395 matches found
nss: false start PR_Recv information disclosure security issue
A flaw was found in the way TLS False Start was implemented in NSS. An attacker could use this flaw to potentially return unencrypted information from the server...
Bilyoner apps insecure data transmission
Under some conditions data is sent unencrypted...
Skype leaves Sensitive User Data Unencrypted Locally On Computers
An application should always encrypt users' sensitive data, either it is local or stored on company servers, but still many popular services failed to provide fully secured solutions to their users. Cristian Dinu DrOptix and Dragoş Gaftoneanu, Romanian programmers at Hackyard Security Group, a...
Viber's Poor Data Security Practices Threaten Users' Privacy
Last week we reported a critical vulnerability in the world's most popular messaging application WhatsApp, that could expose users’ GPS location data to hackers and was discovered by the researchers at UNH Cyber Forensics Research & Education Group. Same Group of researchers reported new set of...
Safari Stores Previous Browsing Session Data Unencrypted
Users of Apple’s Safari browser are at risk for information loss because of a feature common to most browsers that restores previous sessions. The problem with Safari is that it stores session information including authentication credentials used in previous HTTPS sessions in a plaintext XML file...
Apple Remote Desktop Information Disclosure Vulnerability
Apple Remote Desktop is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Apple Patches Remote Desktop Flaw
Apple has released a fix for a vulnerability in its Remote Desktop product that could result in sensitive data not being encrypted, even when users have the product configured to send all data in encrypted form. The vulnerability can lead to information leakage and Apple says the issue affects...
Veterans Affairs breaches
The Department of Veterans Affairs was hit on two separate occasions by breaches in 2006. 26.5 million Veterans and their families had their names, Social Security numbers and dates of birth lifted after a laptop was swiped from an employee’s home in May. The laptop was retrieved in August and tw...
CVE-2011-1717
Skype for Android stores sensitive user data without encryption in sqlite3 databases that have weak permissions, which allows local applications to read user IDs, contacts, phone numbers, date of birth, instant message logs, and other private information...
SuSE 11 Security Update : pidgin (SAT Patch Number 1604)
This update of pidgin fixes the following issues : - Allowed to send confidential data unencrypted even if SSL was chosen by user. CVE-2009-3026: CVSS v2 Base Score: 5.0 - Remote denial of service in yahoo IM plug-in. CVE-2009-3025: CVSS v2 Base Score: 4.3 - Remote denial of service in MSN plug-i...
Hatena Toolbar sends URL information unecnrypted
Overview Hatena Toolbar improperly sends URL information to the Hatena server without being encrypted when a user views a web page secured by SSL. Impact When a user of Hatena Toolbar views a SSL secured web page, an attacker could obtain the information contained in the URL such as a session ID...
CVE-2006-5806
SSL VPN Client in Cisco Secure Desktop before 3.1.1.45, when configured to spawn a web browser after a successful connection, stores sensitive browser session information in a directory outside of the CSD vault and does not restrict the user from saving files outside of the vault, which is not...
Datakeys tokens/smart cards weak encryption
All data between computer and device are transmitted unencrypted...
NIS Server Detection
The remote host is an NIS Network Information Service server. NIS is used to share usernames, passwords, and other sensitive information among the hosts claiming to be within a given NIS domain and passes this information over the network unencrypted. C Tenable Network Security, Inc...
Telnet Service Detection
The Telnet service is running. This service is dangerous in the sense that it is not ciphered - that is, everyone can sniff the data that passes between the telnet client and the telnet server. This includes logins and passwords. C Tenable Network Security, Inc. include"compat.inc"; ifdescription...