53 matches found
mod_auth_openidc 安全特征问题漏洞
modauthopenidc is a software application. It is an authentication/authorization module for the Apache 2.x HTTP server that is used as an OpenID Connect dependency to authenticate users against the OpenID Connect provider. A security vulnerability exists in Zmartzone modauthopenidc that stems from...
DoraCMS 加密问题漏洞
DoraCMS is based on Nodejs+eggjs+mongodb written a content management system . An encryption issue vulnerability exists in DoraCMS 2.1.1 and earlier versions. The vulnerability arises because the program does not use AES-CBC encryption with random salts or IVs, which makes user-encrypted password...
Impero Education Pro is vulnerable
Impero Education Pro is an education management solution from Impero, Inc. that integrates classroom management, desktop management, and computer monitoring software into one package. Impero Education Pro versions prior to 5105 have a security vulnerability. Since the program uses hard-coded CBC...
Oracle Solaris Third-Party Patch Update : fetchmail (multiple_vulnerabilities_in_fetchmail) (BEAST)
The remote Solaris system is missing necessary patches to address security updates : - The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained...
FreeBSD : fetchmail -- chosen plaintext attack against SSL CBC initialization vectors (18ce9a90-f269-11e1-be53-080027ef73ec) (BEAST)
Matthias Andree reports : Fetchmail version 6.3.9 enabled 'all SSL workarounds' SSLOPALL which contains a switch to disable a countermeasure against certain attacks against block ciphers that permit guessing the initialization vectors, providing that an attacker can make the application fetchmail...
fetchmail -- chosen plaintext attack against SSL CBC initialization vectors
Matthias Andree reports: Fetchmail version 6.3.9 enabled "all SSL workarounds" SSLOPALL which contains a switch to disable a countermeasure against certain attacks against block ciphers that permit guessing the initialization vectors, providing that an attacker can make the application fetchmail...
HTTPS: block-wise chosen-plaintext attack against SSL/TLS (BEAST)
The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HT...
CVE-2011-3389
CVE-2011-3389 is the BEAST information-disclosure vulnerability in TLS/SSL CBC-mode encryption, allowing a network attacker to glean plaintext headers under certain configurations (e.g., when CBC with chained IVs is used and the attacker can inject/observe traffic). The connected documents show m...
DEBIAN-CVE-2010-3073
SSLCipher.cpp in EncFS before 1.7.0 does not properly handle integer data sizes when constructing headers intended for randomization of initialization vectors, which makes it easier for local users to obtain sensitive information by defeating cryptographic protection mechanisms...
CVE-2010-3073
SSLCipher.cpp in EncFS before 1.7.0 does not properly handle integer data sizes when constructing headers intended for randomization of initialization vectors, which makes it easier for local users to obtain sensitive information by defeating cryptographic protection mechanisms...
Design/Logic Flaw
SSLCipher.cpp in EncFS before 1.7.0 does not properly handle integer data sizes when constructing headers intended for randomization of initialization vectors, which makes it easier for local users to obtain sensitive information by defeating cryptographic protection mechanisms...
CVE-2010-3073
SSLCipher.cpp in EncFS before 1.7.0 does not properly handle integer data sizes when constructing headers intended for randomization of initialization vectors, which makes it easier for local users to obtain sensitive information by defeating cryptographic protection mechanisms...
CVE-2010-3073
SSLCipher.cpp in EncFS before 1.7.0 does not properly handle integer data sizes when constructing headers intended for randomization of initialization vectors, which makes it easier for local users to obtain sensitive information by defeating cryptographic protection mechanisms...