Use of Cache Containing Sensitive Information

Overview Affected versions of this package are vulnerable to Use of Cache Containing Sensitive Information due to the default KeyGenerator process in the cache middleware not including query parameters when generating cache keys. An attacker can access or cause exposure of user-specific or...

GHSA-46WH-PXPV-Q5GQ express-rate-limit: IPv4-mapped IPv6 addresses bypass per-client rate limiting on servers with dual-stack network

Summary The default keyGenerator in express-rate-limit applies IPv6 subnet masking /56 by default to all addresses that net.isIPv6 returns true for. This includes IPv4-mapped IPv6 addresses ::ffff:x.x.x.x, which Node.js returns as request.ip on dual-stack servers. Because the first 80 bits of all...

Malicious Package

Overview asymmetric-key-generator is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

Post-Quantum Identity-Based TLS for 5G Service-Based Architecture and Cloud-Native Infrastructure

Cloud-native application platforms and latency-sensitive systems such as 5G Core networks rely heavily on certificate-based Public Key Infrastructure PKI and mutual TLS to secure service-to-service communication. While effective, this model introduces significant operational and performance...

MAL-2024-11875 Malicious code in asymmetric-key-generator (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis d6f4c9090980b70af6effbd1be18a9ca571dd90a4f1cca30d44f84083dcec613 The OpenSSF Package Analysis project identified 'asymmetric-key-generator' @ 9.9.9 npm as malicious. It is considered malicious because: - The...

Malicious code in asymmetric-key-generator (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis d6f4c9090980b70af6effbd1be18a9ca571dd90a4f1cca30d44f84083dcec613 The OpenSSF Package Analysis project identified 'asymmetric-key-generator' @ 9.9.9 npm as malicious. It is considered malicious because: - The...

Design/Logic Flaw

CubeFS is an open-source cloud-native file storage system. Prior to version 3.3.1, CubeFS used an insecure random string generator to generate user-specific, sensitive keys used to authenticate users in a CubeFS deployment. This could allow an attacker to predict and/or guess the generated string...

CVE-2022-24402

CVE-2022-24402 affects TETRA TEA1: the keystream generator’s key register initialization compresses an 80-bit key to 32 bits, creating insufficient entropy and enabling feasible brute-force search. Documented in multiple sources; no patch details provided in the connected documents. Remediation s...

SUSE CVE-2021-40529

The ElGamal implementation in Botan through 2.18.1, as used in Thunderbird and other products, allows plaintext recovery because, during interaction between two cryptographic libraries, a certain dangerous combination of the prime defined by the receiver's public key, the generator defined by the...

CVE-2021-41117

CVE-2021-41117 concerns the keypair library (JS RSA key generator) generating identical P, Q (and N) values for SSH keys due to a weak RNG. The root cause is a non-cryptographically secure fallback RNG: when window.crypto.getRandomValues() is unavailable, keypair seeds an AES-CMAC counter with a ...

DEBIAN-CVE-2021-40530

The ElGamal implementation in Crypto++ through 8.5 allows plaintext recovery because, during interaction between two cryptographic libraries, a certain dangerous combination of the prime defined by the receiver's public key, the generator defined by the receiver's public key, and the sender's...

This Week in Security News: APT33 Botnets Used for Extreme Narrow Targeting and Microsoft’s Patch Tuesday Arrives with A Patch for An IE Zero-Day

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn about the APT33 threat group that is using live C&C servers for extremely narrow targeting. Also, read about Trend Micro’s complete...

CrackMeJ1

This is a multi-staged crackme that implements several protections for antidebugging. Objective: Find the keys 3 to solve the crackme and make a keygen Hint: Run it on a VM :- / Crack Me by jSacco // This crack me uses antidebugging techniques such as: VM Detection , Traps and IsDebuggerPresent /...

Ansible: Information leak in "user" module

The User module in Ansible leaks any data which is passed on as a parameter to ssh-keygen. This could lead to undesirable situations such as passphrase credentials being passed as a parameter for the ssh-keygen executable, showing those credentials in clear text form for every user which have...

CVE-2018-15543

An issue was discovered in the org.telegram.messenger application 4.8.11 for Android. The FingerprintManager class for Biometric validation allows authentication bypass through the callback method from onAuthenticationFailed to onAuthenticationSucceeded with null, because the fingerprint API in...

PT-2018-13079 · Telegram · Org.Telegram.Messenger

Name of the Vulnerable Software and Affected Versions: org.telegram.messenger application version 4.8.11 Description: An issue in the FingerprintManager class for Biometric validation allows authentication bypass through the callback method from onAuthenticationFailed to onAuthenticationSucceeded...

Important: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.1.4 on RHEL7 security update

An update is now available for Red Hat JBoss Enterprise Application Platform 7.1 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, ...

CVE-2018-12445

An issue was discovered in the com.dropbox.android application 98.2.2 for Android. The FingerprintManager class for Biometric validation allows authentication bypass through the callback method from onAuthenticationFailed to onAuthenticationSucceeded with null, because the fingerprint API in...

ntp: ntp-keygen uses weak random number generator and seed when generating MD5 keys

It was found that ntp-keygen used a weak method for generating MD5 keys. This could possibly allow an attacker to guess generated MD5 keys that could then be used to spoof an NTP client or server. Note: it is recommended to regenerate any MD5 keys that had explicitly been generated with ntp-keyge...

Huawei HG default WEP/WPA generator

Hi, Huawei HG520 and HG530 routers are vulnerable to weak cipher attacks. It is possible to generate the default WEP/WPA key from the MAC address. The following documents detail the process of developing a key generator for these devices. English: http://websec.ca/blog/view/mac2wepkeyhuawei Espao...