Lucene search
K

149 matches found

Hacker One
Hacker One
added 2016/09/19 9:5 p.m.13 views

Ruby: Ruby OpenSSL Library - IV Reuse in GCM Mode

Hello, An IV reuse bug was discovered in Ruby's OpenSSL library when using aes-gcm. When encrypting data with aes--gcm, if the IV is set before setting the key, the cipher will default to using a static IV. This creates a static nonce and since aes-gcm is a stream cipher, this can lead to known...

7.1AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2016/06/16 12:0 a.m.261 views

IBM Storwize SSL/TLS RC4 Stream Cipher Key Invariance (Bar Mitzvah)

According to its self-reported version number, the IBM Storwize server running on the remote host is affected by a security feature bypass vulnerability, known as Bar Mitzvah, due to improper combination of state data with key data by the RC4 cipher algorithm during the initialization phase. A...

5CVSS5.8AI score0.74006EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2015/12/21 12:0 a.m.322 views

IBM HTTP Server SSL/TLS RC4 Stream Cipher Key Invariance (Bar Mitzvah)

According to its banner, the version of IBM HTTP Server running on the remote host is affected by a security feature bypass vulnerability, known as Bar Mitzvah, due to improper combination of state data with key data by the RC4 cipher algorithm during the initialization phase. A man-in-the-middle...

5CVSS5.8AI score0.74006EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2015/08/27 6:3 a.m.7 views

File Encryption Software "ED" where encrypted data may be easier to decipher when files of small size are encrypted

Overview File encyption software "ED" contains an issue when files of small size are encyrpted, they may become easier to decipher in comparison to when files of a larger size are encrypted. When encrypting small files that are smaller than the block size 128 bits, file encryption software "ED"...

2.6CVSS6.5AI score0.00695EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2015/07/17 8:6 a.m.7 views

SSL/TLS: "Invariance Weakness" vulnerability in RC4 stream cipher

The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing network traffic...

5CVSS6.7AI score0.74006EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2015/07/17 8:4 a.m.7 views

SSL/TLS: "Invariance Weakness" vulnerability in RC4 stream cipher

The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing network traffic...

5CVSS6.7AI score0.74006EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2015/07/15 12:1 p.m.6 views

SSL/TLS: "Invariance Weakness" vulnerability in RC4 stream cipher

The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing network traffic...

5CVSS6.7AI score0.74006EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2015/06/11 1:21 p.m.6 views

SSL/TLS: "Invariance Weakness" vulnerability in RC4 stream cipher

The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing network traffic...

5CVSS6.7AI score0.74006EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2015/05/20 6:36 p.m.10 views

SSL/TLS: "Invariance Weakness" vulnerability in RC4 stream cipher

The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing network traffic...

5CVSS6.7AI score0.74006EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2015/05/13 1:34 p.m.3 views

SSL/TLS: "Invariance Weakness" vulnerability in RC4 stream cipher

The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing network traffic...

5CVSS6.7AI score0.74006EPSS
Exploits0References5
OSV
OSV
added 2015/03/31 12:0 a.m.3 views

UBUNTU-CVE-2015-2808

The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing network traffic...

3.7CVSS6.2AI score0.74006EPSS
Exploits0References5
ThreatPost
ThreatPost
added 2014/09/11 11:3 a.m.14 views

Key Flaw Enables Recovery of Files Encrypted by TorrentLocker

Crypto ransomware, a relatively unknown phenomenon a couple of years ago, has exploded into one of the nastier malware problems for Internet users. Variants such as CryptoLocker and CryptoWall have been siphoning money from victims for some time, and now researchers have dissected a newer variant...

0.4AI score
Exploits0References2
securityvulns
securityvulns
added 2014/05/15 12:0 a.m.54 views

[oss-security] A number of EncFS issues

Hi, https://defuse.ca/audits/encfs.htm discusses a number of issues in EncFS: "Same Key Used for Encryption and Authentication" "Stream Cipher Used to Encrypt Last File Block" "Generating Block IV by XORing Block Number" "File Holes are Not Authenticated" "MACs Not Compared in Constant Time"...

7.1AI score
Exploits0
MSRC
MSRC
added 2013/11/12 8:0 a.m.13 views

Security Advisory 2868725: Recommendation to disable RC4

In light of recent research into practical attacks on biases in the RC4 stream cipher, Microsoft is recommending that customers enable TLS1.2 in their services and take steps to retire and deprecate RC4 as used in their TLS implementations. Microsoft recommends TLS1.2 with AES-GCM as a more secur...

6.8AI score
Exploits0
Opera Security Advisories
Opera Security Advisories
added 2013/04/04 12:0 a.m.10 views

RC4 encryption protocol is vulnerable to certain brute force attacks – Opera Security Advisories

Weaknesses in the RC4 encryption protocol have been found, allowing an attacker to deduce the plaintext. If the same message is encrypted many millions of times, statistical methods can be used to extract valuable information, such as cookies. Due to the time this amount of requests takes, this i...

5.8AI score
Exploits0References1
ThreatPost
ThreatPost
added 2013/03/14 7:37 p.m.12 views

Attack Exploits Weakness in RC4 Cipher to Decrypt User Sessions

It’s been more than 25 years since Ron Rivest invented his RC4 stream cipher, and after all that time it’s still being used widely, which is something of an achievement in the crypto world. However, for more than 15 years researchers have known about a weakness in RC4 that could enable an attacke...

0.2AI score
Exploits0References3
Exploit DB
Exploit DB
added 2013/01/01 12:0 a.m.25 views

Linux/x86 - execve(/bin/sh) + Uzumaki Encoded + Null-Free Shellcode (50 bytes)

Linux/x86 - execve/bin/sh + Uzumaki Encoded + Null-Free Shellcode 50 bytes. Shellcode exploit for Linuxx86 platform / Uzumaki Decrypter Shellcode - C Language - Linux/x86 Copyright C 2013 Geyslan G. Bem, Hacking bits http://hackingbits.com [email protected] This program is free software: you can...

7.1AI score
Exploits0
Exploit DB
Exploit DB
added 2013/01/01 12:0 a.m.15 views

Linux/x86 - Uzumaki Encryptor Shellcode (Generator)

Linux/x86 - Uzumaki Encryptor Shellcode Generator. Shellcode exploit for Generator platform !/usr/bin/python -- coding: utf-8 -- Uzumaki Shellcode Crypter - Python Language Copyright C 2013 Geyslan G. Bem, Hacking bits http://hackingbits.com [email protected] This program is free software: you ca...

7.1AI score
Exploits0
NVD
NVD
added 2010/12/02 4:22 p.m.22 views

CVE-2010-4020

MIT Kerberos 5 aka krb5 1.8.x through 1.8.3 does not reject RC4 key-derivation checksums, which might allow remote authenticated users to forge a 1 AD-SIGNEDPATH or 2 AD-KDC-ISSUED signature, and possibly gain privileges, by leveraging the small key space that results from certain one-byte...

6.3CVSS6.4AI score0.01916EPSS
Exploits0References23
Prion
Prion
added 2010/12/02 4:22 p.m.18 views

Design/Logic Flaw

MIT Kerberos 5 aka krb5 1.8.x through 1.8.3 does not reject RC4 key-derivation checksums, which might allow remote authenticated users to forge a 1 AD-SIGNEDPATH or 2 AD-KDC-ISSUED signature, and possibly gain privileges, by leveraging the small key space that results from certain one-byte...

3.5CVSS6.9AI score0.01916EPSS
Exploits0References23Affected Software1
Rows per page
Query Builder