87 matches found
CVE-2024-56476
IBM TXSeries for Multiplatforms 9.1 and 11.1 could allow an attacker to enumerate usernames due to an observable login attempt response discrepancy...
Security Bulletin: IBM InfoSphere Information Server is vulnerable due to an observable response discrepancy (CVE-2024-51477)
Summary An observable response discrepancy vulnerability in IBM InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2024-51477 DESCRIPTION: IBM InfoSphere Information Server could allow an authenticated to obtain sensitive username information due to an observable respons...
CVE-2024-28885
Observable discrepancy in some IntelR QAT Engine for OpenSSL software before version v1.6.1 may allow information disclosure via network access...
Synology DiskStation Manager Observable Discrepancy (CVE-2017-5753)
Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot f...
Observable Discrepancy
github.com/zitadel/zitadel is vulnerable to Observable Discrepancy. The vulnerability is caused due to "Ignoring unknown usernames" flag being not respected correctly in all cases. This can lead to an attacker gaining information if an account exists within ZITADEL...
Hitachi Energy AFS/AFR Series Products
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION : Exploitable remotely/low attack complexity Vendor : Hitachi Energy Equipment : AFS650, AFS660, AFS665, AFS670, AFS675, AFS677, AFR677 Vulnerabilities : Type Confusion, Use After Free, Double Free, Observable Discrepancy 2. RISK EVALUATION...
CVE-2024-6129 spa-cartcms Username login observable behavioral discrepancy
A vulnerability, which was classified as problematic, was found in spa-cartcms 1.9.0.6. Affected is an unknown function of the file /login of the component Username Handler. The manipulation of the argument email leads to observable behavioral discrepancy. It is possible to launch the attack...
Observable Discrepancy
neos/flow is vulnerable to Observable Discrepancy . The vulnerability is due to observable timing differences within the PersistedUsernamePasswordProvider. An attacker can determine whether an account exists based on the timing of the response, because the hash is only generated if an account was...
Observable Discrepancy
Overview org.bouncycastle:bcprov-jdk15on is a Java implementation of cryptographic algorithms. Affected versions of this package are vulnerable to Observable Discrepancy due to the timing difference between exceptions thrown when processing RSA key exchange handshakes, AKA Marvin. Note: The...
Observable Discrepancy
Overview Affected versions of this package are vulnerable to Observable Discrepancy due to the timing difference between exceptions thrown when processing RSA key exchange handshakes, AKA Marvin. Note: The implemented fix mitigates the leakage of data via the PKCS1 interface, but does not fully...
Design/Logic Flaw
IBM CICS TX Advanced 10.1 could disclose sensitive information to a remote attacker due to observable discrepancy in HTTP responses. IBM X-Force ID: 260814...
Observable Discrepancy
Overview com.liferay.portal:com.liferay.portal.impl is a package part of Liferay. Affected versions of this package are vulnerable to Observable Discrepancy via the authentication process. An attacker can obtain information about the existence of user accounts by analyzing differences in response...
Observable Discrepancy
Liferay Portal is vulnerable to Observable Discrepancy. The vulnerability is due to the handling of different responses based on site existence or user permissions. An attacker can discover the existence of sites by enumerating URLs...
Observable Discrepancy
Overview Affected versions of this package are vulnerable to Observable Discrepancy due to the implementation of the SP Math All RSA when built with specific configuration options. An attacker can decrypt ciphertexts and forge signatures after probing with a large number of test observations...
Spoofing
Versions of the package jsrsasign before 11.0.0 are vulnerable to Observable Discrepancy via the RSA PKCS1.5 or RSAOAEP decryption process. An attacker can decrypt ciphertexts by exploiting the Marvin security flaw. Exploiting this vulnerability requires the attacker to have access to a large...
CVE-2024-21484
Versions of the package jsrsasign before 11.0.0 are vulnerable to Observable Discrepancy via the RSA PKCS1.5 or RSAOAEP decryption process. An attacker can decrypt ciphertexts by exploiting the Marvin security flaw. Exploiting this vulnerability requires the attacker to have access to a large...
CVE-2024-21484
Versions of the package jsrsasign before 11.0.0 are vulnerable to Observable Discrepancy via the RSA PKCS1.5 or RSAOAEP decryption process. An attacker can decrypt ciphertexts by exploiting the Marvin security flaw. Exploiting this vulnerability requires the attacker to have access to a large...
CVE-2024-21484
CVE-2024-21484 affects the jsrsasign JavaScript library prior to 11.0.0, where an observable discrepancy in RSA PKCS#1.5 or RSAOAEP decryption can allow an attacker to decrypt ciphertexts. The attack requires access to a large number of ciphertexts encrypted with the same key (Marvin attack). The...
CVE-2024-21484
Versions of the package jsrsasign before 11.0.0 are vulnerable to Observable Discrepancy via the RSA PKCS1.5 or RSAOAEP decryption process. An attacker can decrypt ciphertexts by exploiting the Marvin security flaw. Exploiting this vulnerability requires the attacker to have access to a large...
jsrsasign Security Vulnerabilities
The jsrsasign package is an open source cryptographic library from the individual developer Kenji Urashima in Japan. A security vulnerability exists in jsrsasign versions prior to 11.0.0, which stems from the susceptibility to Observable Discrepancy in the decryption process of RSA PKCS1.5 or...