822 matches found
CVE-2012-2417
PyCrypto before 2.6 does not produce appropriate prime numbers when using an ElGamal scheme to generate a key, which reduces the signature space or public key space and makes it easier for attackers to conduct brute force attacks to obtain the private key...
CVE-2012-2417
Removed by vendor...
Fedora 15 : python-crypto-2.3-6.fc15 (2012-8490)
This update is a security fix for CVE-2012-2417 insecure ElGamal key generation. Anyone using ElGamal keys should generate new keys as soon as practical any additional information about this bug will be tracked at https://bugs.launchpad.net/pycrypto/+bug/985164. Note that Tenable Network Security...
Fedora 16 : python-crypto-2.3-6.fc16 (2012-8470)
This update is a security fix for CVE-2012-2417 insecure ElGamal key generation. Anyone using ElGamal keys should generate new keys as soon as practical any additional information about this bug will be tracked at https://bugs.launchpad.net/pycrypto/+bug/985164. Note that Tenable Network Security...
Python PyCrypto密钥生成漏洞
BUGTRAQ ID: 53687 CVE ID: CVE-2012-2417 PyCrypto是使用Python编写的加密工具包。 PyCrypto 2.5之前版本在使用ElGamal方案生成密钥时存在错误,可造成缩减密钥空间,可被利用生成私钥,获取敏感信息。 0 python 2.5.x 厂商补丁: Python ------ 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: www.python.org...
pycrypto -- vulnerable ElGamal key generation
Dwayne C. Litzenberger of PyCrypto reports: In the ElGamal schemes for both encryption and signatures, g is supposed to be the generator of the entire Z^p group. However, in PyCrypto 2.5 and earlier, g is more simply the generator of a random sub-group of Z^p. The result is that the signature spa...
Encipher It : Easiest Browser based Advanced Encryption Tools [Video Demonstration]
Encipher It : Easiest Browser based Advanced Encryption Tools Video Demonstration "Encipher It " One of the best and easiest AES Text encryptor for Google Mail or anything else. It Provide more secure PBKDF2 Password-Based Key Derivation Function key generation. It use Advanced Encryption Standar...
Access Restriction Bypass
Overview Affected versions of this package are vulnerable to Access Restriction Bypass. The keycertify function in usr.bin/ssh/key.c in OpenSSH 5.6 and 5.7, when generating legacy certificates using the -t command-line option in ssh-keygen, does not initialize the nonce field, which might allow...
stat(2)-based Context Keyed Payload Encoder
This is a Context-Keyed Payload Encoder based on stat2 and Shikata Ga Nai. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'rex/poly' class MetasploitModule 'stat2-based Context Keyed Payload Encoder',...
GnuTLS: Multiple vulnerabilities
Background GnuTLS is an Open Source implementation of the TLS 1.0 and SSL 3.0 protocols. Description The following vulnerabilities were found in GnuTLS: Miroslav Kratochvil reported that lib/pk-libgcrypt.c does not properly handle corrupt DSA signatures, possibly leading to a double-free...
OpenSC Incorrect RSA Keys Generation Vulnerability
This host is installed with OpenSC and is prone to Insecure Key Generation vulnerability. OpenVAS Vulnerability Test $Id: secpodopenscinsecurekeygenerationvuln.nasl 5122 2017-01-27 12:16:00Z teissa $ OpenSC Incorrect RSA Keys Generation Vulnerability Authors: Antu Sanadi Copyright: Copyright c 20...
OpenSC < 0.11.8 Incorrect RSA Keys Generation Vulnerability
OpenSC is prone to an insecure key generation vulnerability. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Security fix for the ALT Linux 10 package gnutls30 version 2.6.6-alt1
April 30, 2009 Afanasov Dmitry 2.6.6-alt1 - 2.6.6 release. + fix Corrected double free on signature verification failure CVE-2009-1415 + fix DSA key generation CVE-2009-1416 + fix gnutls-cli expiration/activation time check CVE-2009-1417 - release fixes 19873 also...
Ubuntu: Security Advisory (USN-612-8)
The remote host is missing an update for the SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Code injection
The System extension Install tool in TYPO3 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0 through 4.2.3 creates the encryption key with an insufficiently random seed, which makes it easier for attackers to crack the key...
Ubuntu 6.06 LTS / 7.04 / 7.10 / 8.04 LTS : openssl-blacklist update (USN-612-11)
USN-612-3 addressed a weakness in OpenSSL certificate and key generation and introduced openssl-blacklist to aid in detecting vulnerable certificates and keys. This update adds RSA-4096 blacklists to the openssl-blacklist-extra package and adjusts openssl-vulnkey to properly handle RSA-4096 and...
USN-612-9: openssl-blacklist update
USN-612-3 addressed a weakness in OpenSSL certificate and key generation in OpenVPN by introducing openssl-blacklist to aid in detecting vulnerable private keys. This update enhances the openssl-vulnkey tool to check Certificate Signing Requests, accept input from STDIN, and check moduli without ...
Debian disaster-vulnerability warning-the black bar safety net
by axis 2008-05-16 http://www.ph4nt0m.org The Debian OpenSSL package the algorithms have problems, random number generation is actually in the process pid in the selection, lead to the generation of key can be exhaustive The following extract from the metasploit blog The Bug On May 13th, 2 0 0 8...
spambam.pl.txt
!/usr/bin/perl -w Defeating SpamBam exploit by Jose Palazon [email protected] a.k.a. palako Vulnerable software: SpamBam http://wordpress.org/extend/plugins/spambam/ by Gareth Heyes Vulnerability: No matter how hard you ofuscate or encrypt your code, never, under no circunstances, rely any...
Code injection
The SSH key generation process in OpenSSH in Apple Mac OS X 10.3.9 and 10.4 through 10.4.8 allows remote attackers to cause a denial of service by connecting to the server before SSH has finished creating keys, which causes the keys to be regenerated and can break trust relationships that were...