6 matches found
EUVD-2022-0551
Malicious code in bioql PyPI...
Pushing the Limits of Frequency Analysis in Leakage Abuse Attacks
Searchable encryption SE is the most scalable cryptographic primitive for searching on encrypted data. Typical SE constructions often allow access-pattern leakage, revealing which encrypted records are retrieved in the server's responses. All the known generic cryptanalyses assume either that the...
Researchers Uncover Novel Way to De-anonymize Device IDs to Users' Biometrics
Researchers have uncovered a potential means to profile and track online users using a novel approach that combines device identifiers with their biometric information. The details come from a newly published research titled "Nowhere to Hide: Cross-modal Identity Leakage between Biometrics and...
CVE-2020-1026
The CVE-2020-1026 issue affects the MSR JavaScript Cryptography Library’s ECC implementation. It results from multiple bugs in ECC code, enabling an attacker to potentially leak a server’s private ECC key (key leakage attack) or craft an invalid ECDSA signature that passes as valid. The vulnerabi...
MSR JavaScript Cryptography Library Security Feature Bypass Vulnerability
A Security Feature Bypass vulnerability exists in the MSR JavaScript Cryptography Library that is caused by multiple bugs in the library’s Elliptic Curve Cryptography ECC implementation. An attacker could potentially abuse these bugs to learn information about a server’s private ECC key a key...
CVE-2017-1368
IBM Security Identity Governance Virtual Appliance 5.2 through 5.2.3.2 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie...