Microsoft Windows 10 offers a biometric authentication mechanism using "near infrared" face recognition technology with specific Windows Hello compatible cameras. Due to an insecure implementation of the biometric face recognition in some Windows 10 versions, it is possible to bypass the Windows Hello face authentication via a simple spoofing attack using a modified printed photo of an authorized person.
a28797336445a321ee3b9f535cf1f6527d20a26299595c9bcfc659a304c665cdWhitepaper call Of Mice and Keyboards. This write up gives you an overview on the security of modern wireless desktop sets.
a23b6c71f4bc4c2bb5db90ee5bab0a7cd56644257573acdf96d51e19d1e89e12HP ERK-321A is a wireless desktop set consisting of a mouse and a keyboard.
397d0a3e42b49ff649457998978949155ade071f9d5b96485fc2ed32dcb78d1bMATESO GmbH Password Safe and Repository Enterprise 7.4.4 build 2247 suffers from poor credential management using unsalted MD5 hashes.
5105c7b2f62190c0c64b2e7931b0d6a3d0fb7d876c939151bd3f4bae8acd7cdbMATESO GmbH Password Safe and Repository Enterprise version 7.4.4 build 2247 suffers from a remote SQL injection vulnerability.
9046651535626d2b33a64b0d5d4c33312e2e5842f722ec1cffb1649ca49e6f7bSySS GmbH found out that the radio communication protocol used by the ABUS Secvest wireless alarm system (FUAA50000) and its remote control (FUBE50013) is not protected against replay attacks. Therefore, an attacker can record the radio signal of a wireless remote control, for example using a software-defined radio, when the alarm system is disarmed by its owner, and play it back at a later time in order to disable the alarm system at will.
8a8d17e3da23eea63578ceb1aa4e218702f1cf2045f0bebd979c6137285f27e3Due to an insecure implementation of the used 868 MHz radio communication, the wireless alarm system Blaupunkt Smart GSM Alarm SA 2500 Kit is vulnerable to replay attacks.
4a74349e30018d4eadb03382d40421e1c607aee428fa11c9c661fca820e654b2Olympia Protect 9061 article number 5943 revision 03 suffers from missing protection against replay attacks.
b73813379c9c7ae3a3ca7625ea543b01df7c00b2718c1c9ba66959c0c4a4ff2dEASY HOME Alarmanlagen-Set MAS-S01-09 suffers from missing protection against replay attacks.
aa11c4d5d771f9d150ecfead9f82a16873ca84a8146387dc50c052e29720ecb1Targus Multimedia Presentation Remote model AMP09-EU suffers from insufficient verification of data authenticity and mouse spoofing attack vulnerabilities.
b3def5d05bb4819e89bfed1fab53b23c338e083cfeb3a6430b3bc9a5b6fe05d9Logitech Wireless Presenter R400 model R-R0008 suffers from insufficient verification of data authenticity and keystroke injection vulnerabilities.
b95a7d7cee69a85a9d26c861809fc74fef182a924822a11b83c0d10e161dad07Microsoft Wireless Desktop 2000 version A suffers from cryptographic issues and replay attacks.
5b91e6090047fef94d34dd0fd973cc4e86a6c54ee1ac8d86d8a8818ca9bfdecaWireless Keyboard Set LX901 model GK900 is missing protection against replay attacks.
76381a4aa95212b548a5c57eb1416134f9c09f4ceba809253b945b2d5b315328Microsoft Wireless Desktop 2000 version A suffers from insufficient protection of code (firmware) and data (cryptographic key).
a2e84bef4f1b103936ce31df00ad89196bd85c85162d189f4577c1a150082ee0The Perixx PERIDUO-710W KG-1027 mouse suffers from insufficient verification of data authenticity allowing for a spoofing attack.
f4bc0516c208b0307fe50d327f89c8d288ef83ffc61506179cd54509362894b3The CHERRY B.UNLIMITED AES JD-0400EU-2/01 mouse suffers from insufficient verification of data authenticity allowing for a spoofing attack.
1638ec208f8e37eaf9b5a1c43ce2ce9035fedf7e2ee03ce599899ee97a9d2669The Logitech M520 Y-R0012 mouse suffers from insufficient verification of data authenticity allowing for a spoofing attack.
b5b536b4797a8eff1eb40c967a4bdf37db110f16f71fc0a6f0da5e15e92a9b27In this paper, the authors describe how the violation of secure design principles can cause authentication bypass vulnerabilities that were found in current endpoint protection software products of different vendors in 2015. All the discussed security vulnerabilities have been reported to the manufacturers of the affected software products according to our responsible disclosure policy and were publicly disclosed in several SySS security advisories and in a talk at the IT security conference DeepSec 2015.
16bdb44dfe3a5da3e0a9b5376b22c5274d1bfbf4ba7e2ff6870b90b93b63eb07The SySS GmbH found out that the web server of VMware ESXi 6 is vulnerable to HTTP response injection attacks, as arbitrarily supplied URL parameters are copied in the HTTP header Location of the server response without sufficient input validation. Thus, an attacker can create a specially crafted URL with a specific URL parameter that injects attacker-controlled data to the response of the VMware ESXi web server. Depending on the context, this allows different attacks. If such a URL is visited by a victim, it may for example be possible to set web browser cookies in the victim's web browser, execute arbitrary JavaScript code, or poison caches of proxy servers.
0ea7840b55195ffc59088e4202c17bca17d25971220fb512df76ebf66e0575f9CHERRY B.UNLIMITED AES version JD-0400EU-2/01 suffers from cryptographic issues and replay attack vulnerabilities.
3737c6b837cb5779da05eb65eeceaa868fb36d30c20fac2a630e28c5168f4313Microsoft Wireless Desktop 2000 suffers from insufficient verification of data authenticity and mouse spoofing vulnerabilities.
bc89d14332c2b68a2ee9f6c37aaad16729c3eaea94ed00aa4a432e5198e87c01Perixx Computer PERIDUO-710W suffers from cryptographic issues and keystroke injection vulnerabilities.
8a417656e3f50e51e5bc8be30c76990235aac75b6972f2542d7dafd6526a1364Perixx Computer PERIDUO-710W suffers from insufficient protection of code (firmware) and data (cryptographic key).
38f937f8061cad43b21e684ff35b905293604b2bc0497e65235d623d04f62a1cPerixx Computer PERIDUO-710W suffers from cryptographic issues and replay attack vulnerabilities.
1a00902e3cc0b35718d10d3b1e91ac8b418d375cddc8f60c930a86c9a262dc22Logitech K520 keyboards suffer form cryptographic issues and insufficient protection against replay attacks.
02220b6a6fed68dae857d702f9529ab8a00d04c1577c2ca7f2ea7e090a2225d2
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed