Lucene search
K

155 matches found

ThreatPost
ThreatPost
added 2015/01/14 9:24 a.m.10 views

GE Ethernet Switches Have Hard-Coded SSL Key

There is a hard-coded private SSL key present in a number of hardened, managed Ethernet switches made by GE and designed for use in industrial and transportation systems. Researchers discovered that an attacker could extract the key from the firmware remotely. The vulnerability exists in a number...

1.9AI score
Exploits0References2
RedHat Linux
RedHat Linux
added 2014/06/10 12:23 p.m.9 views

openssl: SSL/TLS MITM vulnerability

It was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to use weak keying material for communication. A man-in-the-middle attacker could use this flaw to decrypt and modify traffic between a client and a server...

7.4CVSS6.6AI score0.95326EPSS
Exploits9References8
RedHat Linux
RedHat Linux
added 2014/06/05 3:27 p.m.5 views

openssl: SSL/TLS MITM vulnerability

It was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to use weak keying material for communication. A man-in-the-middle attacker could use this flaw to decrypt and modify traffic between a client and a server...

7.4CVSS6.6AI score0.95326EPSS
Exploits9References8
RedHat Linux
RedHat Linux
added 2014/06/05 2:57 p.m.9 views

openssl: SSL/TLS MITM vulnerability

It was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to use weak keying material for communication. A man-in-the-middle attacker could use this flaw to decrypt and modify traffic between a client and a server...

7.4CVSS6.6AI score0.95326EPSS
Exploits9References8
RedHat Linux
RedHat Linux
added 2014/06/05 2:56 p.m.7 views

openssl: SSL/TLS MITM vulnerability

It was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to use weak keying material for communication. A man-in-the-middle attacker could use this flaw to decrypt and modify traffic between a client and a server...

7.4CVSS6.6AI score0.95326EPSS
Exploits9References8
RedHat Linux
RedHat Linux
added 2014/06/05 11:51 a.m.3 views

openssl: SSL/TLS MITM vulnerability

It was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to use weak keying material for communication. A man-in-the-middle attacker could use this flaw to decrypt and modify traffic between a client and a server...

7.4CVSS6.6AI score0.95326EPSS
Exploits9References8
RedHat Linux
RedHat Linux
added 2014/06/05 11:50 a.m.3 views

openssl: SSL/TLS MITM vulnerability

It was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to use weak keying material for communication. A man-in-the-middle attacker could use this flaw to decrypt and modify traffic between a client and a server...

7.4CVSS6.6AI score0.95326EPSS
Exploits9References8
Cvelist
Cvelist
added 2012/12/23 9:0 p.m.24 views

CVE-2012-4698

Siemens RuggedCom Rugged Operating System ROS before 3.12, ROX I OS through 1.14.5, ROX II OS through 2.3.0, and RuggedMax OS through 4.2.1.4621.22 use hardcoded private keys for SSL and SSH communication, which makes it easier for man-in-the-middle attackers to spoof servers and decrypt network...

6.4AI score0.01134EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2012/11/19 12:0 a.m.92 views

SSL Certificate Signed with the Compromised FortiGate Key

The X.509 certificate of the remote host was signed by a certificate belonging to a Certificate Authority CA found in FortiGate devices. The private key corresponding to the CA has been compromised, meaning that the remote host's X.509 certificate cannot be trusted. Certificate chains descending...

5.3CVSS5.4AI score0.00336EPSS
Exploits0References1
F5 Networks
F5 Networks
added 2012/06/05 12:0 a.m.26 views

SOL13607 - Hosts may generate weak RSA keys under low entropy conditions

A recent study, linked in the Supplemental Information section, has revealed that when a system generates new RSA keys under low-entropy conditions, such as during the first system boot, the resulting keys may not be cryptographically strong. During its first boot, the BIG-IP system generates...

1.2AI score
Exploits0References7Affected Software11
The Hacker News
The Hacker News
added 2011/10/24 2:14 p.m.10 views

Tor anonymizing network Compromised by French researchers

Tor anonymizing network Compromised by French researchers French researchers from ESIEA, a French engineering school, have found and exploited some serious vulnerabilities in the TOR network. They performed an inventory of the network, finding 6,000 machines, many of whose IPs are accessible...

6.9AI score
Exploits0
The Hacker News
The Hacker News
added 2011/10/24 2:14 p.m.4 views

Tor anonymizing network Compromised by French researchers

Tor anonymizing network Compromised by French researchers French researchers from ESIEA, a French engineering school, have found and exploited some serious vulnerabilities in the TOR network. They performed an inventory of the network, finding 6,000 machines, many of whose IPs are accessible...

7.4AI score
Exploits0
NVD
NVD
added 2010/06/16 8:30 p.m.30 views

CVE-2010-2306

The default installation of Sourcefire 3D Sensor 1000, 2000, and 9900; and Defense Center 1000; uses the same static, private SSL keys for multiple devices and installations, which allows remote attackers to decrypt SSL traffic via a man-in-the-middle MITM attack...

4.3CVSS6.7AI score0.0146EPSS
Exploits0References8
Cvelist
Cvelist
added 2009/05/27 4:0 p.m.45 views

CVE-2009-1473

The 1 Windows and 2 Java client programs for the ATEN KH1516i IP KVM switch with firmware 1.0.063 and the KN9116 IP KVM switch with firmware 1.1.104 do not properly use RSA cryptography for a symmetric session-key negotiation, which makes it easier for remote attackers to a decrypt network traffi...

6.7AI score0.03191EPSS
Exploits0References4
CVE
CVE
added 2001/09/18 4:0 a.m.271 views

CVE-2001-0361

CVE-2001-0361 affects SSH v1.5 implementations, notably OpenSSH up to 2.3.0, AppGate, and ssh-1 up to 1.2.31, when configured in certain ways. The issue enables a remote attacker to decrypt and/or alter traffic via a Bleichenbacher attack on PKCS#1 version 1.5. The connected PT security entries (...

4CVSS9.2AI score0.02501EPSS
Exploits0References10Affected Software2
Rows per page
Query Builder