Avoid The Randomness From The Sky

This is a plea for cryptography specification authors. If your protocol uses randomness, please make it a deterministic function that takes a fixed-size string of random bytes , and publish known-answer tests for it. This whole issue could really be just the paragraph above, but I feel like I nee...

SUSE CVE-2015-2808

The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing network traffic...

SUSE CVE-2019-5163

An exploitable denial-of-service vulnerability exists in the UDPRelay functionality of Shadowsocks-libev 3.3.2. When utilizing a Stream Cipher and a localaddress, arbitrary UDP packets can cause a FATAL error code path and exit. An attacker can send arbitrary UDP packets to trigger this...

Bkcrack - Crack Legacy Zip Encryption With Biham And Kocher's Known Plaintext Attack

Crack legacy zip encryption with Biham and Kocher's known plaintext attack. Overview A ZIP archive may contain many entries whose content can be compressed and/or encrypted. In particular, entries can be encrypted with a password-based Encryption Algorithm symmetric encryption algorithm referred ...

Security Bulletin: Vulnerability in RC4 stream cipher affects IBM HTTP Server and Caching Proxy (CVE-2015-2808)

Summary The RC4 "Bar Mitzvah" SSL/TLS may affect some configurations of the IBM HTTP Server and some configurations of the IBM Caching Proxy for WebSphere Application Server. Vulnerability Details CVEID: CVE-2015-2808 DESCRIPTION: The RC4 algorithm, as used in the TLS protocol and SSL protocol,...

Security Bulletin: Vulnerability in RC4 stream cipher affects WebSphere Business Services Fabric (CVE-2015-2808)

Summary The RC4 “Bar Mitzvah” attack for SSL/TLS affects IBM WebSphere Application Server that is used by WebSphere Business Services Fabric. Vulnerability Details CVEID: CVE-2015-2808 DESCRIPTION: The RC4 algorithm, as used in the TLS protocol and SSL protocol, could allow a remote attacker to...

Security Bulletin: Vulnerability in RC4 stream cipher affects IMS™ Enterprise Suite: Connect API for Java, SOAP Gateway, and Explorer for Development (CVE-2015-2808)

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, IBM SDK, Java Technology Edition, Version 7 Service Refresh 8 that is used the following IMS™ Enterprise Suite components: Connect API for Java, SOAP Gateway, and Explorer for Development. This bulletin also addresse...

Security Bulletin: Vulnerability in RC4 stream cipher affects Multiple N-series Products (CVE-2015-2808)

Summary The RC4 “Bar Mitzvah” Attack for SSL/TLS affects Multiple N-series Products Vulnerability Details CVEID: CVE-2015-2808 DESCRIPTION: The RC4 algorithm, as used in the TLS protocol and SSL protocol, could allow a remote attacker to obtain sensitive information. An attacker could exploit thi...

CVE-2021-32791

modauthopenidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. In modauthopenidc before version 2.4.9, the AES GCM encryption in modauthopenidc uses a static IV and...

CVE-2021-32791

modauthopenidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. In modauthopenidc before version 2.4.9, the AES GCM encryption in modauthopenidc uses a static IV and...

CVE-2021-32791

modauthopenidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. In modauthopenidc before version 2.4.9, the AES GCM encryption in modauthopenidc uses a static IV and...

Security Bulletin: Vulnerability in RC4 stream cipher affects IBM InfoSphere Optim Performance Manager (CVE-2015-2808)

Summary The RC4 “Bar Mitzvah” Attack for SSL/TLS affects IBM InfoSphere Optim Performance Manager. Vulnerability Details CVEID: CVE-2015-2808 DESCRIPTION: The RC4 algorithm, as used in the TLS protocol and SSL protocol, could allow a remote attacker to obtain sensitive information. An attacker...

Security Bulletin: Vulnerability in RC4 stream cipher affects Informix Genero (CVE-2015-2808)

Summary The RC4 “Bar Mitzvah” Attack for SSL/TLS affects Informix Genero. Vulnerability Details CVEID: CVE-2015-2808 DESCRIPTION: The RC4 algorithm, as used in the TLS protocol and SSL protocol, could allow a remote attacker to obtain sensitive information. An attacker could exploit this...

Security Bulletin: Vulnerability in RC4 stream cipher affects IBM DataQuant for Workstation (CVE-2015-2808)

Summary The RC4 “Bar Mitzvah” Attack for SSL/TLS affects IBM DataQuant for Workstation. The RC4 algorithm, as used in the TLS protocol and SSL protocol, could allow a remote attacker to obtain sensitive information. An attacker could exploit this vulnerability to remotely expose account credentia...

Security Bulletin: Vulnerability in RC4 stream cipher affects Rational Synergy (CVE-2015-2808)

Summary The RC4 “Bar Mitzvah” Attack for SSL/TLS affects Rational Synergy. Vulnerability Details CVEID: CVE-2015-2808 DESCRIPTION: The RC4 algorithm, as used in the TLS protocol and SSL protocol, could allow a remote attacker to obtain sensitive information. An attacker could exploit this...

Security Bulletin: Vulnerability in RC4 stream cipher affects Rational Developer for System z (CVE-2015-2808)

Summary The RC4 “Bar Mitzvah” Attack for SSL/TLS affects Rational Developer for System z. Vulnerability Details CVEID: CVE-2015-2808 DESCRIPTION: The RC4 algorithm, as used in the TLS protocol and SSL protocol, could allow a remote attacker to obtain sensitive information. An attacker could explo...

RUSTSEC-2020-0058 crate has been renamed to `cipher`

This crate has been renamed from stream-cipher to cipher. The new repository location is at:...

aesni (>=0.7.0 <=0.9.0), aries-askar (=0.1.2) +28 more potentially affected by unknown CVE via stream-cipher (>=0.4.1 <=0.7.1)

stream-cipher CARGO version =0.4.1, =0.7.0, =0.1.1, =0.1.1, =0.1.0, =0.4.0, =0.5.0, =0.2.0, =0.1.1, =0.1.0, =0.1.0, =0.1.0-pre.1, =0.1.0, =0.3.1, =0.3.9 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2020-0058...

Security Bulletin: Vulnerability in RC4 stream cipher affects Connect:Express for UNIX (CVE-2015-2808)

Summary The RC4 “Bar Mitzvah” Attack for SSL/TLS affects Connect:Express for UNIX Vulnerability Details CVEID: CVE-2015-2808 DESCRIPTION: The RC4 algorithm, as used in the TLS protocol and SSL protocol, could allow a remote attacker to obtain sensitive information. An attacker could exploit this...

Security Bulletin: Vulnerability in RC4 stream cipher affects IBM Sterling Connect:Direct for UNIX (CVE-2015-2808)

Summary The RC4 “Bar Mitzvah” Attack for SSL/TLS affects IBM Sterling Connect:Direct for UNIX. Vulnerability Details CVEID: CVE-2015-2808 DESCRIPTION: The RC4 algorithm, as used in the TLS protocol and SSL protocol, could allow a remote attacker to obtain sensitive information. An attacker could...