CVE-2007-0726

The SSH key generation process in OpenSSH in Apple Mac OS X 10.3.9 and 10.4 through 10.4.8 allows remote attackers to cause a denial of service by connecting to the server before SSH has finished creating keys, which causes the keys to be regenerated and can break trust relationships that were...

US-CERT Technical Cyber Security Alert TA07-059A -- Sun Solaris Telnet Worm

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Alert System Technical Cyber Security Alert TA07-059A Sun Solaris Telnet Worm Original release date: February 28, 2007 Last revised: -- Source: US-CERT Systems Affected Sun Solaris 10 SunOS 5.10 Sun "Nevada" SunOS 5.11 Both SPARC and...

Default Password (password) for 'root' Account

The account 'root' has the password 'password'. An attacker may use it to gain further privileges on this system. Note that Korenix Jetport installs are known to use these credentials although other hosts are likely to as well as 'password' is reportedly a common password. %NASLMINLEVEL 70300 C...

CVE-2007-1063

The SSH server in Cisco Unified IP Phone 7906G, 7911G, 7941G, 7961G, 7970G, and 7971G, with firmware 8.04SR1 and earlier, uses a hard-coded username and password, which allows remote attackers to access the device...

CVE-2007-1063

Cisco Unified IP Phone models 7906G/7911G/7941G/7961G/7970G/7971G running firmware 8.0(4)SR1 and earlier have a hard-coded SSH credential issue in the SSH server that lets remote attackers access the device. Connected sources (NVD, Tenable, PRION, CVE lists) confirm the root cause as embedded cre...

Cisco IP Phones unauthorized access

It's possible to access web interface without password. There is built-in hardcoded user account with SSH access...

Mandrake Linux Security Advisory : openssh (MDKSA-2006:179)

Tavis Ormandy of the Google Security Team discovered a Denial of Service vulnerability in the SSH protocol version 1 CRC compensation attack detector. This could allow a remote unauthenticated attacker to trigger excessive CPU utilization by sending a specially crafted SSH message, which would th...

Solaris 10 (sparc) : 120068-03

SunOS 5.10: in.telnetd patch. Date this patch was last updated by Sun : Feb/21/07 %NASLMINLEVEL 70300 @DEPRECATED@ This script has been deprecated as the associated patch is not currently a recommended security fix. Disabled on 2011/09/17. C Tenable Network Security, Inc. if ! definedfunc"bnrando...

Solaris 10 (x86) : 120069-03

SunOS 5.10x86: in.telnetd patch. Date this patch was last updated by Sun : Feb/21/07 %NASLMINLEVEL 70300 @DEPRECATED@ This script has been deprecated as the associated patch is not currently a recommended security fix. Disabled on 2011/09/17. C Tenable Network Security, Inc. if !...

Cisco SSL/TLS证书和SSH公共密钥验证漏洞

部分Cisco产品连接不同设备用于配置或监视目的，实际连接方法根据产品不同而分类。但是SSL/TLS和SSH由于起强壮的加密性能确保通信的隐秘性和完整性而最流行使用。 如Cisco Security Monitoring, Analysis和Response System CS-MARS用于与IPS探测器和防火墙通信的安全威胁缓解系统security threat mitigation system和Cisco Adaptive Security Device Manager ASDM，它提供对Cisco ASA 5500 Series Adaptive Security...

CVE-2007-0397

The Cisco Security Monitoring, Analysis and Response System CS-MARS before 4.2.3 and Adaptive Security Device Manager ASDM before 5.22.54 do not validate the SSL/TLS certificates or SSH public keys when connecting to devices, which allows remote attackers to spoof those devices to obtain sensitiv...

Information disclosure

The Cisco Security Monitoring, Analysis and Response System CS-MARS before 4.2.3 and Adaptive Security Device Manager ASDM before 5.22.54 do not validate the SSL/TLS certificates or SSH public keys when connecting to devices, which allows remote attackers to spoof those devices to obtain sensitiv...

CVE-2007-0397

The CVE-2007-0397 issue affects Cisco CS-MARS (before 4.2.3) and ASDM (before 5.2(2.54)); both do not validate SSL/TLS certificates or SSH public keys when connecting to devices, enabling remote spoofing to obtain sensitive info or present false data. Cisco’s advisory notes that updated software ...

Cisco CS MARS and Cisco ADSM TLS, SSL, SSH certificates validation problem

On connecting to managed device, device certificate is not validated...

Cisco Security Advisory: SSL/TLS Certificate and SSH Public Key Validation Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: SSL/TLS Certificate and SSH Public Key Validation Vulnerability Advisory ID: cisco-sa-20070118-certs http://www.cisco.com/warp/public/707/cisco-sa-20070118-certs.shtml Revision 1.0 For Public Release 2007 January 18 1600 UTC G...

Cisco Security Monitoring, Analysis and Response System and Adaptive Security Device Manager Secure Communication Vulnerability

Cisco Security Monitoring, Analysis and Response System versions prior to 4.2.3 and Cisco Adaptive Security Device Manager versions prior to 5.22.1 contain a vulnerability that could allow an unauthenticated, remote attacker to impersonate a device managed by the system. The vulnerability exists...

SSL/TLS Certificate and SSH Public Key Validation Vulnerability

...

CVE-2006-6608

Unspecified vulnerability in SSH key based authentication in HP Integrated Lights Out iLO 1.70 through 1.87, and iLO 2 1.00 through 1.11, on Proliant servers, allows remote attackers to "gain unauthorized access."...

CVE-2006-6608

HP iLO (Integrated Lights Out) SSH key authentication vulnerability (CVE-2006-6608) affects ProLiant servers with iLO firmware 1.70–1.87 and iLO 2 firmware 1.00–1.11. The flaw enables remote unauthorized access due to a weakness in the SSH key based authentication mechanism. Documented impact is ...

CVE-2006-6608

Unspecified vulnerability in SSH key based authentication in HP Integrated Lights Out iLO 1.70 through 1.87, and iLO 2 1.00 through 1.11, on Proliant servers, allows remote attackers to "gain unauthorized access."...