CVE-2022-25218

The CVE-2022-25218 entry concerns PHICOMM router devices (e.g., K2, K3, K3C) where telnetd_startup uses RSA without OAEP or padding. An unauthenticated attacker on the LAN can craft UDP packets to influence the OpenSSL RSA_public_decrypt() processing, manipulating the telnetd startup state machin...

CVE-2022-25218

The use of the RSA algorithm without OAEP, or any other padding scheme, in telnetdstartup, allows an unauthenticated attacker on the local area network to achieve a significant degree of control over the "plaintext" to which an arbitrary blob of ciphertext will be decrypted by OpenSSL's...

CVE-2021-41096

Rucky is a USB HID Rubber Ducky Launch Pad for Android. Versions 2.2 and earlier for release builds and versions 425 and earlier for nightly builds suffer from use of a weak cryptographic algorithm RSA/ECB/PKCS1Padding. The issue will be patched in v2.3 for release builds and 426 onwards for...

in w7corp/easywechat

✍️ Description The method encryptsensitiveinformation in BaseClient.php uses the RSA algorithm without OAEP padding, thereby making the encryption weak. In order to use RSA securely, the OAEP padding mode Optimal Asymmetric Encryption Padding must be used. This category was derived from the Cigita...

Huawei Data Communication: Weak Algorithm Vulnerability in Some Huawei Products (huawei-sa-20200108-01-rsa)

There is a weak algorithm vulnerability in some Huawei products. Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free...

Information disclosure

There is a weak algorithm vulnerability in some Huawei products. The affected products use the RSA algorithm in the SSL key exchange algorithm which have been considered as a weak algorithm. Attackers may exploit this vulnerability to leak some information...

CVE-2020-1810

CVE-2020-1810 describes a weak RSA algorithm vulnerability in the SSL key exchange used by Huawei products. Affected Huawei devices include CloudEngine 12800, S5700, and S6700 series, with the underlying issue being the use of a weak RSA in the TLS/SSL handshake that can allow information leakage...

Timing Attack

It was discovered that the RSA algorithm in the OpenJDK Security component did not sufficiently preform "blinding" while performing operations using private keys. An attacker able to measure timing differences of those operations could possibly leak information about the keys used...

openssl: BN_mod_exp may produce incorrect results on x86_64

There is a carry propagating bug in the x8664 Montgomery squaring procedure in OpenSSL 1.0.2 before 1.0.2k and 1.1.0 before 1.1.0d. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed...

Security Bulletin: OpenSSL security vulnerabilities in IBM Storwize V7000 Unified (CVE-2014-3570, CVE-2014-3571, CVE-2014-3572, CVE-2014-8275, CVE-2015-0204, CVE-2015-0205, CVE-2015-0206)

Summary A fix is available for IBM Storwize V7000 Unified, for the OpenSSL security vulnerabilities found in January 2015. Vulnerability Details OpenSSL is used in IBM Storwize V7000 Unified for providing communication security by encrypting data being transmitted. CVEID: CVE-2014-3570 DESCRIPTIO...

The Ugly Duckling in factoring aka the filtering steps part I

People that knows me well are well aware that prime numbers have been my obsession since my childhood and they are source of continue interest for me. Actually thanks to cryptography they are a relevant part of my everyday life. One of the most important problem in cryptography since the discover...

DEBIAN-CVE-2017-3736

There is a carry propagating bug in the x8664 Montgomery squaring procedure in OpenSSL before 1.0.2m and 1.1.0 before 1.1.0g. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely...

CVE-2016-5430

The RSA 1.5 algorithm implementation in the JOSEJWE class in JWE.php in jose-php before 2.2.1 lacks the Random Filling protection mechanism, which makes it easier for remote attackers to obtain cleartext data via a Million Message Attack MMA...

Design/Logic Flaw

The RSA 1.5 algorithm implementation in the JOSEJWE class in JWE.php in jose-php before 2.2.1 lacks the Random Filling protection mechanism, which makes it easier for remote attackers to obtain cleartext data via a Million Message Attack MMA...

Design/Logic Flaw

The Rsa15 class in the RSA 1.5 algorithm implementation in jwa.py in jwcrypto before 0.3.2 lacks the Random Filling protection mechanism, which makes it easier for remote attackers to obtain cleartext data via a Million Message Attack MMA...

OpenSSL CVE-2 0 1 6-0 8 0 0 and CVE-2 0 1 6-0 7 0 3 bug fixes the details of pick-up fun-vulnerability warning-the black bar safety net

Details 3 6 0 including a portion of the information security practice of course, the“3 6 0 Information Security Department”progressively adhering to best security practices in the https and other ssl fields gradually made significant changes. Such as important system to prohibit unsafe cipher...

Crypto Panel Experts Clash on FBI-Apple Debate

SAN FRANCISCO—One would think that six of the smartest security people on the planet could come to some sort of collective conclusion on the FBI-Apple debate. But that wasn’t the case today during the annual Cryptographers’ Panel at RSA Conference. The debate over whether Apple should assist the...

Amazon Linux: Security Advisory (ALAS-2014-387)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

'Fully Secure Systems Don't Exist'

SAN FRANCISCO–The more things change, the more they stay the same. Thirty years ago, Adi Shamir, one of the inventors of the RSA algorithm, was asked to do a keynote speech at a conference and spoke about his laws of computer security. They were a set of principles that he developed over the year...

Amazon Linux AMI : java-1.7.0-openjdk (ALAS-2014-383)

It was discovered that the Hotspot component in OpenJDK did not properly verify bytecode from the class files. An untrusted Java application or applet could possibly use these flaws to bypass Java sandbox restrictions. CVE-2014-4216 , CVE-2014-4219 A format string flaw was discovered in the Hotsp...