possible in the accumulator variable in hmac.comparedigest...

CVE-2022-48566

An issue was discovered in comparedigest in Lib/hmac.py in Python through 3.9.1. Constant-time-defeating optimisations were possible in the accumulator variable in hmac.comparedigest...

DEBIAN-CVE-2022-48566

An issue was discovered in comparedigest in Lib/hmac.py in Python through 3.9.1. Constant-time-defeating optimisations were possible in the accumulator variable in hmac.comparedigest...

CVE-2022-48566

An issue was discovered in comparedigest in Lib/hmac.py in Python through 3.9.1. Constant-time-defeating optimisations were possible in the accumulator variable in hmac.comparedigest...

CVE-2022-48566

An issue was discovered in comparedigest in Lib/hmac.py in Python through 3.9.1. Constant-time-defeating optimisations were possible in the accumulator variable in hmac.comparedigest...

UBUNTU-CVE-2022-48566

An issue was discovered in comparedigest in Lib/hmac.py in Python through 3.9.1. Constant-time-defeating optimisations were possible in the accumulator variable in hmac.comparedigest...

CVE-2022-48566

An issue was discovered in comparedigest in Lib/hmac.py in Python through 3.9.1. Constant-time-defeating optimisations were possible in the accumulator variable in hmac.comparedigest...

Design/Logic Flaw

An issue was discovered in comparedigest in Lib/hmac.py in Python through 3.9.1. Constant-time-defeating optimisations were possible in the accumulator variable in hmac.comparedigest...

Python 竞争条件问题漏洞

Python is an open source, object-oriented programming language from the Python Foundation. The language is extensible, supports modules and packages, and supports multiple platforms. A security vulnerability exists in Python 3.9.1, which stems from the fact that the Comparedigest accumulator...

CVE-2022-48566

An issue was discovered in comparedigest in Lib/hmac.py in Python through 3.9.1. Constant-time-defeating optimisations were possible in the accumulator variable in hmac.comparedigest...

CVE-2022-48566

An issue was discovered in comparedigest in Lib/hmac.py in Python through 3.9.1. Constant-time-defeating optimisations were possible in the accumulator variable in hmac.comparedigest...

PT-2023-9619 · Python · Python

Name of the Vulnerable Software and Affected Versions: Python versions prior to 3.9.1 Python cpython version 3.7 Python CPython 3.12.0b1 Description: An issue in the asyncio. swap current task component of Python allows an attacker to obtain sensitive information. The vulnerability is related to...

CVE-2023-34471

AMI SPx contains a vulnerability in the BMC where a user may cause a missing cryptographic step by generating a hash-based message authentication code HMAC. A successful exploit of this vulnerability may lead to the loss confidentiality, integrity, and authentication...

CVE-2023-34337

AMI SPx contains a vulnerability in the BMC where a user may cause an inadequate encryption strength by hash-based message authentication code HMAC. A successful exploit of this vulnerability may lead to a loss of confidentiality, integrity, and availability...

CVE-2023-34471

AMI SPx contains a vulnerability in the BMC where a user may cause a missing cryptographic step by generating a hash-based message authentication code HMAC. A successful exploit of this vulnerability may lead to the loss confidentiality, integrity, and authentication...

CVE-2023-34337

AMI SPx contains a vulnerability in the BMC where a user may cause an inadequate encryption strength by hash-based message authentication code HMAC. A successful exploit of this vulnerability may lead to a loss of confidentiality, integrity, and availability...

Design/Logic Flaw

AMI SPx contains a vulnerability in the BMC where a user may cause an inadequate encryption strength by hash-based message authentication code HMAC. A successful exploit of this vulnerability may lead to a loss of confidentiality, integrity, and availability...

Authentication flaw

AMI SPx contains a vulnerability in the BMC where a user may cause a missing cryptographic step by generating a hash-based message authentication code HMAC. A successful exploit of this vulnerability may lead to the loss confidentiality, integrity, and authentication...

CVE-2023-34471 Missing Cryptographic Step

AMI SPx contains a vulnerability in the BMC where a user may cause a missing cryptographic step by generating a hash-based message authentication code HMAC. A successful exploit of this vulnerability may lead to the loss confidentiality, integrity, and authentication...