Lucene search
+L

822 matches found

Cvelist
Cvelist
added 2012/06/17 1:0 a.m.28 views

CVE-2012-2417

PyCrypto before 2.6 does not produce appropriate prime numbers when using an ElGamal scheme to generate a key, which reduces the signature space or public key space and makes it easier for attackers to conduct brute force attacks to obtain the private key...

7.7AI score0.02727EPSS
Exploits2References14
Debian CVE
Debian CVE
added 2012/06/17 1:0 a.m.24 views

CVE-2012-2417

Removed by vendor...

4.3CVSS8.1AI score0.02727EPSS
Exploits2
Tenable Nessus
Tenable Nessus
added 2012/06/04 12:0 a.m.30 views

Fedora 15 : python-crypto-2.3-6.fc15 (2012-8490)

This update is a security fix for CVE-2012-2417 insecure ElGamal key generation. Anyone using ElGamal keys should generate new keys as soon as practical any additional information about this bug will be tracked at https://bugs.launchpad.net/pycrypto/+bug/985164. Note that Tenable Network Security...

4.3CVSS7.6AI score0.02727EPSS
Exploits2References4
Tenable Nessus
Tenable Nessus
added 2012/06/04 12:0 a.m.32 views

Fedora 16 : python-crypto-2.3-6.fc16 (2012-8470)

This update is a security fix for CVE-2012-2417 insecure ElGamal key generation. Anyone using ElGamal keys should generate new keys as soon as practical any additional information about this bug will be tracked at https://bugs.launchpad.net/pycrypto/+bug/985164. Note that Tenable Network Security...

4.3CVSS7.6AI score0.02727EPSS
Exploits2References4
seebug.org
seebug.org
added 2012/05/29 12:0 a.m.30 views

Python PyCrypto密钥生成漏洞

BUGTRAQ ID: 53687 CVE ID: CVE-2012-2417 PyCrypto是使用Python编写的加密工具包。 PyCrypto 2.5之前版本在使用ElGamal方案生成密钥时存在错误,可造成缩减密钥空间,可被利用生成私钥,获取敏感信息。 0 python 2.5.x 厂商补丁: Python ------ 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: www.python.org...

4.3CVSS1.1AI score0.02727EPSS
Exploits2
FreeBSD
FreeBSD
added 2012/05/24 12:0 a.m.33 views

pycrypto -- vulnerable ElGamal key generation

Dwayne C. Litzenberger of PyCrypto reports: In the ElGamal schemes for both encryption and signatures, g is supposed to be the generator of the entire Z^p group. However, in PyCrypto 2.5 and earlier, g is more simply the generator of a random sub-group of Z^p. The result is that the signature spa...

4.3CVSS9AI score0.02727EPSS
Exploits2References2
The Hacker News
The Hacker News
added 2011/10/15 11:52 a.m.7 views

Encipher It : Easiest Browser based Advanced Encryption Tools [Video Demonstration]

Encipher It : Easiest Browser based Advanced Encryption Tools Video Demonstration "Encipher It " One of the best and easiest AES Text encryptor for Google Mail or anything else. It Provide more secure PBKDF2 Password-Based Key Derivation Function key generation. It use Advanced Encryption Standar...

7.2AI score
Exploits0
Snyk
Snyk
added 2011/02/10 6:0 p.m.5 views

Access Restriction Bypass

Overview Affected versions of this package are vulnerable to Access Restriction Bypass. The keycertify function in usr.bin/ssh/key.c in OpenSSH 5.6 and 5.7, when generating legacy certificates using the -t command-line option in ssh-keygen, does not initialize the nonce field, which might allow...

5.3CVSS8.1AI score0.01797EPSS
Exploits0References2
Metasploit
Metasploit
added 2010/06/09 4:43 p.m.22 views

stat(2)-based Context Keyed Payload Encoder

This is a Context-Keyed Payload Encoder based on stat2 and Shikata Ga Nai. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'rex/poly' class MetasploitModule 'stat2-based Context Keyed Payload Encoder',...

7AI score
Exploits0
Gentoo Linux
Gentoo Linux
added 2009/05/24 12:0 a.m.41 views

GnuTLS: Multiple vulnerabilities

Background GnuTLS is an Open Source implementation of the TLS 1.0 and SSL 3.0 protocols. Description The following vulnerabilities were found in GnuTLS: Miroslav Kratochvil reported that lib/pk-libgcrypt.c does not properly handle corrupt DSA signatures, possibly leading to a double-free...

