Lucene search
+L

234 matches found

RedHat Linux
RedHat Linux
added 2024/10/14 6:7 p.m.6 views

jose4j: denial of service via specially crafted JWE

A flaw was found in the jose.4.j jose4j library. The JWE key management algorithms based on PBKDF2 require a JOSE Header Parameter called p2c PBES2 Count. This parameter dictates the number of PBKDF2 iterations needed to derive a CEK wrapping key. Its primary purpose is to intentionally slow down...

6.5CVSS7.1AI score0.00879EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2024/10/14 6:1 p.m.7 views

jose4j: denial of service via specially crafted JWE

A flaw was found in the jose.4.j jose4j library. The JWE key management algorithms based on PBKDF2 require a JOSE Header Parameter called p2c PBES2 Count. This parameter dictates the number of PBKDF2 iterations needed to derive a CEK wrapping key. Its primary purpose is to intentionally slow down...

6.5CVSS7.1AI score0.00879EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2024/10/14 6:1 p.m.5 views

jose4j: denial of service via specially crafted JWE

A flaw was found in the jose.4.j jose4j library. The JWE key management algorithms based on PBKDF2 require a JOSE Header Parameter called p2c PBES2 Count. This parameter dictates the number of PBKDF2 iterations needed to derive a CEK wrapping key. Its primary purpose is to intentionally slow down...

6.5CVSS7.1AI score0.00879EPSS
Exploits1References4
Kitploit
Kitploit
added 2024/05/28 12:30 p.m.68 views

Pyrit - The Famous WPA Precomputed Cracker

Pyrit allows you to create massive databases of pre-computed WPA/WPA2-PSK authentication phase in a space-time-tradeoff. By using the computational power of Multi-Core CPUs and other platforms through ATI-Stream,Nvidia CUDA and OpenCL, it is currently by far the most powerful attack against one o...

7.2AI score
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2024/04/25 12:0 a.m.30 views

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS : CryptoJS vulnerability (USN-6753-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-6753-1 advisory. Thomas Neil James Shadwell discovered that CryptoJS was using an insecure cryptographic default configuration. A remote attack...

9.1CVSS8.1AI score0.00635EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2024/03/20 9:8 p.m.35 views

CVE-2023-50967

A flaw was found in the Jose package, where a large number of iterations used to derive the wrapping key for the PBKDF2 algorithm may lead to a denial of service. This flaw allows an attacker to set a large number of PBKDF2' iterations, triggering an uncontrolled resource consumption that impacts...

7.5CVSS6.7AI score0.01383EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2024/02/20 12:31 p.m.12 views

Liferay Portal defaults to a low work factor for the default password hashing algorithm

The default password hashing algorithm PBKDF2-HMAC-SHA1 in Liferay Portal 7.2.0 through 7.4.3.15, and older unsupported versions, and Liferay DXP 7.4 before update 16, 7.3 before update 4, 7.2 before fix pack 17, and older unsupported versions defaults to a low work factor, which allows attackers...

8.1CVSS7.2AI score0.00324EPSS
Exploits0References3Affected Software3
OSV
OSV
added 2024/02/20 12:31 p.m.5 views

GHSA-43H9-P3J4-39HM Liferay Portal defaults to a low work factor for the default password hashing algorithm

The default password hashing algorithm PBKDF2-HMAC-SHA1 in Liferay Portal 7.2.0 through 7.4.3.15, and older unsupported versions, and Liferay DXP 7.4 before update 16, 7.3 before update 4, 7.2 before fix pack 17, and older unsupported versions defaults to a low work factor, which allows attackers...

8.1CVSS6.8AI score0.00324EPSS
Exploits0References3
NVD
NVD
added 2024/02/20 10:15 a.m.38 views

CVE-2024-25607

The default password hashing algorithm PBKDF2-HMAC-SHA1 in Liferay Portal 7.2.0 through 7.4.3.15, and older unsupported versions, and Liferay DXP 7.4 before update 16, 7.3 before update 4, 7.2 before fix pack 17, and older unsupported versions defaults to a low work factor, which allows attackers...

