CONTEX-T: Contextual Privacy Exploitation Via Transformer Spectral Analysis for IoT Device Fingerprinting

The rapid expansion of internet of things IoT devices have created a pervasive ecosystem where encrypted wireless communications serve as the primary privacy and security protection mechanism. While encryption effectively protects message content, packet metadata and statistics inadvertently expo...

Cryptanalysis of a Privacy-Preserving Ride-Hailing Service from NSS 2022

Ride-Hailing Services RHS match a ride request initiated by a rider with a suitable driver responding to the ride request. A Privacy-Preserving RHS PP-RHS aims to facilitate ride matching while ensuring the privacy of riders' and drivers' location data w.r.t. the Service Provider SP. At NSS 2022,...

S-Leak: Leakage-Abuse Attack against Efficient Conjunctive SSE Via S-Term Leakage

Conjunctive Searchable Symmetric Encryption CSSE enables secure conjunctive searches over encrypted data. While leakage-abuse attacks LAAs against single-keyword SSE have been extensively studied, their extension to conjunctive queries faces a critical challenge: the combinatorial explosion of...

Active Sybil Attack and Efficient Defense Strategy in IPFS DHT

The InterPlanetary File System IPFS is a decentralized peer-to-peer P2P storage that relies on Kademlia, a Distributed Hash Table DHT structure commonly used in P2P systems for its proved scalability. However, DHTs are known to be vulnerable to Sybil attacks, in which a single entity controls...

CVE-2024-45165

An issue was discovered in UCI IDOL 2 aka uciIDOL or IDOL2 through 2.12. Data is sent between client and server with encryption. However, the key is derived from the string "c2007 UCI Software GmbH B.Boll" without quotes. The key is both static and hardcoded. With access to messages, this results...

Cross-site Scripting (XSS)

Overview org.jenkins-ci.main:jenkins-core is an open source automation server. Affected versions of this package are vulnerable to Cross-site Scripting XSS. An attacker can inject arbitrary web script or HTML by exploiting this vulnerability. Note: This attack can be only mounted passively. Detai...

Man-in-the-Middle (MitM)

nss is vulnerable to man-in-the-middle attack. ServerHello.random is all zeros when handling a v2-compatible ClientHello, which would allow an attacker to perform man-in-the-middle attack to perform a passive replay attack...

Medium: nss

Issue Overview: A flaw was found in the way NSS responded to an SSLv2-compatible ClientHello with a ServerHello that had an all-zero random. A man-in-the-middle attacker could use this flaw in a passive replay attack.CVE-2018-12384 Affected Packages: nss Note: This advisory is applicable to Amazo...

Apple iOS 7 iPad2 Face Time 1.0.2 - Privacy Vulnerability

Document Title: =============== Apple iOS 7 iPad2 Face Time 1.0.2 - Privacy Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1087 Video: http://www.youtube.com/watch?v=7acWAEZpbgs Release Date: ============= 2013-09-24 Vulnerability Laborato...

Reflective/Stored XSS in Responsive Logo Slideshow Plugin Cross-Site Scripting Vulnerability

Exploit Title : Reflective/Stored XSS in Responsive Logo Slideshow Plugin Cross-Site Scripting Vulnerability Author: Aditya Balapure home: http://adityabalapure.blogspot.in/ Date: 18/02/13 software link: http://wordpress.org/extend/plugins/responsive-logo-slideshow/ CVE Assigned - CVE-2013-1759...

CVE-2012-4366: Insecure default WPA2 passphrase in multiple Belkin wireless routers

CVE-2012-4366: Insecure default WPA2 passphrase in multiple Belkin wireless routers I. Background Belkin ships many wireless routers with an encrypted wireless network configured by default. The network name ESSID and the seemingly random password is printed on a label at the bottom of the device...