Lucene search
K

22 matches found

CVE
CVE
added 2026/06/30 11:5 a.m.15 views

CVE-2026-57082

The CVE-2026-57082 issue affects Net::BitTorrent for Perl (up to version 2.0.1). The MSE handshake derives its 160-bit Diffie-Hellman private key from Perl’s rand(), a non-cryptographic PRNG seeded once per process, via KeyExchange.pm. As a result, the shared secret and the RC4 keys (SHA-1("keyA"...

5.9CVSS5.8AI score0.00152EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/30 11:5 a.m.7 views

EUVD-2026-40291

Net::BitTorrent versions through 2.0.1 for Perl generate the MSE Diffie-Hellman private key with a non-cryptographic PRNG. The MSE Message Stream Encryption handshake derives its 160-bit Diffie-Hellman private key from Perl's rand, a non-cryptographic drand48-class generator seeded once per...

5.9CVSS5.8AI score0.00152EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/30 11:5 a.m.6 views

CVE-2026-57082

Net::BitTorrent versions through 2.0.1 for Perl generate the MSE Diffie-Hellman private key with a non-cryptographic PRNG. The MSE Message Stream Encryption handshake derives its 160-bit Diffie-Hellman private key from Perl's rand, a non-cryptographic drand48-class generator seeded once per...

5.9CVSS5.8AI score0.00152EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/30 11:5 a.m.33 views

CVE-2026-57082 Net::BitTorrent versions through 2.0.1 for Perl generate the MSE Diffie-Hellman private key with a non-cryptographic PRNG

Net::BitTorrent versions through 2.0.1 for Perl generate the MSE Diffie-Hellman private key with a non-cryptographic PRNG. The MSE Message Stream Encryption handshake derives its 160-bit Diffie-Hellman private key from Perl's rand, a non-cryptographic drand48-class generator seeded once per...

0.00152EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2020-30255

Malware in sbrugna...

7.5CVSS7.5AI score0.01156EPSS
Exploits3References6
OSV
OSV
added 2022/03/04 10:15 p.m.4 views

CVE-2021-27756

"TLS-RSA cipher suites are not disabled in BigFix Compliance up to v2.0.5. If TLS 2.0 and secure ciphers are not enabled then an attacker can passively record traffic and later decrypt it."...

7.5CVSS5.7AI score0.00557EPSS
Exploits0References1
CNNVD
CNNVD
added 2022/03/04 12:0 a.m.6 views

HCL BigFix Compliance 加密问题漏洞

HCL BigFix Compliance is HCL India's continuous monitoring and application of endpoint security settings to ensure compliance with regulatory or organizational security policies. A cryptographic issue vulnerability exists in HCL BigFix Compliance versions prior to version 2.0.5 that stems from th...

7.5CVSS7.3AI score0.00557EPSS
Exploits0References2
OSV
OSV
added 2020/12/16 3:15 p.m.5 views

CVE-2020-14254

TLS-RSA cipher suites are not disabled in HCL BigFix Inventory up to v10.0.2. If TLS 2.0 and secure ciphers are not enabled then an attacker can passively record traffic and later decrypt it...

7.5CVSS7AI score0.0064EPSS
Exploits0References1
NVD
NVD
added 2020/03/12 2:15 p.m.40 views

CVE-2020-9435

PHOENIX CONTACT TC ROUTER 3002T-4G through 2.05.3, TC ROUTER 2002T-3G through 2.05.3, TC ROUTER 3002T-4G VZW through 2.05.3, TC ROUTER 3002T-4G ATT through 2.05.3, TC CLOUD CLIENT 1002-4G through 2.03.17, and TC CLOUD CLIENT 1002-TXTX through 1.03.17 devices contain a hardcoded certificate and ke...

7.5CVSS7.6AI score0.01156EPSS
Exploits3References4
Prion
Prion
added 2020/03/12 2:15 p.m.26 views

Hardcoded credentials

PHOENIX CONTACT TC ROUTER 3002T-4G through 2.05.3, TC ROUTER 2002T-3G through 2.05.3, TC ROUTER 3002T-4G VZW through 2.05.3, TC ROUTER 3002T-4G ATT through 2.05.3, TC CLOUD CLIENT 1002-4G through 2.03.17, and TC CLOUD CLIENT 1002-TXTX through 1.03.17 devices contain a hardcoded certificate and ke...

