17 matches found
MITRE: CVE-2019-15126 Specifically timed and handcrafted traffic can cause internal errors (related to state transitions) in a WLAN device
An issue was discovered on Broadcom Wi-Fi client devices. Specifically timed and handcrafted traffic can cause internal errors related to state transitions in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for a...
SUSE: Security Advisory (SUSE-SU-2012:0283-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2012:0260-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Billions of Devices Open to Wi-Fi Eavesdropping Attacks
SAN FRANCISCO — A serious vulnerability in Wi-Fi chips has been discovered that affects billions of devices worldwide, according to researchers. It allows attackers to eavesdrop on Wi-Fi communications. The bug CVE-2019-15126 stems from the use of an all-zero encryption key in chips made by...
New Wi-Fi Encryption Vulnerability Affects Over A Billion Devices
Cybersecurity researchers today uncovered a new high-severity hardware vulnerability residing in the widely-used Wi-Fi chips manufactured by Broadcom and Cypress—apparently powering over a billion devices, including smartphones, tablets, laptops, routers, and IoT gadgets. Dubbed 'Kr00k' and track...
EAPHammer - Targeted Evil Twin Attacks Against WPA2-Enterprise Networks [Indirect Wireless Pivots Using Hostile Portal Attacks]
EAPHammer is a toolkit for performing targeted evil twin attacks against WPA2-Enterprise networks. It is designed to be used in full scope wireless assessments and red team engagements. As such, focus is placed on providing an easy-to-use interface that can be leveraged to execute powerful wirele...
Targeted WPA2-Enterprise Evil Twin Attacks: eaphammer
Targeted WPA2-Enterprise Evil Twin Attacks EAPHammer is a toolkit for performing targeted evil twin attacks against WPA2-Enterprise networks. It is designed to be used in full scope wireless assessments and red team engagements. As such, focus is placed on providing an easy-to-use interface that...
Number of Devices Sharing Private Crypto Keys Up Sharply
Researchers at SEC Consult say the number of internet gateways, routers, modems and other embedded devices sharing cryptographic keys and certificates is up 40 percent since the Austrian consulting firm first looked at the problem in November. The report, posted Tuesday called “House of Keys,”...
openSUSE Security Update : NetworkManager-gnome (openSUSE-SU-2012:0101-1)
NetworkManager did not pin a certificate's subject to an ESSID. A rogue access point could therefore be used to conduct MITM attacks by using any other valid certificate issued by same CA as used in the original network CVE-2006-7246. Please note that existing WPA2 Enterprise connections need to ...
openSUSE Security Update : NetworkManager (openSUSE-SU-2011:1273-1)
NetworkManager did not pin a certificate's subject to an ESSID. A rogue access point could therefore be used to conduct MITM attacks by using any other valid certificate issued by same CA as used in the original network CVE-2006-7246. Please note that existing WPA2 Enterprise connections need to ...
openSUSE Security Update : NetworkManager-gnome / NetworkManager / wpa_supplicant / etc (openSUSE-2011-15)
NetworkManager did not pin a certificate's subject to an ESSID. A rogue access point could therefore be used to conduct MITM attacks by using any other valid certificate issued by same CA as used in the original network CVE-2006-7246. Please note that existing WPA2 Enterprise connections need to ...
SuSE 10 Security Update : NetworkManager (ZYPP Patch Number 7957)
NetworkManager did not pin a certificate's subject to an ESSID. A rogue access point could therefore be used to conduct MITM attacks by using any other valid certificate issued by same CA as used in the original network. CVE-2006-7246 Please note that existing WPA2 Enterprise connections need to ...
SuSE 11.1 Security Update : NetworkManager-gnome (SAT Patch Number 5621)
NetworkManager did not pin a certificate's subject to an ESSID. A rogue access point could therefore be used to conduct MITM attacks by using any other valid certificate issued by same CA as used in the original network. CVE-2006-7246 Please note that existing WPA2 Enterprise connections need to ...
openSUSE Security Update : NetworkManager-gnome (NetworkManager-gnome-1877)
nm-applet connected to WPA2 Enterprise networks even if the specified CA certificate file didn't exist CVE-2009-4144. When editing connections in nm-applet the connection object was exported via DBus disclosing potentially sensitive information to local users CVE-2009-4145. %NASLMINLEVEL 70300 C...
openSUSE Security Update : NetworkManager-gnome (NetworkManager-gnome-1877)
nm-applet connected to WPA2 Enterprise networks even if the specified CA certificate file didn't exist CVE-2009-4144. When editing connections in nm-applet the connection object was exported via DBus disclosing potentially sensitive information to local users CVE-2009-4145. %NASLMINLEVEL 70300 C...
SuSE 11 Security Update : NetworkManager-gnome (SAT Patch Number 1879)
The following bugs have been fixed : - nm-applet connected to WPA2 Enterprise networks even if the specified CA certificate file didn't exist. CVE-2009-4144 - When editing connections in nm-applet the connection object was exported via DBus disclosing potentially sensitive information to local...
DoS Vulnerability in Aruba Mobility Controller Caused by Malformed EAP Frame (Aruba Advisory ID: AID-12808)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Aruba Networks Security Advisory Title: DoS Vulnerability in Aruba Mobility Controller Caused by Malformed EAP Frame. Aruba Advisory ID: AID-12808 Revision: 1.0 For Public Release on 12/8/2008 +----------------------------------------------------...