AI-Accelerated Brute Force Cryptanalysis

Modern cryptography is hinged on "not learning from mistakes": trying numerous wrong keys, should not help one identify the right key. Indeed, it worked -- until recently when the surprising power of AI to see pattern in apparent randomness has turned the 'wrong plaintexts' generated by the 'wron...

CVE-2021-31798

The effective key space used to encrypt the cache in CyberArk Credential Provider prior to 12.1 has low entropy, and under certain conditions a local malicious user can obtain the plaintext of cache files...

EUVD-2021-18679

Malware in sbrugna...

EUVD-2010-3996

Malware in sbrugna...

SUSE CVE-2012-2417

PyCrypto before 2.6 does not produce appropriate prime numbers when using an ElGamal scheme to generate a key, which reduces the signature space or public key space and makes it easier for attackers to conduct brute force attacks to obtain the private key...

CVE-2021-31796

An inadequate encryption vulnerability discovered in CyberArk Credential Provider before 12.1 may lead to Information Disclosure. An attacker may realistically have enough information that the number of possible keys for a credential file is only one, and the number is usually not higher than 2^3...

Design/Logic Flaw

The effective key space used to encrypt the cache in CyberArk Credential Provider prior to 12.1 has low entropy, and under certain conditions a local malicious user can obtain the plaintext of cache files...

CyberArk Credential Provider Race Condition / Authorization Bypass

KL-001-2021-009: CyberArk Credential Provider Race Condition And Authorization Bypass Title: CyberArk Credential Provider Race Condition And Authorization Bypass Advisory ID: KL-001-2021-009 Publication Date: 2021.09.01 Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2021-009.t...

CyberArk Credential File Insufficient Effective Key Space

Vulnerability Details Affected Vendor: CyberArk Affected Product: Application Access Manager/Credential Provider Affected Version: Prior to 12.1 Platform: Linux/Windows/zOS CWE Classification: CWE-326: Inadequate Encryption Strength CVE ID: CVE-2021-31796 2. Vulnerability Description CyberArk...

CVE-2016-3685

Affected software: SAP Download Manager up to version 2.1.142. Root cause: encryption of sensitive values stored in a configuration file uses a fixed static key; on Windows and macOS the key is the BIOS serial number concatenated with a hard-coded key, enabling attackers with local access to reco...

openafs -- single-DES cell-wide key brute force vulnerability

OpenAFS Project reports: The small size of the DES key space permits an attacker to brute force a cell's service key and then forge traffic from any user within the cell. The key space search can be performed in under 1 day at a cost of around $100 using publicly available services...

Debian Security Advisory DSA 2502-1 (python-crypto)

The remote host is missing an update to python-crypto announced via advisory DSA 2502-1. OpenVAS Vulnerability Test $Id: deb25021.nasl 6612 2017-07-07 12:08:03Z cfischer $ Description: Auto-generated from advisory DSA 2502-1 python-crypto Authors: Thomas Reinke Copyright: Copyright c 2012 E-Soft...

PYSEC-2012-16

PyCrypto before 2.6 does not produce appropriate prime numbers when using an ElGamal scheme to generate a key, which reduces the signature space or public key space and makes it easier for attackers to conduct brute force attacks to obtain the private key...

PYSEC-2012-16

PyCrypto before 2.6 does not produce appropriate prime numbers when using an ElGamal scheme to generate a key, which reduces the signature space or public key space and makes it easier for attackers to conduct brute force attacks to obtain the private key...

CVE-2012-2417

Removed by vendor...

CVE-2012-2417

CVE-2012-2417 : PyCrypto before 2.6 generates ElGamal keys using inappropriate prime numbers, reducing the signature/public key space and enabling brute-force attacks to derive the private key. Connected sources confirm the issue affects PyCrypto ElGamal key generation and that fixed versions exi...

CVE-2012-2417

PyCrypto before 2.6 does not produce appropriate prime numbers when using an ElGamal scheme to generate a key, which reduces the signature space or public key space and makes it easier for attackers to conduct brute force attacks to obtain the private key...

Medium: python-crypto

Issue Overview: PyCrypto before 2.6 does not produce appropriate prime numbers when using an ElGamal scheme to generate a key, which reduces the signature space or public key space and makes it easier for attackers to conduct brute force attacks to obtain the private key. Affected Packages:...

CVE-2010-4020

MIT Kerberos 5 aka krb5 1.8.x through 1.8.3 does not reject RC4 key-derivation checksums, which might allow remote authenticated users to forge a 1 AD-SIGNEDPATH or 2 AD-KDC-ISSUED signature, and possibly gain privileges, by leveraging the small key space that results from certain one-byte...