Denial Of Service (DoS)

OpenSSL is vulnerable to denial of service DoS attacks. A malicious user can pass a malicious Pre-Shared Key identity hint to the system that can lead to a double free that can lead to the system crashing...

OpenSSL: Race condition handling PSK identify hint

A race condition flaw, leading to a double free, was found in the way OpenSSL handled pre-shared key PSK identify hints. A remote attacker could use this flaw to crash a multi-threaded SSL/TLS client using OpenSSL...

CVE-2016-7959

Siemens SIMATIC STEP 7 TIA Portal before 14 improperly stores pre-shared key data in TIA project files, which makes it easier for local users to obtain sensitive information by leveraging access to a file and conducting a brute-force attack...

Information disclosure

Siemens SIMATIC STEP 7 TIA Portal before 14 improperly stores pre-shared key data in TIA project files, which makes it easier for local users to obtain sensitive information by leveraging access to a file and conducting a brute-force attack...

CVE-2016-7959

Siemens SIMATIC STEP 7 (TIA Portal) before version 14 stores pre‑shared key data in TIA project files, enabling local attackers with file access to brute‑force and read sensitive information. The vulnerability is described across multiple sources (NVD entry for CVE-2016-7959 and PT Security advis...

CVE-2016-7959

Siemens SIMATIC STEP 7 TIA Portal before 14 improperly stores pre-shared key data in TIA project files, which makes it easier for local users to obtain sensitive information by leveraging access to a file and conducting a brute-force attack...

Siemens SIMATIC STEP 7 suffers from an information disclosure vulnerability (CNVD-2016-08768)

Siemens SIMATIC is an automation software with a single engineering environment. An information disclosure vulnerability exists in Siemens SIMATIC STEP 7 V12 and V13. A local attacker can exploit the vulnerability to read TIA project files by brute-force breaking the pre-shared key, resulting in...

How to Hack WiFi Password from Smart Doorbells

The buzz around The Internet of Things IoT is growing, and it is growing at a great pace. Every day the technology industry tries to connect another household object to the Internet. One such internet-connected household device is a Smart Doorbell. Gone are the days when we have regular doorbells...

OpenSSL: Race condition handling PSK identify hint

A race condition flaw, leading to a double free, was found in the way OpenSSL handled pre-shared key PSK identify hints. A remote attacker could use this flaw to crash a multi-threaded SSL/TLS client using OpenSSL...

OpenSSL Competitive Conditional Denial of Service Vulnerability

OpenSSL is an open source implementation of SSL for strong encryption of network communications. A security vulnerability exists in OpenSSL, which can be exploited by a remote attacker to send a special PSK identity that triggers a contention condition and then triggers two releases of memory,...

RSI Video Technologies Frontel Hard-Coded Encryption Vulnerability

RSI Video Technologies Frontel is a suite of receiver software for monitoring Videofied wireless video alarm systems from the French company RSI Video Technologies. A security vulnerability exists in RSI Video Technologies Frontel that stems from the program's use of a pre-shared key that is...

[SECURITY] [DLA 244-1] strongswan security update

Package : strongswan Version : 4.4.1-5.7 CVE ID : CVE-2015-4171 Alexander E. Patrakov discovered an issue in strongSwan, an IKE/IPsec suite used to establish IPsec protected links. When a client authenticate the server with certificates and the client authenticates using pre-shared key or EAP, th...

Debian Security Advisory DSA 3282-1 (strongswan - security update)

Alexander E. Patrakov discovered an issue in strongSwan, an IKE/IPsec suite used to establish IPsec protected links. When an IKEv2 client authenticates the server with certificates and the client authenticates itself to the server using pre-shared key or EAP, the constraints on the server...

Linux Gather NetworkManager 802-11-Wireless-Security Credentials

This module collects 802-11-Wireless-Security credentials such as Access-Point name and Pre-Shared-Key from Linux NetworkManager connection configuration files. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class...

Juniper Netscreen 5.0 VPN Username Enumeration Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/14595/info The Juniper Netscreen VPN implementation will identify valid usernames in IKE aggressive mode, when pre-shared key authentication is used. This allows for attackers to obtain a list of valid VPN users. With a...

CVE-2013-5037

The HOT HOTBOX router with software 2.1.11 has a default WPS PIN of 12345670, which makes it easier for remote attackers to obtain the WPA or WPA2 pre-shared key via EAP messages...

CVE-2013-5037

The HOT HOTBOX router with software 2.1.11 has a default WPS PIN of 12345670, which makes it easier for remote attackers to obtain the WPA or WPA2 pre-shared key via EAP messages...

CVE-2013-5037

The CVE-2013-5037 entry concerns the HOTBOX router (SAGEMCOM HOTBOX F@st 3184) running software version 2.1.11, where a default WPS PIN of 12345670 enables easier access to the WPA/WPA2 PSK via EAP messages. The connected sources corroborate the affected device and version and describe the underl...

Internet Key Exchange (IKE) Aggressive Mode with Pre-Shared Key

The remote Internet Key Exchange IKE version 1 service seems to support Aggressive Mode with Pre-Shared key PSK authentication. Such a configuration could allow an attacker to capture and crack the PSK of a VPN gateway and gain unauthorized access to private networks. C Tenable Network Security,...

initscripts: IPSec ifup script allows for aggressive IKE mode

The default IPSec ifup script in Red Hat Enterprise Linux 3 through 5 configures racoon to use aggressive IKE mode instead of main IKE mode, which makes it easier for remote attackers to conduct brute force attacks by sniffing an unencrypted preshared key PSK hash...