EUVD-2020-0066

Malware in sbrugna...

CVE-2024-23688

Consensys Discovery versions less than 0.4.5 uses the same AES/GCM nonce for the entire session. which should ideally be unique for every message. The node's private key isn't compromised, only the session key generated for specific peer communication is exposed...

GHSA-WP4M-7HPJ-8QP8 Duplicate Advisory: Discovery uses the same AES/GCM Nonce throughout the session

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-w3hj-wr2q-x83g. This link is maintained to preserve external references. Original Description Consensys Discovery versions less than 0.4.5 uses the same AES/GCM nonce for the entire session. which should ideally...

CVE-2024-23688 Consensys Discovery Nonce Reuse

Consensys Discovery versions less than 0.4.5 uses the same AES/GCM nonce for the entire session. which should ideally be unique for every message. The node's private key isn't compromised, only the session key generated for specific peer communication is exposed...

PT-2021-24354 · Consensys · Consensys Discovery

Name of the Vulnerable Software and Affected Versions: Consensys Discovery versions less than 0.4.5 Description: The issue arises from Consensys Discovery using the same AES/GCM nonce for the entire session, which should ideally be unique for every message. This can lead to the leaking of the...

Session key exposure through session list in Django User Sessions

Impact The views provided by django-user-sessions allow users to terminate specific sessions. The session key is used to identify sessions, and thus included in the rendered HTML. In itself this is not a problem. However if the website has an XSS vulnerability, the session key could be extracted ...

The vulnerabilities of SIMATIC device software, related to errors in cryptography usage, allow attackers to obtain the TLS session key.

The vulnerability of SIMATIC device software is related to errors in the use of cryptography. Exploiting this vulnerability can allow a perpetrator with access to the web interface to obtain the TLS session key while monitoring the TLS traffic between the legitimate user and the device...

CVE-2018-3616

Bleichenbacher-style side channel vulnerability in TLS implementation in Intel Active Management Technology before 12.0.5 may allow an unauthenticated user to potentially obtain the TLS session key via the network...

UBUNTU-CVE-2016-3954

web2py before 2.14.2 allows remote attackers to obtain the sessioncookiekey value via a direct request to examples/simpleexamples/status. NOTE: this issue can be leveraged by remote attackers to execute arbitrary code using CVE-2016-3957...

CVE-2014-8357

backupsettings.html in the web administrative portal in Zhone zNID GPON 2426A before S3.0.501 places a session key in a URL, which allows remote attackers to obtain arbitrary user passwords via the sessionKey parameter in a getConfig action to backupsettings.conf...

CVE-2012-0799

Moodle 2.0.x before 2.0.7 and 2.1.x before 2.1.4, when an anonymous front-page forum is enabled, allows remote attackers to obtain session keys for their sessions by visiting the front page...