15 matches found
EUVD-2014-2357
Malware in sbrugna...
EUVD-1999-1066
Malware in sbrugna...
Bkcrack - Crack Legacy Zip Encryption With Biham And Kocher's Known Plaintext Attack
Crack legacy zip encryption with Biham and Kocher's known plaintext attack. Overview A ZIP archive may contain many entries whose content can be compressed and/or encrypted. In particular, entries can be encrypted with a password-based Encryption Algorithm symmetric encryption algorithm referred ...
Nextcloud Server 19.0.1 Encryption Vulnerability (NC-SA-2020-039)
Nextcloud Server is prone to a vulnerability where it is possible to downgrade the encryption scheme and break the integrity through known-plaintext attack. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the...
Nextcloud: Downgrade encryption scheme and break integrity through known-plaintext attack
The idea behind the Server Side Encryption is that you can move your encrypted files to an external party without that external party being able to to read or modify those files. Some time ago, Nextcloud switched from unauthenticated CFB cipher block mode to authenticated CTR cipher block mode in...
CVE-2014-2319
The Encrypt Files feature in ConeXware PowerArchiver before 14.02.05 uses legacy ZIP encryption even if the AES 256-bit selection is chosen, which makes it easier for context-dependent attackers to obtain sensitive information via a known-plaintext attack...
Code injection
The Encrypt Files feature in ConeXware PowerArchiver before 14.02.05 uses legacy ZIP encryption even if the AES 256-bit selection is chosen, which makes it easier for context-dependent attackers to obtain sensitive information via a known-plaintext attack...
CVE-2014-2319
The Encrypt Files feature in ConeXware PowerArchiver before 14.02.05 uses legacy ZIP encryption even if the AES 256-bit selection is chosen, which makes it easier for context-dependent attackers to obtain sensitive information via a known-plaintext attack...
CVE-2007-6192
The web management interface in Citrix NetScaler 8.0 build 47.8 uses weak encryption XOR of unpadded data to store credentials within a cookie, which makes it easier for remote attackers to obtain cleartext credentials when a cookie is captured via a known-plaintext attack...
CVE-2007-6192
The CVE-2007-6192 entry describes an information disclosure vulnerability in the Citrix NetScaler Web Management Interface (NetScaler 8.0 build 47.8). The issue arises from using weak encryption to protect cookie contents by XORing sensitive values (including credentials) with a fixed key stream,...
CVE-2007-6192
The web management interface in Citrix NetScaler 8.0 build 47.8 uses weak encryption XOR of unpadded data to store credentials within a cookie, which makes it easier for remote attackers to obtain cleartext credentials when a cookie is captured via a known-plaintext attack...
Design/Logic Flaw
PasswordSafe 3.0 beta, when running on Windows before XP, uses a weak random number generator C++ rand function during generation of the database encryption key, which makes it easier for attackers to decrypt the database and steal passwords by generating keys for all possible rand seed values an...
CVE-2006-1378
CVE-2006-1378 concerns PasswordSafe 3.0 beta running on Windows versions prior to XP, where the database encryption key is generated using the weak C++ rand() RNG. The underlying root cause is the predictability of rand(), which enables an attacker to enumerate possible seed values and, via a kno...
Weak pkzip encryption
Weak PRNG open possibility for recovering encrypted text with known plain text attack with minimal amount of known text...
CVE-1999-1085
SSH 1.2.25, 1.2.23, and other versions, when used in in CBC Cipher Block Chaining or CFB Cipher Feedback 64 bits modes, allows remote attackers to insert arbitrary data into an existing stream between an SSH client and server by using a known plaintext attack and computing a valid CRC-32 checksum...