EUVD-2023-23641

Malicious code in bioql PyPI...

CVE-2023-1385

Improper JPAKE implementation allows offline PIN brute-forcing due to the initialization of random values to a known value, which leads to unauthorized authentication to amzn.lightning services. This issue affects: Amazon Fire TV Stick 3rd gen versions prior to 6.2.9.5. Insignia TV with...

Input validation

Improper JPAKE implementation allows offline PIN brute-forcing due to the initialization of random values to a known value, which leads to unauthorized authentication to amzn.lightning services. This issue affects: Amazon Fire TV Stick 3rd gen versions prior to 6.2.9.5. Insignia TV with...

CVE-2023-1385

Improper JPAKE implementation allows offline PIN brute-forcing due to the initialization of random values to a known value, which leads to unauthorized authentication to amzn.lightning services. This issue affects: Amazon Fire TV Stick 3rd gen versions prior to 6.2.9.5. Insignia TV with...

CVE-2023-1385

CVE-2023-1385 describes an improper JPAKE implementation that allows offline PIN brute-forcing due to initializing random values to a known value, enabling unauthorized authentication to amzn.lightning services. Affected: Amazon Fire TV Stick 3rd gen before 6.2.9.5 and Insignia TV with FireOS 7.6...

Amazon Fire TV Stick 安全特征问题漏洞

The Amazon Fire TV Stick is a television voice recognition remote control from Amazon.com, Inc. The Amazon Fire TV Stick suffers from a security signature issue vulnerability that stems from initializing random numbers to known values and incorrect JPAKE implementation that allows for brute force...

QIWI: PIN OK attack

PIN OK attack is an attack when a wedge-device created for MiTM is used to substitute the response from the card during an offline-PIN check and say that PIN was correct. Reproduction steps: An attacker with a stolen card without the correct PIN knowledge can use either a so-called wedge device f...