Twenty Year Anniversary
Showing 1 - 25 of 268 RSS Feed

Crypto Files

Debian Security Advisory 4296-1
Posted Sep 18, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4296-1 - Two vulnerabilities were discovered in mbedtls, a lightweight crypto and SSL/TLS library which could result in plain text recovery via side-channel attacks.

tags | advisory, crypto, vulnerability
systems | linux, debian
advisories | CVE-2018-0497, CVE-2018-0498
MD5 | 59293157a0f21f3228071e876b5a0988
RSA BSAFE SSL-J / Crypto-J Heap Clearing / Timing Channel
Posted Sep 7, 2018
Site emc.com

RSA BSAFE SSL-J versions prior to 6.2.4 contain a heap inspection vulnerability that could allow an attacker with physical access to the system to recover sensitive key material. RSA BSAFE SSL-J versions prior to 6.2.4 contain a covert timing channel vulnerability during RSA decryption, also known as a Bleichenbacher attack on RSA decryption. A remote attacker may be able to recover a RSA key. RSA BSAFE Crypto-J versions prior to 6.2.4 and RSA BSAFE SSL-J versions prior to 6.2.4 contain a covert timing channel vulnerability during PKCS #1 unpadding operations, also known as a Bleichenbacher attack. A remote attacker may be able to recover a RSA key.

tags | advisory, remote, crypto
advisories | CVE-2018-11068, CVE-2018-11069, CVE-2018-11070
MD5 | 65bd17cba7e1cb8b4a7d5f9f32cb3a8e
RSA BSAFE Micro Edition Suite / Crypto-C Micro Edition Overflow / DoS
Posted Aug 29, 2018
Site emc.com

RSA BSAFE Micro Edition Suite and Crypto-C Micro Edition suffer from resource exhaustion, integer overflow, improper clearing of heap memory, covert timing channel, and buffer over-read vulnerabilities.

tags | advisory, overflow, crypto, vulnerability
advisories | CVE-2018-11054, CVE-2018-11055, CVE-2018-11056, CVE-2018-11057, CVE-2018-11058
MD5 | 7f36cb3747b5ff6824d98003f1658462
Ubuntu Security Notice USN-3727-1
Posted Aug 1, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3727-1 - It was discovered that Bouncy Castle incorrectly handled certain crypto algorithms. A remote attacker could possibly use these issues to obtain sensitive information, including private keys.

tags | advisory, remote, crypto
systems | linux, ubuntu
advisories | CVE-2015-6644, CVE-2016-1000341, CVE-2016-1000346
MD5 | 6c82547bd80b4fdc261181f54ff1ebb8
Ubuntu Security Notice USN-3616-2
Posted Apr 9, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3616-2 - USN-3616-1 fixed a vulnerability in Python Crypto. This update provides the corresponding update for Ubuntu 12.04 ESM. It was discovered that Python Crypto incorrectly generated ElGamal key parameters. A remote attacker could possibly use this issue to obtain sensitive information. Various other issues were also addressed.

tags | advisory, remote, crypto, python
systems | linux, ubuntu
advisories | CVE-2018-6594
MD5 | bba26afb207ddfb1391a3848e4cd104d
Ubuntu Security Notice USN-3616-1
Posted Apr 3, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3616-1 - It was discovered that Python Crypto incorrectly generated ElGamal key parameters. A remote attacker could possibly use this issue to obtain sensitive information.

tags | advisory, remote, crypto, python
systems | linux, ubuntu
advisories | CVE-2018-6594
MD5 | fcedecfcc4487ed429b56fae81f791b6
Debian Security Advisory 4147-1
Posted Mar 22, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4147-1 - Several vulnerabilities were discovered in PolarSSL, a lightweight crypto and SSL/TLS library, that allowed a remote attacker to either cause a denial-of-service by application crash, or execute arbitrary code.

