6 matches found
EUVD-2021-18453
Malware in sbrugna...
RSA signature validation vulnerability
Overview Impact Vulnerable versions of jsrsasign will accept RSA signature with improper PKCS1.5 padding. Decoded RSA signature value consists following form: 01ff...8 or more ffs...ff00ASN.1 OF DigestInfo Its byte length shall be the same as RSA key length however such checking was not sufficien...
PT-2021-3955 · Unknown +2 · Mysql Server +3
Name of the Vulnerable Software and Affected Versions: MediaWiki versions through 1.35.2 Description: An issue was discovered in the Oauth extension for MediaWiki. The problem lies in MWOAuthConsumerSubmitControl.php, which does not ensure that the length of an RSA key will fit in a MySQL blob...
sslscan - tests SSL/TLS enabled services to discover supported cipher suites
This is a fork of ioerror's version of sslscan the original readme of which is included below. Changes are as follows: Highlight SSLv2 and SSLv3 ciphers in output. Highlight CBC ciphers on SSLv3 POODLE. Highlight 3DES and RC4 ciphers in output. Highlight PFS+GCM ciphers as good in output. Highlig...
Two Microsoft Security Updates Await In Advance of Certificate Key Length Changes
Microsoft is promising a light load of security updates for next Tuesday’s monthly patch release in an attempt to give Windows administrators and security teams time to prepare for an October change to certificate key length requirements. Angela Gunn of Microsoft’s Security Response Team announce...
CVE-2012-0655
libsecurity in Apple Mac OS X before 10.7.4 does not properly restrict the length of RSA keys within X.509 certificates, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by conducting a spoofing or network-sniffing attack during communication with a site th...