8.1CVSS8.1AI score0.00324EPSS
Exploits0References1
CVE
CVE
added 2024/02/20 9:17 a.m.75 views

CVE-2024-25607

The CVE-2024-25607 entry affects Liferay Portal 7.2.0–7.4.3.15 and older unsupported versions, and Liferay DXP shown to use PBKDF2-HMAC-SHA1 with a low work factor. This weak default hashing enables attackers to crack password hashes more quickly, posing confidentiality risk. Affected components ...

8.1CVSS8AI score0.00324EPSS
Exploits0References1Affected Software2
Cvelist
Cvelist
added 2024/02/20 9:17 a.m.43 views

CVE-2024-25607

The default password hashing algorithm PBKDF2-HMAC-SHA1 in Liferay Portal 7.2.0 through 7.4.3.15, and older unsupported versions, and Liferay DXP 7.4 before update 16, 7.3 before update 4, 7.2 before fix pack 17, and older unsupported versions defaults to a low work factor, which allows attackers...

8.1CVSS8.3AI score0.00324EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2024/02/13 6:55 p.m.8 views

crypto-js: PBKDF2 1,000 times weaker than specified in 1993 and 1.3M times weaker than current standard

A vulnerability was found in crypto-js in how PBKDF2 is 1,000 times weaker than originally specified in 1993 and at least 1,300,000 times weaker than the current industry standard. This issue is because both default to SHA1, a cryptographic hash algorithm considered insecure since at least 2005,...

9.1CVSS7.1AI score0.00635EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2024/02/11 6:30 a.m.87 views

Denial of Service in Connect2id Nimbus JOSE+JWT

In Connect2id Nimbus JOSE+JWT before 9.37.2, an attacker can cause a denial of service resource consumption via a large JWE p2c header value aka iteration count for the PasswordBasedDecrypter PBKDF2 component...

7.5CVSS7AI score0.00814EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2024/02/11 5:15 a.m.3 views

CVE-2023-52428

In Connect2id Nimbus JOSE+JWT before 9.37.2, an attacker can cause a denial of service resource consumption via a large JWE p2c header value aka iteration count for the PasswordBasedDecrypter PBKDF2 component...

7.5CVSS7.3AI score0.00814EPSS
Exploits0References4
NVD
NVD
added 2024/02/11 5:15 a.m.27 views

CVE-2023-52428

In Connect2id Nimbus JOSE+JWT before 9.37.2, an attacker can cause a denial of service resource consumption via a large JWE p2c header value aka iteration count for the PasswordBasedDecrypter PBKDF2 component...

7.5CVSS9.1AI score0.00814EPSS
Exploits0References3
Prion
Prion
added 2024/02/11 5:15 a.m.32 views

Code injection

In Connect2id Nimbus JOSE+JWT before 9.37.2, an attacker can cause a denial of service resource consumption via a large JWE p2c header value aka iteration count for the PasswordBasedDecrypter PBKDF2 component...

7.3AI score0.00814EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/02/11 12:0 a.m.25 views

CVE-2023-52428

In Connect2id Nimbus JOSE+JWT before 9.37.2, an attacker can cause a denial of service resource consumption via a large JWE p2c header value aka iteration count for the PasswordBasedDecrypter PBKDF2 component...

9.2AI score0.00814EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/02/11 12:0 a.m.20 views

CVE-2023-52428

In Connect2id Nimbus JOSE+JWT before 9.37.2, an attacker can cause a denial of service resource consumption via a large JWE p2c header value aka iteration count for the PasswordBasedDecrypter PBKDF2 component...

6.7AI score0.00814EPSS
Exploits0References3
OSV
OSV
added 2024/02/11 12:0 a.m.55 views

CVE-2023-52428

In Connect2id Nimbus JOSE+JWT before 9.37.2, an attacker can cause a denial of service resource consumption via a large JWE p2c header value aka iteration count for the PasswordBasedDecrypter PBKDF2 component...

7.5CVSS7AI score0.00814EPSS
Exploits0References5
CVE
CVE
added 2024/02/11 12:0 a.m.6633 views

CVE-2023-52428

CVE-2023-52428 (Nimbus JOSE+JWT) : In Connect2id Nimbus JOSE+JWT prior to 9.37.2, an attacker can trigger a denial of service (resource exhaustion) by sending a large JWE p2c header value (iteration count) for the PasswordBasedDecrypter (PBKDF2) component. This is a component-level vulnerability ...

7.5CVSS6.3AI score0.00814EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder