CVE-2022-40295

The CVE-2022-40295 entry concerns PHP Point of Sale v19.0, where an authenticated information disclosure allows administrators to view unsalted user passwords, enabling offline attacks to recover plaintext passwords. The vulnerability is described consistently across NVD/CVE records and related s...

PT-2022-25331 · Unknown · Application

Name of the Vulnerable Software and Affected Versions: Application affected versions not specified Description: The issue allows authenticated information disclosure, enabling administrators to view unsalted user passwords. This could lead to the compromise of plaintext passwords via offline...

Diebold ATM Terminals Jackpotted Using Machine’s Own Software

Cybercriminals are using software from leading ATM manufacturer Diebold in a series of hacks against cash terminals across Europe, forcing the machines to dispense cash to crooks. Criminals using a black-box device common with these type of attacks have increased their activity across Europe by...

openssl: bn_sqrx8x_internal carry bug on x86_64

There is a carry propagating bug in the x8664 Montgomery squaring procedure in OpenSSL before 1.0.2m and 1.1.0 before 1.1.0g. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely...

CVE-2018-5389

The Internet Key Exchange v1 main mode is vulnerable to offline dictionary or brute force attacks. Reusing a key pair across different versions and modes of IKE could lead to cross-protocol authentication bypasses. It is well known, that the aggressive mode of IKEv1 PSK is vulnerable to offline...

CVE-2018-5389

CVE-2018-5389 concerns the IKEv1 main mode with Pre-Shared Keys (PSK). The vulnerability allows an offline dictionary/brute-force attack to recover a weak PSK and can enable impersonation of a host or network, particularly when PSKs are reused across versions/modes. Cross-protocol authentication ...

openssl: bn_sqrx8x_internal carry bug on x86_64

There is a carry propagating bug in the x8664 Montgomery squaring procedure in OpenSSL before 1.0.2m and 1.1.0 before 1.1.0g. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely...

openssl: bn_sqrx8x_internal carry bug on x86_64

There is a carry propagating bug in the x8664 Montgomery squaring procedure in OpenSSL before 1.0.2m and 1.1.0 before 1.1.0g. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely...

SUSE-SU-2016:0241-1 Security update for ecryptfs-utils

This update for ecryptfs-utils fixes the following issues: - CVE-2016-1572: A local user could have escalated privileges by mounting over special filesystems bsc962052 - CVE-2014-9687: A default salt value reduced complexity of offline precomputation attacks bsc920160...

CVE-2013-4786

The IPMI 2.0 specification supports RMCP+ Authenticated Key-Exchange Protocol RAKP authentication, which allows remote attackers to obtain password hashes and conduct offline password guessing attacks by obtaining the HMAC from a RAKP message 2 response from a BMC...

Authentication flaw

The IPMI 2.0 specification supports RMCP+ Authenticated Key-Exchange Protocol RAKP authentication, which allows remote attackers to obtain password hashes and conduct offline password guessing attacks by obtaining the HMAC from a RAKP message 2 response from a BMC...

CVE-2013-4786

The IPMI 2.0 specification supports RMCP+ Authenticated Key-Exchange Protocol RAKP authentication, which allows remote attackers to obtain password hashes and conduct offline password guessing attacks by obtaining the HMAC from a RAKP message 2 response from a BMC...

CVE-2013-4786

The IPMI 2.0 specification supports RMCP+ Authenticated Key-Exchange Protocol RAKP authentication, which allows remote attackers to obtain password hashes and conduct offline password guessing attacks by obtaining the HMAC from a RAKP message 2 response from a BMC. Recent assessments: Assessed...

Study: Password Security Improves with Age

Baby Boomers may not be perceived as tech savvy as Millenials, but they apparently are better at protecting their digital assets. A new British study believed to be the largest of its kind shows those 55 and older tend to pick passwords with twice the strength of those under 25. It also indicates...

Design/Logic Flaw

Unspecified vulnerability in McAfee Encrypted USB Manager 3.1.0.0, when the Re-use Threshold for passwords is nonzero, allows remote attackers to conduct offline brute force attacks via unknown vectors...

CVE-2006-4068

The pswd.js script relies on the client to calculate whether a username and password match hard-coded hashed values for a server, and uses a hashing scheme that creates a large number of collisions, which makes it easier for remote attackers to conduct offline brute force attacks. NOTE: this scri...

CVE-2006-4068

The pswd.js script relies on the client to calculate whether a username and password match hard-coded hashed values for a server, and uses a hashing scheme that creates a large number of collisions, which makes it easier for remote attackers to conduct offline brute force attacks. NOTE: this scri...

bindview.syskey.txt

BindView Security Advisory -------- Windows NT's SYSKEY feature Issue date: December 16, 1999 Contact: Todd Sabin Topic: Vulnerability in Windows NT's SYSKEY encryption Overview: SYSKEY does not fully protect the SAM from off-line attacks. Specifically, dictionary and brute-force password crackin...