5 matches found
Missing Cryptographic Step in cassproject
Impact CaSS Library, npm:cassproject has a missing cryptographic step when storing cryptographic keys that can allow a server administrator access to an account’s cryptographic keys. This affects CaSS servers using standalone username/password authentication, which uses a method that expects e2e...
GHSA-7QCX-4P32-QCMX Missing Cryptographic Step in cassproject
Impact CaSS Library, npm:cassproject has a missing cryptographic step when storing cryptographic keys that can allow a server administrator access to an account’s cryptographic keys. This affects CaSS servers using standalone username/password authentication, which uses a method that expects e2e...
Lack of Encryption Leads to Large Scale Cookie Exposure
LAS VEGAS—There’s been an abundance of attacks against crypto over the last few years but a much simpler, scarier threat, cookie hijacking, remains significantly overlooked in the eyes of researchers. Two academics, Suphannee Sivakorn, a PhD student at Columbia University, and Jason Polakis, an...
Weak Bank Password Policies Leave 350 Million Vulnerable, Say Researchers
Should passwords that protect your financial data be less secure than the ones used to lock up selfies, cat videos and tweets swapped on social networks? In a study that looked at the password strength required to access website account for Wells Fargo, Capital One and 15 other banks, researchers...
MSN Passport accounts remote DoS code
No description provided by source. !/usr/bin/perl by: Simo aka 6mOHaCk 1 december 2005 MorX security research team www.morx.org Details: it seems that msn passport users using services such hotmail email and msn messenger and more ...