20 matches found
HP Integrated Lights-Out Cryptographic Issues (CVE-2016-4379)
The TLS implementation in HPE Integrated Lights-Out 3 aka iLO3 firmware before 1.88 does not properly use a MAC protection mechanism in conjunction with CBC padding, which allows remote attackers to obtain sensitive information via a padding-oracle attack, aka a Vaudenay attack. This plugin only...
OpenSSL 0.9.6 < 0.9.6i Vulnerability
The version of OpenSSL installed on the remote host is prior to 0.9.6i. It is, therefore, affected by a vulnerability as referenced in the 0.9.6i advisory. - ssl3getrecord in s3pkt.c for OpenSSL before 0.9.7a and 0.9.6 before 0.9.6i does not perform a MAC computation if an incorrect block cipher...
Security Bulletin: IBM Informix Cryptographic Library Updates (CVE-2012-2190, CVE-2012-2191, CVE-2012-2203)
Abstract Multiple security problems exist in the IBM GSKit libraries that IBM Informix and IBM Informix ClientSDK use to provide communications security and other cryptographic functionality. Content CVE ID: CVE-2012-2190 DESCRIPTION: GSKit allows remote attackers to cause a denial of service...
OpenSSL: Timing-based attacks on SSL/TLS with CBC encryption (CVE-2003-0078) - Windows
OpenSSL is prone to timing-based attacks on SSL/TLS with CBC encryption. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is fre...
OpenSSL: Timing-based attacks on SSL/TLS with CBC encryption (CVE-2003-0078) - Linux
OpenSSL is prone to timing-based attacks on SSL/TLS with CBC encryption. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is fre...
F5 BIG-IP - TMM SSL/TLS virtual server vulnerability CVE-2016-6907
TMM SSL/TLS virtual server using CBC cipher may be vulnerable to a SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/h:f5:big-ip"; if...
F5 Networks BIG-IP : TMM SSL/TLS virtual server vulnerability (K39508724)
TMM SSL/TLS virtual server using CBC cipher may be vulnerable to a 'Vaudenay timing attack' aka 'Padding oracle attack.'CVE-2016-6907 The BIG-IP system may be vulnerable to a padding oracle attack on the following platforms : The VIPRION B4450 blade and BIG-IP 2000 and 4000 series platforms are...
CVE-2016-4379
The TLS implementation in HPE Integrated Lights-Out 3 aka iLO3 firmware before 1.88 does not properly use a MAC protection mechanism in conjunction with CBC padding, which allows remote attackers to obtain sensitive information via a padding-oracle attack, aka a Vaudenay attack...
CVE-2016-4379
The TLS implementation in HPE Integrated Lights-Out 3 aka iLO3 firmware before 1.88 does not properly use a MAC protection mechanism in conjunction with CBC padding, which allows remote attackers to obtain sensitive information via a padding-oracle attack, aka a Vaudenay attack...
Design/Logic Flaw
The TLS implementation in HPE Integrated Lights-Out 3 aka iLO3 firmware before 1.88 does not properly use a MAC protection mechanism in conjunction with CBC padding, which allows remote attackers to obtain sensitive information via a padding-oracle attack, aka a Vaudenay attack...
CVE-2016-4379
The TLS implementation in HPE Integrated Lights-Out 3 aka iLO3 firmware before 1.88 does not properly use a MAC protection mechanism in conjunction with CBC padding, which allows remote attackers to obtain sensitive information via a padding-oracle attack, aka a Vaudenay attack...
CVE-2012-2191
IBM Global Security Kit aka GSKit before 8.0.14.22, as used in IBM Rational Directory Server, IBM Tivoli Directory Server, and other products, does not properly validate data during execution of a protection mechanism against the Vaudenay SSL CBC timing attack, which allows remote attackers to...
Vulnerability in OpenSSL - DTLS Plaintext Recovery Attack
OpenSSL was susceptable an extension of the Vaudenay padding oracle attack on CBC mode encryption which enables an efficient plaintext recovery attack against the OpenSSL implementation of DTLS by exploiting timing differences arising during decryption processing. Found by Nadhem Alfardan and Ken...
MS10-070 ASP.NET Padding Oracle File Download
!/usr/bin/ruby -w aspxpochotextattack.rb Copyright c 2010 AmpliaSECURITY. All rights reserved http://www.ampliasecurity.com Agustin Azubel - [email protected] MS10-070 ASPX proof of concept Decrypt data using Vaudenay's cbc-padding-oracle-side-channel Encrypt data using Rizzo-Duong CBC-R...
CVE-2003-0078
CVE-2003-0078 affects OpenSSL: ssl3_get_record in s3_pkt.c does not perform a MAC when padding is incorrect, causing a timing side channel that could aid padding/MAC verification discrimination and potentially lead to plaintext recovery. The vulnerability applies to OpenSSL versions before 0.9.7a...
CVE-2003-0078
ssl3getrecord in s3pkt.c for OpenSSL before 0.9.7a and 0.9.6 before 0.9.6i does not perform a MAC computation if an incorrect block cipher padding is used, which causes an information leak timing discrepancy that may make it easier to launch cryptographic attacks that rely on distinguishing betwe...
security flaw
ssl3getrecord in s3pkt.c for OpenSSL before 0.9.7a and 0.9.6 before 0.9.6i does not perform a MAC computation if an incorrect block cipher padding is used, which causes an information leak timing discrepancy that may make it easier to launch cryptographic attacks that rely on distinguishing betwe...
security flaw
ssl3getrecord in s3pkt.c for OpenSSL before 0.9.7a and 0.9.6 before 0.9.6i does not perform a MAC computation if an incorrect block cipher padding is used, which causes an information leak timing discrepancy that may make it easier to launch cryptographic attacks that rely on distinguishing betwe...
CVE-2003-0078
ssl3getrecord in s3pkt.c for OpenSSL before 0.9.7a and 0.9.6 before 0.9.6i does not perform a MAC computation if an incorrect block cipher padding is used, which causes an information leak timing discrepancy that may make it easier to launch cryptographic attacks that rely on distinguishing betwe...
DEBIAN-CVE-2003-0078
ssl3getrecord in s3pkt.c for OpenSSL before 0.9.7a and 0.9.6 before 0.9.6i does not perform a MAC computation if an incorrect block cipher padding is used, which causes an information leak timing discrepancy that may make it easier to launch cryptographic attacks that rely on distinguishing betwe...