SUSE CVE-2017-15361

The Infineon RSA library 1.02.013 in Infineon Trusted Platform Module TPM firmware, such as versions before 0000000000000422 - 4.34, before 000000000000062b - 6.43, and before 0000000000008521 - 133.33, mishandles RSA key generation, which makes it easier for attackers to defeat various...

rocautilidades.com.br Cross Site Scripting vulnerability OBB-3107712

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Windows/x64 - Reverse TCP (192.168.201.11:4444) Shellcode (330 Bytes)

Title: Windows/x64 - Reverse TCP 192.168.201.11:4444 Shellcode 330 Bytes Author: Xenofon Vassilakopoulos Tested on: Windows/x64 - 10.0.19043 N/A Build 19043 / MIT License Copyright c 2021 Xenofon Vassilakopoulos Permission is hereby granted, free of charge, to any person obtaining a copy of this...

Fedora 33 : roca-detect (2021-acd448b558)

The remote Fedora 33 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2021-acd448b558 advisory. - With the upgrade of python-cryptography in f33+, the PKCS7get0clients api was dropped. It has been replaced by a cleaner and easier api, which roca-detect...

[SECURITY] Fedora 33 Update: roca-detect-1.2.12-15.fc33

This tool is related to the ACM CCS 2017 conference paper 124 Return of the Coppersmith=EF=BF=BD=EF=BF=BD=EF=BF=BDs Attack: Practical Factorization of Widely Used RSA Moduli. https://crocs.fi.muni.cz/public/papers/rsaccs17 Install this to test public RSA keys for the presence of the vulnerability...

Fedora: Security Advisory for roca-detect (FEDORA-2021-acd448b558)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Fedora: Security Advisory for roca-detect (FEDORA-2021-724c3aa51b)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 34 Update: roca-detect-1.2.12-16.fc34

This tool is related to the ACM CCS 2017 conference paper 124 Return of the Coppersmith=EF=BF=BD=EF=BF=BD=EF=BF=BDs Attack: Practical Factorization of Widely Used RSA Moduli. https://crocs.fi.muni.cz/public/papers/rsaccs17 Install this to test public RSA keys for the presence of the vulnerability...

rocaadvocats.cat Cross Site Scripting vulnerability OBB-1332648

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

ROCA - Vulnerable RSA Generation: HP Trusted Platform Module (TPM) Accessory and Certain HP Enterprise Printer and MFP Products, Certain HP PageWide Printer and MFP Products with Standard TPM

A potential security vulnerability known as “ROCA: Vulnerable RSA Generation” has been identified with the RSA keys generated by the HP Trusted Platform Module TPM Accessory and printers equipped with a TPM. This vulnerability could potentially be exploited remotely to allow remote disclosure of...

HPSBPI03583 rev. 1 - ROCA - Vulnerable RSA Generation: HP Trusted Platform Module (TPM) Accessory and Certain HP Enterprise Printer and MFP Products, Certain HP PageWide Printer and MFP Products with Standard TPM

Potential Security Impact Remote disclosure of information VULNERABILITY SUMMARY A potential security vulnerability known as “ROCA: Vulnerable RSA Generation” has been identified with the RSA keys generated by the HP Trusted Platform Module TPM Accessory and printers equipped with a TPM. This...

How to try to predict the output of Micali-Schnorr Generator (MS-DRBG) knowing the factorization. Part II

See also Part I and Part III of this series tl;dr In the previous article of the same series we tried to predict the output of Micali-Schnorr Generator MS-DRBG knowing the factorization. In this blog post we continue the effort started in part I showing different strategies. If you want to skip a...

ROCA: Vulnerable RSA key pairs generation (CVE-2017-15361)

An old Infineon RSA library does not properly generate RSA key pairs, therefore enabling an attacker to potentially infer a private key from a public key...

Updated opensc_etc packages fix security vulnerability

A vulnerability, dubbed ROCA, was identified in an implementation of RSA key generation due to a fault in a code library developed by Infineon Technologies. The affected encryption keys are used to secure many forms of technology, such as hardware chips, authentication tokens, software packages,...

On ROCA, KRACK, BoundHook, Google Advanced Protection

Threatpost editors Mike Mimoso and Tom Spring recap this week’s infosec news starting with the ROCA vulnerabilities affecting factorization of RSA private keys, the KRACK WPA2 Wi-Fi vulnerabilities, the BoundHook attacks, and Google’s introduction of Advanced Protection for Gmail. Download: Music...

rsa-vuln-roca NSE Script

Detects RSA keys vulnerable to Return Of Coppersmith Attack ROCA factorization. SSH hostkeys and SSL/TLS certificates are checked. The checks require recent updates to the openssl NSE library. References: See also: ssl-cert.nse ssh-hostkey.nse Script Arguments mssql.domain, mssql.instance-all,...

Serious Crypto-Flaw Lets Hackers Recover Private RSA Keys Used in Billions of Devices

If you think KRACK attack for WiFi is the worst vulnerability of this year, then hold on… ...we have got another one for you which is even worse. Microsoft, Google, Lenovo, HP and Fujitsu are warning their customers of a potentially serious vulnerability in widely used RSA cryptographic library...

CVE-2017-15361

The Infineon RSA library 1.02.013 in Infineon Trusted Platform Module TPM firmware, such as versions before 0000000000000422 - 4.34, before 000000000000062b - 6.43, and before 0000000000008521 - 133.33, mishandles RSA key generation, which makes it easier for attackers to defeat various...

Code injection

The Infineon RSA library 1.02.013 in Infineon Trusted Platform Module TPM firmware, such as versions before 0000000000000422 - 4.34, before 000000000000062b - 6.43, and before 0000000000008521 - 133.33, mishandles RSA key generation, which makes it easier for attackers to defeat various...

CVE-2017-15361

The Infineon RSA library 1.02.013 in Infineon Trusted Platform Module TPM firmware, such as versions before 0000000000000422 - 4.34, before 000000000000062b - 6.43, and before 0000000000008521 - 133.33, mishandles RSA key generation, which makes it easier for attackers to defeat various...