CVE-2013-7436

noVNC before 0.5 does not set the secure flag for a cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session...

DEBIAN-CVE-2013-7436

noVNC before 0.5 does not set the secure flag for a cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session...

UBUNTU-CVE-2013-7436

noVNC before 0.5 does not set the secure flag for a cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session...

CVE-2013-7436

noVNC before 0.5 does not set the secure flag for a cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session...

Session fixation

noVNC before 0.5 does not set the secure flag for a cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session...

CVE-2013-7436

noVNC before 0.5 does not set the secure flag for a cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session...

Apple Leaves CNNIC Root in iOS, OSX Certificate Trust Lists

When it was revealed late last month that a Chinese certificate authority had allowed an intermediate CA to issue unauthorized certificates for some Google domains, both Google and Mozilla reacted quickly and dropped trust in CNNIC altogether, Apple has kept the root certificates in its trusted...

novnc: session hijack through insecurely set session token cookies

It was discovered that noVNC did not properly set the 'secure' flag when issuing cookies. An attacker could use this flaw to intercept cookies via a man-in-the-middle attack...

LFTP Man-in-the-Middle Information Disclosure Vulnerability

LFTP is a multi-platform , multi-mode ftp, ftps, http, https, hftp, etc. based on the command line FTP client . LFTP suffers from a man-in-the-middle information disclosure vulnerability, which allows attackers to exploit this vulnerability to conduct man-in-the-middle attacks and obtain sensitiv...

Security Advisory - Directory File Deletion Vulnerability in UDS

When a Huawei UDS product is loading a patch, an attacker can intercept and change the patch loading information and compromise certain directory files of the device Vulnerability ID: HWPSIRT-2014-1238. This Vulnerability has been assigned Common Vulnerabilities and Exposures CVE ID: CVE-2015-225...

Android HTTPS MiTM hijacking vulnerability analysis-vulnerability warning-the black bar safety net

The 1. Android HTTPS MiTM hijacking vulnerability description In cryptography and computer security field, the man in the middle attacks Man-in-the-middle attack, often abbreviated as MITM refers to an attacker with the communications at both ends, respectively, to create the separate contact, an...

itBit Exchange: ITBit Vulnerable to SSLSTrip

www.itbit.com details: High Level, description It is possible for a malicious user to capture credential information of a www.itbit.com user with the use of SSLStrip. The scenario is that if a user is in a internet cafe and browses the internet while a malicious user intercepts his traffic, the w...

OpenSSL TLS Export Cipher Suite Downgrade (CVE-2015-0204; CVE-2015-1637)

A vulnerability has been detected in the way OpenSSL handles TLS handshakes that use weak, legacy cipher suites. An attacker might leverage this vulnerability to intercept secure communications...

Mozilla Pushes Hot Fix to Remove Superfish Cert From Firefox

Mozilla has issued a hot fix for Firefox that removes the Superfish root certificate from the browser’s trusted root store. The patch only removes the certificate if the Superfish software has been removed from the machine already, however. The Superfish adware performs SSL interception–essential...

Video: Vitaly Kamluk on The Equation Group APT

Kaspersky Lab’s global research and analysis team uncovered what they claim is the most sophisticated advanced persistent threat group yet known. Known as the Equation Group, researchers led by GReAT director Costin Raiu say the threat actors have been operating for 15 years or more and are known...

Siemens SIMATIC STEP 7 (TIA Portal) < 1300.100.2501.1 Multiple Vulnerabilities (SSA-315836)

Binary data scadasiemenstiamultiplevulnerabilitiesSSA-315836.nbin...

Komodia Website Under DDoS Attack

Komodia.com, home to the SSL interception module at the heart of the Superfish adware dustup, is currently under a distributed denial-of-service attack. As of 2 p.m. Eastern time, its home page had been replaced with a notice that the site was offline because it was under attack. “Some people say...

Adtrustmedia PrivDog fails to validate SSL certificates

Overview Adtrustmedia PrivDog fails to validate SSL certificates, making systems broadly vulnerable to HTTPS spoofing. Description Adtrustmedia PrivDog is a Windows application that advertises "... safer, faster and more private web browsing." Privdog installs a Man-in-the-Middle MITM proxy as we...

SuperFish Adware Root Certificate

SuperFish Adware is a software that uses SSL man-in-the-middle MitM technique in order to intercept SSL sessions and inject its own content into the session. Successful exploitation might result in disclosure of confidential or private information passed over the SSL channel, or in such informati...

Lenovo Superfish Certificate Password Cracked

Lenovo laptop owners are at risk for man-in-the-middle attacks as a vulnerability disclosed in pre-installed Superfish adware went nuclear this morning. Researcher Rob Graham of Errata Security published a report in which he said he cracked the password protecting the digital certificate shipped...