7.5CVSS6.9AI score0.07922EPSS
Exploits9
OpenVAS
OpenVAS
added 2009/05/20 12:0 a.m.26 views

OpenSC Incorrect RSA Keys Generation Vulnerability

This host is installed with OpenSC and is prone to Insecure Key Generation vulnerability. OpenVAS Vulnerability Test $Id: secpodopenscinsecurekeygenerationvuln.nasl 5122 2017-01-27 12:16:00Z teissa $ OpenSC Incorrect RSA Keys Generation Vulnerability Authors: Antu Sanadi Copyright: Copyright c 20...

4.3CVSS7.4AI score0.01091EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2009/05/20 12:0 a.m.22 views

OpenSC < 0.11.8 Incorrect RSA Keys Generation Vulnerability

OpenSC is prone to an insecure key generation vulnerability. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.5AI score0.01091EPSS
Exploits0References4
ALT Linux
ALT Linux
added 2009/04/30 12:0 a.m.48 views

Security fix for the ALT Linux 10 package gnutls30 version 2.6.6-alt1

April 30, 2009 Afanasov Dmitry 2.6.6-alt1 - 2.6.6 release. + fix Corrected double free on signature verification failure CVE-2009-1415 + fix DSA key generation CVE-2009-1416 + fix gnutls-cli expiration/activation time check CVE-2009-1417 - release fixes 19873 also...

7.5CVSS7.1AI score0.07922EPSS
Exploits9
OpenVAS
OpenVAS
added 2009/03/23 12:0 a.m.5 views

Ubuntu: Security Advisory (USN-612-8)

The remote host is missing an update for the SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5AI score
Exploits0References4
Prion
Prion
added 2009/01/22 11:30 p.m.19 views

Code injection

The System extension Install tool in TYPO3 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0 through 4.2.3 creates the encryption key with an insufficiently random seed, which makes it easier for attackers to crack the key...

5CVSS6.8AI score0.09442EPSS
Exploits2References6Affected Software2
Tenable Nessus
Tenable Nessus
added 2008/06/24 12:0 a.m.19 views

Ubuntu 6.06 LTS / 7.04 / 7.10 / 8.04 LTS : openssl-blacklist update (USN-612-11)

USN-612-3 addressed a weakness in OpenSSL certificate and key generation and introduced openssl-blacklist to aid in detecting vulnerable certificates and keys. This update adds RSA-4096 blacklists to the openssl-blacklist-extra package and adjusts openssl-vulnkey to properly handle RSA-4096 and...

5.5AI score
Exploits0References1
Ubuntu
Ubuntu
added 2008/06/12 8:19 p.m.44 views

USN-612-9: openssl-blacklist update

USN-612-3 addressed a weakness in OpenSSL certificate and key generation in OpenVPN by introducing openssl-blacklist to aid in detecting vulnerable private keys. This update enhances the openssl-vulnkey tool to check Certificate Signing Requests, accept input from STDIN, and check moduli without ...

5.6AI score
Exploits0References3
myhack58
myhack58
added 2008/05/18 12:0 a.m.28 views

Debian disaster-vulnerability warning-the black bar safety net

by axis 2008-05-16 http://www.ph4nt0m.org The Debian OpenSSL package the algorithms have problems, random number generation is actually in the process pid in the selection, lead to the generation of key can be exhaustive The following extract from the metasploit blog The Bug On May 13th, 2 0 0 8...

0.2AI score
Exploits0
Packet Storm
Packet Storm
added 2008/01/13 12:0 a.m.24 views

spambam.pl.txt

!/usr/bin/perl -w Defeating SpamBam exploit by Jose Palazon [email protected] a.k.a. palako Vulnerable software: SpamBam http://wordpress.org/extend/plugins/spambam/ by Gareth Heyes Vulnerability: No matter how hard you ofuscate or encrypt your code, never, under no circunstances, rely any...

7.4AI score
Exploits0
Prion
Prion
added 2007/03/13 10:19 p.m.25 views

Code injection

The SSH key generation process in OpenSSH in Apple Mac OS X 10.3.9 and 10.4 through 10.4.8 allows remote attackers to cause a denial of service by connecting to the server before SSH has finished creating keys, which causes the keys to be regenerated and can break trust relationships that were...

5CVSS6.6AI score0.03873EPSS
Exploits0References9Affected Software2
Rows per page
Query Builder