TLS Certificate Signed Using Weak Hashing Algorithm - SHA-1

Binary data 7200.pasl...

TLS Certificate Signed Using Weak Hashing Algorithm - MD5

Binary data 7201.pasl...

Siemens SIMATIC STEP 7 TIA Portal Vulnerabilities

OVERVIEW Aleksandr Timorin from Positive Technologies has identified authentication vulnerabilities in the Siemens SIMATIC STEP 7 TIA Portal application. Siemens has produced a service pack that mitigates these vulnerabilities. AFFECTED PRODUCTS The following Siemens products are affected: SIMATI...

Schneider Electric SCADA Expert ClearSCADA Vulnerabilities (Update A)

OVERVIEW This updated advisory is a follow-up to the original advisory titled ICSA-14-259-01 Schneider Electric SCADA Expert ClearSCADA Vulnerabilities that was published September 16, 2014, on the NCCIC/ICS-CERT web site. Independent researcher Aditya Sood has identified a weak hashing algorithm...

json-c security vulnerabilities

Buffer overflow, weak hashing algorithm...

PT-2013-77: Using a weak hashing algorithm in SIMATIC WinCC Open Architecture

The specialists of the Positive Research center have detected an Using a weak hashing algorithm vulnerability in SIMATIC WinCC Open Architecture. The SIMATIC WinCC OA server application has a weak hashing algorithm for project users’ credentials. Attackers might be able to escalate their privileg...

Aastra IP Telephone hardcoded telnet admin password

Aastra IP Telephone hardcoded telnet admin password --------------------------------------------------- Affected products ================= Aastra 6753i IP Telephone Firmware Version 3.2.2.56 Firmware Release Code SIP Boot Version 2.5.2.1010 Background ========== "The 6753i from Aastra offers...

Design/Logic Flaw

/opt/rv/Versions/CurrentVersion/Mcu/Config/Mcu.val in Cisco Unified Videoconferencing UVC System 5110 and 5115, when the Linux operating system is used, uses a weak hashing algorithm for the 1 administrator and 2 operator passwords, which makes it easier for local users to obtain sensitive...

CVE-2010-4302

Cisco CVE-2010-4302 affects Cisco Unified Videoconferencing (UVC) System 5110/5115 on Linux, where /opt/rv/Versions/CurrentVersion/Mcu/Config/Mcu.val uses a weak hashing algorithm for administrator and operator passwords. This weak hashing enables local users to recover cleartext passwords of adm...

Wind River Systems VxWorks weak default hashing algorithm in standard authentication API (loginLib)

Overview The hashing algorithm that is used in the standard authentication API for VxWorks is susceptible to collisions. An attacker can brute force a password by guessing a string that produces the same hash as a legitimate password. Description An attacker with a known username and access to a...

SSL Certificate Signed Using Weak Hashing Algorithm

Binary data 4803.prm...

SSL Certificate Signed Using Weak Hashing Algorithm

The remote service uses an SSL certificate chain that has been signed using a cryptographically weak hashing algorithm e.g. MD2, MD4, MD5, or SHA1. These signature algorithms are known to be vulnerable to collision attacks. An attacker can exploit this to generate another certificate with the sam...

SurgeFTP admin account bruteforcable

SurgeFTP admin account bruteforcable AFFECTED SYSTEMS SurgeFTP = 2.0f on a win32 platform, should give the same results on nix DESCRIPTION SurgeFTP uses the same extremely weak hashing algorithm as the NWauth module to store the admin password, but adding a fixed 'salting' value which is "qr"...