Security Bulletin: Vulnerability in RC4 stream cipher in IBM SDK Java Technology Edition, Versions 1.6 and 1.7 affects IBM SPSS Collaboration and Deployment Services (CVE-2015-2808)

Summary The RC4 “Bar Mitzvah” Attack for SSL/TLS affects IBM SPSS Collaboration and Deployment Services. Vulnerability Details CVEID: CVE-2015-2808 DESCRIPTION: The RC4 algorithm, as used in the TLS protocol and SSL protocol, could allow a remote attacker to obtain sensitive information. An...

Security Bulletin: Vulnerability in RC4 stream cipher affects IBM DB2 QMF for Workstation (CVE-2015-2808)

Summary The RC4 “Bar Mitzvah” Attack for SSL/TLS affects DB2 QMF for Workstation. The RC4 algorithm, as used in the TLS protocol and SSL protocol, could allow a remote attacker to obtain sensitive information. An attacker could exploit this vulnerability to remotely expose account credentials...

Security Bulletin: Vulnerability in RC4 stream cipher affects IBM Cognos Mobile app on Android (CVE-2015-2808)

Summary The RC4 “Bar Mitzvah” Attack for SSL/TLS affects IBM Cognos Mobile app on Android. Vulnerability Details CVEID: CVE-2015-2808 DESCRIPTION: The RC4 algorithm, as used in the TLS protocol and SSL protocol, could allow a remote attacker to obtain sensitive information. An attacker could...

Security Bulletin: Vulnerability in RC4 stream cipher affects IBM Cognos Business Intelligence Server (CVE-2015-2808)

Summary The RC4 “Bar Mitzvah” Attack for SSL/TLS affects IBM Cognos Business Intelligence Server. Vulnerability Details CVEID: CVE-2015-2808 DESCRIPTION: The RC4 algorithm, as used in the TLS protocol and SSL protocol, could allow a remote attacker to obtain sensitive information. An attacker cou...

Security Bulletin: Vulnerability in RC4 stream cipher affects OpenPages GRC Platform with Application Server (CVE-2015-2808)

Summary The RC4 “Bar Mitzvah” Attack for SSL/TLS affects OpenPages GRC Platform with Application Server. Vulnerability Details CVEID: CVE-2015-2808 DESCRIPTION: The RC4 algorithm, as used in the TLS protocol and SSL protocol, could allow a remote attacker to obtain sensitive information. An...

Security Bulletin: Vulnerability in RC4 stream cipher affects IBM Cognos Insight (CVE-2015-2808)

Summary The RC4 “Bar Mitzvah” Attack for SSL/TLS affects IBM Cognos Insight Vulnerability Details CVEID: CVE-2015-2808 DESCRIPTION: The RC4 algorithm, as used in the TLS protocol and SSL protocol, could allow a remote attacker to obtain sensitive information. An attacker could exploit this...

Security Bulletin: Vulnerability in RC4 stream cipher affects WebSphere Business Compass (CVE-2015-2808)

Summary The RC4 “Bar Mitzvah” Attack for SSL/TLS affects IBM WebSphere Application Server that is used by WebSphere Business Compass. Vulnerability Details CVEID: CVE-2015-2808 DESCRIPTION: The RC4 algorithm, as used in the TLS protocol and SSL protocol, could allow a remote attacker to obtain...

Security Bulletin: Vulnerability in RC4 stream cipher affects IBM Workload Deployer (CVE-2015-2808)

Summary The RC4 “Bar Mitzvah” Attack for SSL/TLS affects IBM Workload Deployer. Vulnerability Details CVEID: CVE-2015-2808 DESCRIPTION: The RC4 algorithm, as used in the TLS protocol and SSL protocol, could allow a remote attacker to obtain sensitive information. An attacker could exploit this...

Security Bulletin: Vulnerability in RC4 stream cipher affects IBM PureApplication System (CVE-2015-2808)

Summary The RC4 “Bar Mitzvah” Attack for SSL/TLS affects IBM PureApplication System. Vulnerability Details CVEID: CVE-2015-2808 DESCRIPTION: The RC4 algorithm, as used in the TLS protocol and SSL protocol, could allow a remote attacker to obtain sensitive information. An attacker could exploit th...

Security Bulletin: Vulnerability in RC4 stream cipher affects IBM WebSphere MQ Internet Pass-Thru (CVE-2015-2808)

Summary The RC4 “Bar Mitzvah” Attack for SSL/TLS affects IBM WebSphere MQ Internet Pass-Thru. Vulnerability Details CVEID: CVE-2015-2808 DESCRIPTION: The RC4 algorithm, as used in the TLS protocol and SSL protocol, could allow a remote attacker to obtain sensitive information. An attacker could...

