29 matches found
CVE-2020-36284
Union Pay up to 3.4.93.4.9, for android, contains a CWE-347: Improper Verification of Cryptographic Signature vulnerability, allows attackers to shop for free in merchants' websites and mobile apps, via a crafted authentication code MAC which is generated based on a secret key which is NULL...
CVE-2020-36285
Union Pay up to 3.3.12, for iOS mobile apps, contains a CWE-347: Improper Verification of Cryptographic Signature vulnerability, allows attackers to shop for free in merchants' websites and mobile apps, via a crafted authentication code MAC which is generated based on a secret key which is NULL...
CVE-2020-36284
Union Pay up to 3.4.93.4.9, for android, contains a CWE-347: Improper Verification of Cryptographic Signature vulnerability, allows attackers to shop for free in merchants' websites and mobile apps, via a crafted authentication code MAC which is generated based on a secret key which is NULL...
CVE-2020-36284
The CVE-2020-36284 issue affects UnionPay on Android versions prior to 3.4.93.4.9. Root cause: improper verification of cryptographic signatures (CWE-347) due to a MAC generated based on a secret key that is NULL. Impact: attackers can shop for free on merchants’ websites and mobile apps by craft...
PT-2021-10906 · Union Pay · Union Pay
Name of the Vulnerable Software and Affected Versions: Union Pay versions up to 1.2.0 Description: The issue allows attackers to shop for free in merchants' websites and mobile apps via a crafted authentication code MAC generated based on a secret key which is NULL. This is due to an improper...
The vulnerability of the Cisco Unified Communications Manager software allows a malicious actor to intercept sessions.
The vulnerability exists in OpenSSL due to an improper limitation on the processing of ChangeCipherSpec messages. Exploiting this vulnerability allows a malicious actor to induce the use of a null-length master key in the OpenSSL-to-OpenSSL communication, thereby intercepting the session or gaini...
CVE-2006-0997
The SSL server implementation in NILE.NLM in Novell NetWare 6.5 and Novell Open Enterprise Server OES permits encryption with a NULL key, which results in cleartext communication that allows remote attackers to read an SSL protected session by sniffing network traffic...
Design/Logic Flaw
The SSL server implementation in NILE.NLM in Novell NetWare 6.5 and Novell Open Enterprise Server OES permits encryption with a NULL key, which results in cleartext communication that allows remote attackers to read an SSL protected session by sniffing network traffic...
CVE-2006-0997
The SSL server implementation in NILE.NLM in Novell NetWare 6.5 and Novell Open Enterprise Server OES permits encryption with a NULL key, which results in cleartext communication that allows remote attackers to read an SSL protected session by sniffing network traffic...