tags | advisory, remote, arbitrary, crypto, vulnerability
systems | linux, debian
advisories | CVE-2017-18187, CVE-2018-0487, CVE-2018-0488
MD5 | 72ed8cbee080cd97ded9b982a753f4a2
Debian Security Advisory 4138-1
Posted Mar 15, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4138-1 - Several vulnerabilities were discovered in mbed TLS, a lightweight crypto and SSL/TLS library, that allowed a remote attacker to either cause a denial-of-service by application crash, or execute arbitrary code.

tags | advisory, remote, arbitrary, crypto, vulnerability
systems | linux, debian
advisories | CVE-2017-18187, CVE-2018-0487, CVE-2018-0488
MD5 | d5d19957a8a5081f78111a7aa8f37028
Primefaces 5.x Remote Code Execution
Posted Jan 18, 2018
Authored by Bjoern Schuette | Site metasploit.com

This Metasploit module exploits an expression language remote code execution flaw in the Primefaces JSF framework. Primefaces versions prior to 5.2.21, 5.3.8 or 6.0 are vulnerable to a padding oracle attack, due to the use of weak crypto and default encryption password and salt.

tags | exploit, remote, crypto, code execution
advisories | CVE-2017-1000486
MD5 | a290d8a9cb6552111c22dc331da1c4dc
Key Reinstallation: Forcing Nonce Reuse In WPA2
Posted Oct 16, 2017
Authored by Frank Piessens, Mathy Vanhoef | Site krackattacks.com

Whitepaper called Reinstallation Attacks: Forcing Nonce Reuse in WPA2. This research paper will be presented on at the Computer and Communications Security (CCS) conference on November 1, 2017. This paper details a flaw in the WPA2 protocol itself and most devices that makes use of WPA2 are affected.

tags | paper, crypto, protocol
advisories | CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13082, CVE-2017-13084, CVE-2017-13086, CVE-2017-13087, CVE-2017-13088
MD5 | 9ae08a7eee791f7977ada5c05ba50f29
Debian Security Advisory 3967-1
Posted Sep 8, 2017
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3967-1 - An authentication bypass vulnerability was discovered in mbed TLS, a lightweight crypto and SSL/TLS library, when the authentication mode is configured as 'optional'. A remote attacker can take advantage of this flaw to mount a man-in-the-middle attack and impersonate an intended peer via an X.509 certificate chain with many intermediates.

tags | advisory, remote, crypto, bypass
systems | linux, debian
advisories | CVE-2017-14032
MD5 | 6090bbf6fd99aeda841cc87bed7996d4
Ubuntu Security Notice USN-3199-3
Posted Aug 28, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3199-3 - USN-3199-1 fixed a vulnerability in Python Crypto. This update provides the corresponding update for Ubuntu 12.04 ESM. A It was discovered that the ALGnew function in block_templace.c in the A Python Cryptography Toolkit contained a heap-based buffer overflow A vulnerability. A remote attacker could use this flaw to execute A arbitrary code by using a crafted initialization vector parameter. Various other issues were also addressed.

tags | advisory, remote, overflow, arbitrary, crypto, python
systems | linux, ubuntu
MD5 | 268bc2efb224a1765a620d2ba927ba05
Ubiquiti Networks UniFi Cloud Key Command Injection / Privilege Escalation
Posted Jul 27, 2017
Authored by T. Weber | Site sec-consult.com

Ubiquiti Networks UniFi Cloud Key with firmware versions 0.5.9 and 0.6.0 suffer from weak crypto, privilege escalation, and command injection vulnerabilities.

tags | exploit, crypto, vulnerability
MD5 | 9d9057dd1f6cb362de396bc65e582462
RSA BSAFE Crypto-J Cryptography Failure
Posted Jan 28, 2017
Site emc.com

RSA BSAFE Crypto-J versions prior to 6.2.2 suffer from improper OCSP validation and PKCS#12 timing attack vulnerabilities.

