54 matches found
EUVD-2017-9395
Malware in sbrugna...
EUVD-2018-17531
Malware in sbrugna...
EUVD-2017-8988
Malware in sbrugna...
CVE-2017-1712
"A vulnerability in the TLS protocol implementation of the Domino server could allow an unauthenticated, remote attacker to access sensitive information, aka a Return of Bleichenbacher's Oracle Threat ROBOT attack. An attacker could iteratively query a server running a vulnerable TLS stack...
Experts Uncover Passive Method to Extract Private RSA Keys from SSH Connections
A new study has demonstrated that it's possible for passive network attackers to obtain private RSA host keys from a vulnerable SSH server by observing when naturally occurring computational faults that occur while the connection is being established. The Secure Shell SSH protocol is a method for...
Design/Logic Flaw
"A vulnerability in the TLS protocol implementation of the Domino server could allow an unauthenticated, remote attacker to access sensitive information, aka a Return of Bleichenbacher's Oracle Threat ROBOT attack. An attacker could iteratively query a server running a vulnerable TLS stack...
CVE-2017-1712
CVE-2017-1712 is a vulnerability in the TLS protocol implementation of the Domino server where an unauthenticated, remote attacker can exploit a Bleichenbacher-like oracle (ROBOT) to decrypt previously captured TLS sessions. The issue arises from cryptanalytic operations enabled by iterative quer...
ROBOT Attack
Bouncy Castle Cryptography API is vulnerable to ROBOT attack. The vulnerability exists due to the usage of simple RSA CMS signatures without signed attributes...
Security Bulletin: IBM Security Guardium is affected by a Public disclosed vulnerability from Bouncy Castle
Summary IBM Security Guardium has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2017-13098 DESCRIPTION: Bouncy Castle could allow a remote attacker to obtain sensitive information, caused by an RSA Adaptive Chosen Ciphertext Bleichenbacher attack. By utilizing...
The ROBOT Attack - Return of Bleichenbacher's Oracle Threat
A plaintext recovery of encrypted messages or a Man-in-the-middle MiTM attack on RSA PKCS 1 v1.5 encryption may be possible without knowledge of the server's private key...
Security Bulletin: Vulnerabilities in erlang affect PowerKVM
Summary PowerKVM is affected by vulnerabilities in erlang. IBM has now addressed these vulnerabilities. Vulnerability Details CVEID: CVE-2017-1000385 DESCRIPTION: Erlang/OTP could allow a remote attacker to obtain sensitive information, caused by an RSA Adaptive Chosen Ciphertext Bleichenbacher...
CVE-2017-15533
Symantec SSL Visibility SSLV 3.8.4FC, 3.10 prior to 3.10.4.1, 3.11, and 3.12 prior to 3.12.2.1 are vulnerable to the Return of the Bleichenbacher Oracle Threat ROBOT attack. All affected SSLV versions act as weak oracles according the oracle classification used in the ROBOT research paper. A remo...
CVE-2017-15533
Symantec SSL Visibility SSLV 3.8.4FC, 3.10 prior to 3.10.4.1, 3.11, and 3.12 prior to 3.12.2.1 are vulnerable to the Return of the Bleichenbacher Oracle Threat ROBOT attack. All affected SSLV versions act as weak oracles according the oracle classification used in the ROBOT research paper. A remo...
Code injection
Symantec SSL Visibility SSLV 3.8.4FC, 3.10 prior to 3.10.4.1, 3.11, and 3.12 prior to 3.12.2.1 are vulnerable to the Return of the Bleichenbacher Oracle Threat ROBOT attack. All affected SSLV versions act as weak oracles according the oracle classification used in the ROBOT research paper. A remo...
Session fixation
Symantec IntelligenceCenter 3.3 is vulnerable to the Return of the Bleichenbacher Oracle Threat ROBOT attack. A remote attacker, who has captured a pre-recorded SSL session inspected by SSLV, can establish large numbers of crafted SSL connections to the target and obtain the session keys required...
CVE-2017-15533
Symantec SSL Visibility SSLV 3.8.4FC, 3.10 prior to 3.10.4.1, 3.11, and 3.12 prior to 3.12.2.1 are vulnerable to the Return of the Bleichenbacher Oracle Threat ROBOT attack. All affected SSLV versions act as weak oracles according the oracle classification used in the ROBOT research paper. A remo...
CVE-2017-15533
CVE-2017-15533 is tied to Symantec SSL Visibility (SSLV) affecting versions 3.8.4FC, 3.10 before 3.10.4.1, 3.11, and 3.12 before 3.12.2.1. The vulnerability is a variation of the Bleichenbacher/ROBOT padding oracle attack, where a remote attacker who has a pre-recorded SSL session can perform mil...
CVE-2017-18268
Symantec IntelligenceCenter 3.3 is vulnerable to the Return of the Bleichenbacher Oracle Threat ROBOT attack. A remote attacker, who has captured a pre-recorded SSL session inspected by SSLV, can establish large numbers of crafted SSL connections to the target and obtain the session keys required...
CVE-2017-17428
Cavium Nitrox SSL, Nitrox V SSL, and TurboSSL software development kits SDKs allow remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a ROBOT attack...
CVE-2017-17428
Cavium Nitrox SSL, Nitrox V SSL, and TurboSSL software development kits SDKs allow remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a ROBOT attack...