5CVSS7.6AI score0.01156EPSS
Exploits3References4Affected Software6
CVE
CVE
added 2020/03/12 1:25 p.m.54 views

CVE-2020-9435

CVE-2020-9435 affects Phoenix Contact TC Router/TC Cloud Client: devices listed (e.g., 3002T-4G, 2002T-3G, and variants) ship a hardcoded certificate and key used by default for web services. Root cause is the static certificate, enabling impersonation, MITM, or passive decryption if not replaced...

7.5CVSS7.6AI score0.01156EPSS
Exploits3References4Affected Software1
Cvelist
Cvelist
added 2020/03/12 1:25 p.m.43 views

CVE-2020-9435

PHOENIX CONTACT TC ROUTER 3002T-4G through 2.05.3, TC ROUTER 2002T-3G through 2.05.3, TC ROUTER 3002T-4G VZW through 2.05.3, TC ROUTER 3002T-4G ATT through 2.05.3, TC CLOUD CLIENT 1002-4G through 2.03.17, and TC CLOUD CLIENT 1002-TXTX through 1.03.17 devices contain a hardcoded certificate and ke...

7.7AI score0.01156EPSS
Exploits3References4
Filippo.io
Filippo.io
added 2017/09/28 4:24 p.m.13 views

We need to talk about Session Tickets

More specifically, TLS 1.2 Session Tickets. Session Tickets, specified in RFC 5077, are a technique to resume TLS sessions by storing key material encrypted on the clients. In TLS 1.2 they speed up the handshake from two to one round-trips. Unfortunately, a combination of deployment realities and...

6.7AI score
Exploits0
Filippo.io
Filippo.io
added 2017/09/28 4:24 p.m.21 views

We need to talk about Session Tickets

More specifically, TLS 1.2 Session Tickets. Session Tickets, specified in RFC 5077, are a technique to resume TLS sessions by storing key material encrypted on the clients. In TLS 1.2 they speed up the handshake from two to one round-trips. Unfortunately, a combination of deployment realities and...

7AI score
Exploits0
Prion
Prion
added 2017/08/29 3:29 p.m.19 views

Design/Logic Flaw

ZTE OX-330P, ZXHN H108N, W300V1.0.0SZRDTR1D68, HG110, GAN9.8T101A-B, MF28G, ZXHN H108N use non-unique X.509 certificates and SSH host keys, which might allow remote attackers to obtain credentials or other sensitive information via a man-in-the-middle attack, passive decryption attack, or...

5CVSS6.7AI score0.01981EPSS
Exploits0References3
Cvelist
Cvelist
added 2017/08/29 3:0 p.m.30 views

CVE-2015-7255

ZTE OX-330P, ZXHN H108N, W300V1.0.0SZRDTR1D68, HG110, GAN9.8T101A-B, MF28G, ZXHN H108N use non-unique X.509 certificates and SSH host keys, which might allow remote attackers to obtain credentials or other sensitive information via a man-in-the-middle attack, passive decryption attack, or...

5.7AI score0.01981EPSS
Exploits0References3
CVE
CVE
added 2017/08/29 3:0 p.m.92 views

CVE-2015-7255

CVE-2015-7255 concerns multiple ZTE devices (e.g., OX-330P, ZXHN H108N, MF28G, HG110, and others) that use non-unique X.509 certificates and SSH host keys. The underlying issue is the reuse of cryptographic material across devices, which can enable a remote attacker to impersonate a device or per...

7.5CVSS5.7AI score0.01981EPSS
Exploits0References3Affected Software1
Packet Storm
Packet Storm
added 2015/11/05 12:0 a.m.56 views

Ubiquiti Networks Hardcoded Keys / Remote Management

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Insecure default configuration product: various Ubiquiti Networks products vulnerable version: see Vulnerable / tested versions fixed version: none available impact: High...

7.4AI score
Exploits0
0day.today
0day.today
added 2015/11/05 12:0 a.m.54 views

Ubiquiti Networks Hardcoded Keys / Remote Management Vulnerabilities

Various Ubiquiti Networks products suffer from having hardcoded keys and also having remote management interfaces enabled that can be leveraged by these credentials. Ubiquiti Networks Hardcoded Keys / Remote Management ======================================================================= Vendor...

7.1AI score
Exploits0
RedHat Linux
RedHat Linux
added 2015/07/15 12:35 p.m.11 views

LOGJAM: TLS connections which support export grade DHE key-exchange are vulnerable to MITM attacks

A flaw was found in the way the TLS protocol composes the Diffie-Hellman exchange for both export and non-export grade cipher suites. An attacker could use this flaw to downgrade a DHE connection to use export-grade key sizes, which could then be broken by sufficient pre-computation. This can lea...

4.3CVSS6.6AI score0.9986EPSS
Exploits1References6
Rows per page
Query Builder