tags | advisory, crypto, vulnerability
advisories | CVE-2016-8212, CVE-2016-8217
MD5 | 49ddf75098380770f8fc8cd1d9e75886
RSA BSAFE Lenstra's Attack
Posted Apr 11, 2016
Site emc.com

RSA BSAFE Micro Edition Suite, Crypto-C Micro Edition, Crypto-J, and SSL-J contain a fix to address Lenstra's attack. RSA BSAFE Micro Edition Suite (MES) 4.1.5, RSA BSAFE Crypto-C Micro Edition (CCME) 4.1.3, RSA BSAFE Crypto-J 6.2.1, and RSA BSAFE SSL-J 6.2.1 are affected.

tags | advisory, crypto
advisories | CVE-2016-0887
MD5 | 7ec29a2f462d5026880ce46986340850
Apple Security Advisory 2016-03-21-7
Posted Mar 22, 2016
Authored by Apple | Site apple.com

Apple Security Advisory 2016-03-21-7 - OS X Server 5.1 is now available and addresses RC4 crypto weaknesses, file access, and information disclosure vulnerabilities.

tags | advisory, crypto, vulnerability, info disclosure
systems | apple, osx
advisories | CVE-2016-1774, CVE-2016-1776, CVE-2016-1777, CVE-2016-1787
MD5 | f256c898392904a019b6cae8d63efdf2
XOOPS 2.5.7.2 Weak Crypto
Posted Mar 18, 2016
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

XOOPS version 2.5.7.2 uses weak one way hash crypto MD5 along with unsalted passwords stored in the database.

tags | advisory, crypto
MD5 | 9e9d186c45f842cd740c053fa67d5a2b
Debian Security Advisory 3457-1
Posted Jan 28, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3457-1 - Multiple security issues have been found in Iceweasel, Debian's version buffer overflow may lead to the execution of arbitrary code. In addition the bundled NSS crypto library addresses the SLOTH attack on TLS 1.2.

tags | advisory, overflow, arbitrary, crypto
systems | linux, debian
advisories | CVE-2015-7575, CVE-2016-1930, CVE-2016-1935
MD5 | 4b063b5e0413f1e0f06bcc5d3f9f9918
XMB - eXtreme Message Board 1.9.11.13 Weak Crypto / Insecure Password Storage
Posted Jan 23, 2016
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

XMB - eXtreme Message Board version 1.9.11.13 suffers from weak crypto and insecure password storage vulnerabilities.

tags | exploit, crypto, vulnerability
MD5 | 72e3751de0e02bb5aae9f8c87c42de57
Debian Security Advisory 3417-1
Posted Dec 14, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3417-1 - Tibor Jager, Jorg Schwenk, and Juraj Somorovsky, from Horst Gortz Institute for IT Security, published a paper in ESORICS 2015 where they describe an invalid curve attack in Bouncy Castle Crypto, a Java library for cryptography. An attacker is able to recover private Elliptic Curve keys from different applications, for example, TLS servers.

tags | advisory, java, crypto
systems | linux, debian
advisories | CVE-2015-7940
MD5 | bd709c45178d7ae9afbc3b9046f127c4
FreeBSD Security Advisory - ntp Authentication Bypass
Posted Oct 26, 2015
Site security.freebsd.org

FreeBSD Security Advisory - Crypto-NAK packets can be used to cause ntpd(8) to accept time from an unauthenticated ephemeral symmetric peer by bypassing the authentication required to mobilize peer associations. FreeBSD 9.3 and 10.1 are not affected. Various other issues have also been addressed.

tags | advisory, crypto
systems | freebsd
advisories | CVE-2015-7701, CVE-2015-7702, CVE-2015-7703, CVE-2015-7704, CVE-2015-7848, CVE-2015-7849, CVE-2015-7850, CVE-2015-7851, CVE-2015-7852, CVE-2015-7853, CVE-2015-7854, CVE-2015-7855, CVE-2015-7871
MD5 | ad57d8b6fd48b773d3e8e84c18d972e4
RSA BSAFE Crypto Attacks / Denial Of Service
Posted Aug 17, 2015
Site emc.com

