EUVD-2018-7206

Malware in sbrugna...

EUVD-2017-14747

Malware in sbrugna...

EUVD-2023-57476

Malicious code in bioql PyPI...

CVE-2023-5138

Glitch detection is not enabled by default for the CortexM33 core in Silicon Labs secure vault high parts EFx32xG2xB, except EFR32xG21B...

CVE-2024-22473

TRNG is used before initialization by ECDSA signing driver when exiting EM2/EM3 on Virtual Secure Vault VSE devices. This defect may allow Signature Spoofing by Key Recreation.This issue affects Gecko SDK through v4.4.0...

Design/Logic Flaw

TRNG is used before initialization by ECDSA signing driver when exiting EM2/EM3 on Virtual Secure Vault VSE devices. This defect may allow Signature Spoofing by Key Recreation.This issue affects Gecko SDK through v4.4.0...

CVE-2024-22473 Uninitialized TRNG used for ECDSA after EM2/EM3 sleep for VSE devices

TRNG is used before initialization by ECDSA signing driver when exiting EM2/EM3 on Virtual Secure Vault VSE devices. This defect may allow Signature Spoofing by Key Recreation.This issue affects Gecko SDK through v4.4.0...

CVE-2023-5138

Glitch detection is not enabled by default for the CortexM33 core in Silicon Labs secure vault high parts EFx32xG2xB, except EFR32xG21B...

CVE-2023-5138 Glitch detection not active by default in Silicon Labs Secure Vault High devices

Glitch detection is not enabled by default for the CortexM33 core in Silicon Labs secure vault high parts EFx32xG2xB, except EFR32xG21B...

PT-2024-14101 · Silicon +1 · Efr32Xg21B +2

Name of the Vulnerable Software and Affected Versions: Silicon Labs secure vault high parts EFx32xG2xB versions except EFR32xG21B Description: Glitch detection is not enabled by default for the CortexM33 core in the affected parts. Recommendations: For Silicon Labs secure vault high parts...

CVE-2023-41096 Keys Stored in Plaintext on Secure Vault High for Silabs Ember ZNet devices

Missing Encryption of Security Keys vulnerability in Silicon Labs Ember ZNet SDK on 32 bit, ARM SecureVault High modules allows potential modification or extraction of network credentials stored in flash. This issue affects Silicon Labs Ember ZNet SDK: 7.3.1 and earlier...

CVE-2023-41095 Keys Stored in Plaintext on Secure Vault High for Silabs OpenThread devices

Missing Encryption of Security Keys vulnerability in Silicon Labs OpenThread SDK on 32 bit, ARM SecureVault High modules allows potential modification or extraction of network credentials stored in flash. This issue affects Silicon Labs OpenThread SDK: 2.3.1 and earlier...

K58243048: Considerations for transferring files from F5 devices

Security Advisory Description The BIG-IP system uses Secure Vault, a secure SSL-encrypted storage system, to securely store sensitive data such as SSL key passphrases, users, and administrator and services passwords. However, files transferred from an F5 device including products listed in the...

F5 Networks BIG-IP : BIG-IP Secure Vault vulnerability (K18535734)

This vulnerability impacts only the iSeries platforms. On these platforms, the secureKeyCapable attribute is not set, which causes the Secure Vault feature to not use F5 hardware support to store the unit key. Instead, the unit key is stored in plaintext on disk, as is the case for Z100 systems...

F5 Networks BIG-IP : BIG-IP SNMP vulnerability (K42027747)

The version of F5 Networks BIG-IP installed on the remote host is prior to 14.1.0. It is, therefore, affected by a vulnerability as referenced in the K42027747 advisory. The passphrases for SNMPv3 users and trap destinations that are used forauthentication and privacy are not handled by the BIG-I...

CVE-2018-15328

On BIG-IP 14.0.x, 13.x, 12.x, and 11.x, Enterprise Manager 3.1.1, BIG-IQ 6.x, 5.x, and 4.x, and iWorkflow 2.x, the passphrases for SNMPv3 users and trap destinations that are used for authentication and privacy are not handled by the BIG-IP system Secure Vault feature; they are written in the cle...

CVE-2018-15328

On BIG-IP 14.0.x, 13.x, 12.x, and 11.x, Enterprise Manager 3.1.1, BIG-IQ 6.x, 5.x, and 4.x, and iWorkflow 2.x, the passphrases for SNMPv3 users and trap destinations that are used for authentication and privacy are not handled by the BIG-IP system Secure Vault feature; they are written in the cle...

Get Dashlane Password Manager Premium (50% + 10% OFF)

Happy 'World Password Day'! Today is a good time for you to audit your password practices and stop using terrible passwords to protect your online accounts. Experts advice that: Your password must—be long Your password must—be unpredictable Your password must—have at least one number Your passwor...

FAQ: XenMobile Derived Credentials

What are Derived Credentials? Derived credentials provide strong authentication for mobile devices. The credentials, derived from a smart card, reside in a mobile device instead of the card. The smart card is either a Personal Identity Verification PIV card or Common Access Card CAC. The derived...

CVE-2017-7306

Riverbed RiOS through 9.6.0 has a weak default password for the secure vault, which makes it easier for physically proximate attackers to defeat the secure-vault protection mechanism by leveraging knowledge of the password algorithm and the appliance serial number. NOTE: the vendor believes that...