678 matches found
Novell BorderManager ISAKMP weak cryptography
Predictable cookie generation allows DoS and replay attacks...
Password Safe 3.0beta weak cryptography in PRNG
rand is used on systems different from Windows XP...
Perl Crypt::CBC module weak cryptography
Invalid Initialization vector generation algorithm for block cyphers with blocks different from 8 bytes Rijndael...
CVE-2005-4860
Spectrum Cash Receipting System before 6.504 uses weak cryptography static substitution in the PASSFILE password file, which makes it easier for local users to gain privileges by decrypting a password...
PT-2005-5521 · Spectrum · Spectrum Cash Receipting System
Name of the Vulnerable Software and Affected Versions: Spectrum Cash Receipting System versions prior to 6.504 Description: The issue concerns the use of weak cryptography, specifically static substitution, in the PASSFILE password file. This weakness makes it easier for local users to gain...
Avaya wireless access points weak cryptography
Static WEP key 12345 is used...
CVE-2004-2555
Riverdeep FoolProof Security 3.9.x on Windows 98/ME is affected by a cryptographic weakness: the product uses arithmetic and XOR operations to relate the Control password to the Administrator password, enabling local users who know the Control password and password recovery key to compute the Adm...
CVE-2004-2555
Riverdeep FoolProof Security 3.9.x on Windows 98 and Windows ME uses weak cryptography arithmetic and XOR operations to relate the Control password to the Administrator password, which allows local users to calculate the Administrator password if they know the Control password and password recove...
PasswordSafe weak cryptography
Key derived from user password with fast algorythm is used as a key for block cypher, making it easy to bruteforce user password...
OpenSSL SSL 2.0 rollback (weak cryptography)
Active man-in-the-middle attacker can force rollback to SSL 2.0 protocol with known cryptographic weakness for both client and server if SSLOPMSIESSLV2RSAPADDING or SSLOPALL configuration option is enabled...
PostgreSQL weak cryptography
Username is used as a salt for MD5-hashed passwords. In addition, during authentication hash may be used directly without knowledge of cleartext password...
CVE-2004-2555
Riverdeep FoolProof Security 3.9.x on Windows 98 and Windows ME uses weak cryptography arithmetic and XOR operations to relate the Control password to the Administrator password, which allows local users to calculate the Administrator password if they know the Control password and password recove...
Sygate Secure Enterprise replay attacks
Weak cryptography in communications between server and client doesn't protect against replay attacks...
ProductCart 1.x/2.x - Weak Cryptography
source: https://www.securityfocus.com/bid/9669/info EarlyImpact ProductCart is reportedly prone to multiple vulnerabilities. The specific issues include SQL injection, cross-site scripting and cryptographic weaknesses. These issues could expose sensitive data such as user credentials and allow fo...
CVE-2003-0148
The default installation of MSDE via McAfee ePolicy Orchestrator 2.0 through 3.0 allows attackers to execute arbitrary code via a series of steps that 1 obtain the database administrator username and encrypted password in a configuration file from the ePO server using a certain request, 2 crack t...
CVE-2003-0148
The default installation of MSDE via McAfee ePolicy Orchestrator 2.0 through 3.0 allows attackers to execute arbitrary code via a series of steps that 1 obtain the database administrator username and encrypted password in a configuration file from the ePO server using a certain request, 2 crack t...
Adobe Acrobat Reader plugin trojaning
Because of weak cryptography it's possible to spoof Adobe signature for Acrobat Reader plugins...
icsa.certified.weak.crypto.txt
Date: Thu, 27 May 1999 00:24:26 -0700 From: Lucky Green To: [email protected] Subject: ICSA certifies weak crypto as secure I am becoming concerned about the apparent lack of professional competence within even well-known segments of the security community. I hope the incident I discovered is ...