RSA BSAFE Micro Edition Suite, Crypto-C Micro Edition, Crypto-J, SSL-J and SSL-C all suffer from various crypto, denial of service, and underflow vulnerabilities.

tags | advisory, denial of service, crypto, vulnerability
advisories | CVE-2015-0533, CVE-2015-0534, CVE-2015-0535, CVE-2015-0536, CVE-2015-0537
MD5 | f5ef6999daddcffb2197ac8414aebba8
Dismantling Megamos Crypto: Wirelessly Lockpicking A Vehicle Immobilizer
Posted Aug 14, 2015
Authored by Baris Ege, Roel Verdult, Flavio D. Garcia

The Megamos Crypto transponder is used in one of the most widely deployed electronic vehicle immobilizers. It is used among others in most Audi, Fiat, Honda, Volkswagen and Volvo cars. Such an immobilizer is an anti-theft device which prevents the engine of the vehicle from starting when the corresponding transponder is not present. This transponder is a passive RFID tag which is embedded in the key of the vehicle. In this paper, the authors have reverse-engineered all proprietary security mechanisms of the transponder, including the cipher and the authentication protocol which we publish here in full detail. This article reveals several weaknesses in the design of the cipher, the authentication protocol and also in their implementation.

tags | paper, crypto, protocol
MD5 | 552ea71c6b3759788ec94e28a8f7c722
QNAP Crypto Key Disclosure
Posted Aug 11, 2015
Authored by Andreas Steinmetz

QNAP devices running the QNAP modified 3.12.6 kernel with firmware older than 4.1.4 Build 0804 log crypto keys on an unencrypted disk partition in world accessible files.

tags | advisory, kernel, crypto
MD5 | 0f6ac7dc63f09be9bc5d5e81c51bf6c0
OpenSSL Alternative Chains Certificate Forgery MITM Proxy
Posted Jul 27, 2015
Authored by Ramon de C Valle, Adam Langley, David Benjamin | Site metasploit.com

This Metasploit module exploits a logic error in OpenSSL by impersonating the server and sending a specially-crafted chain of certificates, resulting in certain checks on untrusted certificates to be bypassed on the client, allowing it to use a valid leaf certificate as a CA certificate to sign a fake certificate. The SSL/TLS session is then proxied to the server allowing the session to continue normally and application data transmitted between the peers to be saved. The valid leaf certificate must not contain the keyUsage extension or it must have at least the keyCertSign bit set (see X509_check_issued function in crypto/x509v3/v3_purp.c); otherwise; X509_verify_cert fails with X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY. This Metasploit module requires an active man-in-the-middle attack.

tags | exploit, crypto
advisories | CVE-2015-1793
MD5 | 244abcb9001d9746e6846f9785dab572
Page 1 of 11
Back12345Next

File Archive:

September 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    1 Files
  • 2
    Sep 2nd
    3 Files
  • 3
    Sep 3rd
    15 Files
  • 4
    Sep 4th
    15 Files
  • 5
    Sep 5th
    18 Files
  • 6
    Sep 6th
    18 Files
  • 7
    Sep 7th
    15 Files
  • 8
    Sep 8th
    2 Files
  • 9
    Sep 9th
    2 Files
  • 10
    Sep 10th
    16 Files
  • 11
    Sep 11th
    17 Files
  • 12
    Sep 12th
    15 Files
  • 13
    Sep 13th
    29 Files
  • 14
    Sep 14th
    21 Files
  • 15
    Sep 15th
    3 Files
  • 16
    Sep 16th
    1 Files
  • 17
    Sep 17th
    15 Files
  • 18
    Sep 18th
    16 Files
  • 19
    Sep 19th
    29 Files
  • 20
    Sep 20th
    18 Files
  • 21
    Sep 21st
    5 Files
  • 22
    Sep 22nd
    2 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close