EUVD-2007-6063

Malware in sbrugna...

EUVD-2023-53635

Malicious code in bioql PyPI...

The implementation of PEAP in wpa_supplicant through 2.10 allows authentication bypass

wpasupplicant is vulnerable to authentication bypass due to its implementation of Protected Extensible Authentication Protocol PEAP. An attacker could exploit this in order to trick a victim into connecting to a malicious clone of an Enterprise WiFi network and subsequently intercept their traffi...

Improper Authentication

wpasupplicant is vulnerable to the Improper Authentication vulnerability. The vulnerability arises because wpasupplicant can be configured to skip TLS certificate verification during Phase 1 authentication, and an eappeapdecrypt vulnerability can then be exploited to bypass Phase 2 authentication...

Authentication flaw

The implementation of PEAP in wpasupplicant through 2.10 allows authentication bypass. For a successful attack, wpasupplicant must be configured to not verify the network's TLS certificate during Phase 1 authentication, and an eappeapdecrypt vulnerability can then be abused to skip Phase 2...

CVE-2023-52160

The implementation of PEAP in wpasupplicant through 2.10 allows authentication bypass. For a successful attack, wpasupplicant must be configured to not verify the network's TLS certificate during Phase 1 authentication, and an eappeapdecrypt vulnerability can then be abused to skip Phase 2...

CVE-2023-52160

The implementation of PEAP in wpasupplicant through 2.10 allows authentication bypass. For a successful attack, wpasupplicant must be configured to not verify the network's TLS certificate during Phase 1 authentication, and an eappeapdecrypt vulnerability can then be abused to skip Phase 2...

Important: Red Hat Security Advisory: kernel security and bug fix update

An update for kernel is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

COVID-19 Vaccine-Maker Hit with Cyberattack, Data Breach

COVID-19 vaccine manufacturer Dr. Reddy’s Laboratories has shut down its plants in Brazil, India, Russia, the U.K. and the U.S. following a cyberattack, according to reports. The Indian company is the contractor for Russia’s “Sputinik V” COVID-19 vaccine, which is about to enter Phase 2 human...

Researchers Break IPsec VPN Connections with 20-Year-Old Protocol Flaw

A new Bleichenbacher oracle cryptographic attack has been set loose on the world, using a 20-year-old protocol flaw to compromise the Internet Key Exchange IKE protocol used to secure IP communications. Specifically, the attack targets IKE’s handshake implementation used for IPsec-based VPN...

Default configuration

The default configuration of the IPsec IKE peer listener in F5 BIG-IP LTM, Analytics, APM, ASM, and Link Controller 11.2.1 before HF16, 11.4.x, 11.5.x before 11.5.4 HF2, 11.6.x before 11.6.1, and 12.x before 12.0.0 HF2; BIG-IP AAM, AFM, and PEM 11.4.x, 11.5.x before 11.5.4 HF2, 11.6.x before...

PFsense UTM Platform 2.0.1 XSS Vulnerability

No description provided by source. ???????????????????????????????????????????????????????????????????????????????? ? Exploit Title: pfSense = 2.0.1 XSS & CSRF during IPSec XAuth authentication ? Date: 04/01/2013 ? Author: Dimitris Strevinas ? Vendor or Software Link: www.pfsense.org ? Version: =...

TrueCrypt is Secure; Encryption Tool cleared the First Phase of Security Audit

Is TrueCrypt Audited Yet? Yes, In Part! One of the world's most-used open source file encryption software trusted by tens of millions of users - TrueCrypt is being audited by a team of experts to assess if it could be easily exploited and cracked. Hopefully it has cleared the first phase of the...

(RHSA-2010:0451) Low: Red Hat Certificate System 7.1 - End of Life Notice

On June 7, 2010, per the life-cycle support policy, version 7.1 of Red Hat Certificate System will exit Production Phase 2, marking the end of its support by Red Hat. Please reference the support policy here: https://www.redhat.com/security/updates/certificate/ For migration planning, please note...

CVE-2010-0392

Stack-based buffer overflow in vpnconf.exe in TheGreenBow IPSec VPN Client 4.51.001, 4.65.003, and possibly other versions, allows user-assisted remote attackers to execute arbitrary code via a long OpenScriptAfterUp parameter in a policy .tgb file, related to "phase 2."...

CVE-2005-1058

Cisco IOS 12.2T, 12.3 and 12.3T, when processing an ISAKMP profile that specifies XAUTH authentication after Phase 1 negotiation, may not process certain attributes in the ISAKMP profile that specifies XAUTH, which allows remote attackers to bypass XAUTH and move to Phase 2 negotiations...

CVE-2005-1058

Cisco IOS 12.2T, 12.3 and 12.3T contain an ISAKMP/XAUTH processing flaw: if XAUTH attributes in the ISAKMP profile are not fully processed after Phase 1, a remote attacker can bypass XAUTH and proceed to Phase 2 negotiations, potentially gaining access to private resources. Affected functionality...