Security Bulletin: Vulnerability in RC4 stream cipher affects IBM WebSphere MQ (CVE-2015-2808)

Summary The RC4 “Bar Mitzvah” Attack for SSL/TLS affects IBM WebSphere MQ. Vulnerability Details CVEID: CVE-2015-2808 DESCRIPTION: The RC4 algorithm, as used in the TLS protocol and SSL protocol, could allow a remote attacker to obtain sensitive information. An attacker could exploit this...

Security Bulletin: Vulnerability in RC4 stream cipher affects WebSphere eXtreme Scale (CVE-2015-2808)

Summary The RC4 “Bar Mitzvah” Attack for SSL/TLS affects WebSphere eXtreme Scale version 7.1.0, 7.1.1, 8.5, and 8.6. Vulnerability Details CVEID: CVE-2015-2808 DESCRIPTION: The RC4 algorithm, as used in the TLS protocol and SSL protocol, could allow a remote attacker to obtain sensitive...

Security Bulletin: Vulnerability in RC4 stream cipher affects WebSphere DataPower XC10 Appliance V2.1 (CVE-2015-2808)

Summary The RC4 “Bar Mitzvah” Attack for SSL/TLS affects WebSphere DataPower XC10 Appliance Version 2.1. WebSphere DataPower XC10 Appliance Version 2.5 is not affected. Vulnerability Details CVEID: CVE-2015-2808 DESCRIPTION: The RC4 algorithm, as used in the TLS protocol and SSL protocol, could...

Security Bulletin: Security vulnerabilities have been identified in IBM DB2 shipped with WebSphere Remote Server (CVE-2015-2808)

Summary IBM DB2 is shipped as a component of WebSphere Remote Server. Information about security vulnerabilities affecting IBM DB2 has been published in a security bulletin. Vulnerability Details For vulnerability details, see the security bulletin Vulnerability in RC4 stream cipher affects IBM D...

Security Bulletin: Vulnerability in RC4 stream cipher affects server products in WebSphere Dynamic Process Edition (CVE-2015-2808)

Summary The RC4 “Bar Mitzvah” attack for SSL/TLS affects IBM WebSphere Application Server that is used by server products in WebSphere Dynamic Process Edition. Vulnerability Details CVEID: CVE-2015-2808 DESCRIPTION: The RC4 algorithm, as used in the TLS protocol and SSL protocol, could allow a...

Security Bulletin: Vulnerability in RC4 stream cipher affects IBM MQ Light (CVE-2015-2808)

Summary The RC4 “Bar Mitzvah” Attack for SSL/TLS affects IBM MQ Light. Vulnerability Details CVEID: CVE-2015-2808 DESCRIPTION: The RC4 algorithm, as used in the TLS protocol and SSL protocol, could allow a remote attacker to obtain sensitive information. An attacker could exploit this vulnerabili...

Security Bulletin: Vulnerability in RC4 stream cipher affects WebSphere Application Server (CVE-2015-2808)

Summary The RC4 "Bar Mitzvah" for SSL/TLS may affect some configurations of WebSphere Application Server. NOTE: If you are configured for FIPS140-2, Suite B or SP800-131 in your SecuritySSL certificate and key management then you are not affected by this vulnerability or your SSL communication fo...

Automated Modular Cryptanalysis Tool: FeatherDuster

Automated Modular Cryptanalysis Tool FeatherDuster is a tool written by Daniel “unicornfurnace” Crowley of NCC Group for breaking crypto which tries to make the process of identifying and exploiting weak cryptosystems as easy as possible. Cryptanalib is the moving parts behind FeatherDuster, and...

Ruby: Ruby OpenSSL Library - IV Reuse in GCM Mode

Hello, An IV reuse bug was discovered in Ruby's OpenSSL library when using aes-gcm. When encrypting data with aes--gcm, if the IV is set before setting the key, the cipher will default to using a static IV. This creates a static nonce and since aes-gcm is a stream cipher, this can lead to known...

IBM Storwize SSL/TLS RC4 Stream Cipher Key Invariance (Bar Mitzvah)

According to its self-reported version number, the IBM Storwize server running on the remote host is affected by a security feature bypass vulnerability, known as Bar Mitzvah, due to improper combination of state data with key data by the RC4 cipher algorithm during the initialization phase. A...