54 matches found
CVE-2025-11935
With TLS 1.3 pre-shared key PSK a malicious or faulty server could ignore the request for PFS perfect forward secrecy and the client would continue on with the connection using PSK without PFS. This happened when a server responded to a ClientHello containing pskdheke without a keyshare extension...
UBUNTU-CVE-2025-11935
With TLS 1.3 pre-shared key PSK a malicious or faulty server could ignore the request for PFS perfect forward secrecy and the client would continue on with the connection using PSK without PFS. This happened when a server responded to a ClientHello containing pskdheke without a keyshare...
CVE-2025-11935
With TLS 1.3 pre-shared key PSK a malicious or faulty server could ignore the request for PFS perfect forward secrecy and the client would continue on with the connection using PSK without PFS. This happened when a server responded to a ClientHello containing pskdheke without a keyshare...
wolfSSL 安全漏洞
wolfSSL CyaSSL is a small, portable embedded SSL programming library for use by embedded systems developers from wolfSSL, Inc. in the United States. A security vulnerability exists in wolfSSL CyaSSL, which stems from the fact that TLS 1.3 pre-shared keys may ignore PFS requests, potentially...
EUVD-2007-6063
Malware in sbrugna...
EUVD-2015-5684
Malware in sbrugna...
sslscan
This is a tool for scanning SSL/TLS protocols and ciphers on a target server. The tool is called sslscan and is written in C. It is designed to be a command-line interface for scanning SSL/TLS protocols and ciphers on a target server. The tool can be built on various platforms, including Linux an...
Active Attack Resilience in 5G: a New Take on Authentication and Key Agreement
As 5G networks expand into critical infrastructure, secure and efficient user authentication is more important than ever. The 5G-AKA protocol, standardized by 3GPP in TS 33.501, is central to authentication in current 5G deployments. It provides mutual authentication, user privacy, and key secrec...
K91245485: RSA-CRT key leak vulnerability CVE-2015-5738
Security Advisory Description The RSA-CRT implementation in the Cavium Software Development Kit SDK 2.x, when used on OCTEON II CN6xxx Hardware on Linux to support TLS with Perfect Forward Secrecy PFS, makes it easier for remote attackers to obtain private RSA keys by conducting a Lenstra...
K21905460: BIG-IP SSL vulnerability CVE-2017-6168
Security Advisory Description On BIG-IP versions 11.6.0-11.6.2 fixed in 11.6.2 HF1, 12.0.0-12.1.2 HF1 fixed in 12.1.2 HF2, or 13.0.0-13.0.0 HF2 fixed in 13.0.0 HF3 a virtual server configured with a Client SSL profile may be vulnerable to an Adaptive Chosen Ciphertext attack AKA Bleichenbacher...
Security Bulletin: Resilient supports TLS1.2 ciphers that are not enabled for Perfect Forward Secrecy (PFS) (CVE-2021-20566)
Summary Resilient supports TLS1.2 ciphers that are not enabled for Perfect Forward Secrecy PFS. Such ciphers could allow an attacker who has recorded encrypted traffic and later obtains the server's key to decrypt highly sensitive information. Vulnerability Details CVEID: CVE-2021-20566...
Return Of Bleichenbacher's Oracle Threat
ROBOT is the return of a 19-year-old vulnerability that allows performing RSA decryption and signing operations with the private key of a TLS server. Recent assessments: busterb at May 09, 2019 5:57pm UTC reported: The details are pretty heavily documented on robotattack.org, so no need to...
Cross-Platform Post-Exploitation HTTP/2 Command & Control Server: Merlin
Merlin is a cross-platform post-exploitation framework that leverages HTTP/2 communications to evade inspection. HTTP/2 is a relatively new protocol that requests Perfect Forward Secrecy PFS encryption cipher suites are used. The use of these cipher suites makes it incredibly difficult to capture...
F5 Networks BIG-IP : BIG-IP SSL vulnerability (K21905460) (ROBOT)
On BIG-IP versions 11.6.0-11.6.2 fixed in 11.6.2 HF1, 12.0.0-12.1.2 HF1 fixed in 12.1.2 HF2, or 13.0.0-13.0.0 HF2 fixed in 13.0.0 HF3 a virtual server configured with a Client SSL profile may be vulnerable to an Adaptive Chosen Ciphertext attack AKA Bleichenbacher attack against RSA, which when...
ProtonMail Launches Free VPN Service
Encrypted email service ProtonMail announced today it was launching a free VPN service called ProtonVPN. Developers said the move comes following one year of development and four months of beta testing by 10,000 ProtonMail community members. According to Proton Technologies AG, the company behind...
LocalTapiola: OpenSSL Padding Oracle Attack (CVE-2016-2107) on viestinta.lahitapiola.fi
Hello Lahitapiola Security Team, I would like to make two reports: 1. Subdomain viestinta.lahitapiola.fi is vulnerable to CVE-2016-2107 . 2. All the Lahitapiola domains/subdomains in scope of bug bounty have weak cipher suites and are susceptible to various SSL related attacks. Subdomain...
Apple Delays App Transport Security Deadline
Apple backtracked on its plan to enforce a year-end deadline that would of required developers to move apps to an HTTPS-only model in an effort to thwart eavesdropping on insecure, plaintext HTTP connections. On Wednesday Apple said a requirement for developers to adopt App Transport Security wou...
Open Source Distributed Secure Skype Alternative: Tox Messenger
Open Source Distributed Secure Skype Alternative Distributed FOSS secure messenger with audio and video chat capabilities Tox began a few years ago, in the wake of Edward Snowden’s leaks regarding NSA spying activity. The idea was to create an instant messaging protocol that ran without any kind ...
CVE-2015-5738
The RSA-CRT implementation in the Cavium Software Development Kit SDK 2.x, when used on OCTEON II CN6xxx Hardware on Linux to support TLS with Perfect Forward Secrecy PFS, makes it easier for remote attackers to obtain private RSA keys by conducting a Lenstra side-channel attack...
Design/Logic Flaw
The RSA-CRT implementation in the Cavium Software Development Kit SDK 2.x, when used on OCTEON II CN6xxx Hardware on Linux to support TLS with Perfect Forward Secrecy PFS, makes it easier for remote attackers to obtain private RSA keys by conducting a Lenstra side-channel attack...