CVE-2025-4053

The data stored in Be-Tech Mifare Classic card is stored in cleartext. An attacker having access to a Be-Tech hotel guest Mifare Classic card can create a master key card that unlocks all the locks in the building. This issue affects all Be-Tech Mifare Classic card systems. To fix the...

CVE-2022-26307

LibreOffice supports the storage of passwords for web connections in the user’s configuration database. The stored passwords are encrypted with a single master key provided by the user. A flaw in LibreOffice existed where master key was poorly encoded resulting in weakening its entropy from 128 t...

Talking about the zip format, the processing logic vulnerability-vulnerability warning-the black bar safety net

Preface: the zip compression format is widely used, various platforms are used, the Windows platform used to compress the file, the Android platform as apk file format. Since the zip file format is more complex, in the parsing of the zip file format, if handled improperly, could lead to some...

Chinese Hackers discovered second Android master key vulnerability

Android Security Squad, the China-based group that uncovered a second Android master key vulnerability that might be abused to modify smartphone apps without breaking their digital signatures. The whole point of digitally signing a document or file is to prove the file hasn't been modified. The...

New App ReKey Fixes Android Master Key Vulnerability

The Android master key vulnerability disclosed a couple of weeks ago puts nearly all Android phones at risk of attacks that can modify legitimate apps with malicious code that would give the attacker full control of the device. Google has released a patch, but Android users are dependent upon the...

Chinese Hackers discovered second Android master key vulnerability

Android Security Squad, the China-based group that uncovered a second Android master key vulnerability that might be abused to modify smartphone apps without breaking their digital signatures. The whole point of digitally signing a document or file is to prove the file hasn't been modified. The...

CVE-2013-4787

Android 1.6 Donut through 4.2 Jelly Bean does not properly check cryptographic signatures for applications, which allows attackers to execute arbitrary code via an application package file APK that is modified in a way that does not violate the cryptographic signature, probably involving multiple...

CVE-2013-4787

Android 1.6–4.2 (Donut to Jelly Bean) contains a flaw in verifying APK cryptographic signatures: an APK.modified file with duplicate Zip entries may be installed despite one entry being validated, enabling arbitrary code execution via the Master Key vulnerability. The issue arises from inconsiste...