Gentoo Linux Security Advisory GLSA 200812-09 - Smart cards formatted using OpenSC do not sufficiently protect the PIN, allowing attackers to reset it. Chaskiel M Grundman reported that OpenSC uses weak permissions (ADMIN file control information of 00) for the 5015 directory on smart cards and USB crypto tokens running Siemens CardOS M4. Versions less than 0.11.6 are affected.
c6ee2a4b61e4dbad6fbde8d1cdb450da973718cd1afa12d10b3c625df252fae9
Cisco Security Advisory - Multiple vulnerabilities exist in the Cisco ASA 5500 Series Adaptive Security Appliances and Cisco PIX Security Appliances. These include Windows NT domain authentication bypass, IPv6 denial of service, and a Crypto Accelerator memory leak.
4bbe080a815103c31678bb76f8bde5b1be713a2e3de8aa81f41ba7f590f11c97
Mandriva Linux Security Advisory - Chaskiel M Grundman found that OpenSC would initialize smart cards with the Siemens CardOS M4 card operating system without proper access rights. This allowed everyone to change the card's PIN without first having the PIN or PUK, or the superuser's PIN or PUK. Please note that this issue can not be used to discover the PIN on a card. If the PIN on a card is the same that was always there, it is unlikely that this vulnerability has been exploited. As well, this issue only affects smart cards and USB crypto tokens based on Siemens CardOS M4, and then only those devices that were initialized by OpenSC. Users of other smart cards or USB crypto tokens, or cards that were not initialized by OpenSC, are not affected. After applying the update, executing 'pkcs15-tool -T' will indicate whether the card is fine or vulnerable. If the card is vulnerable, the security settings need to be updated by executing 'pkcs15-tool -T -U'. The updated packages have been patched to prevent this issue.
ba09b1a1c5d45943d35cfa80f8251de261f5dd57c0789098f49d62d5b8012873
OpenCT implements driver and middle-ware for smart card readers. OpenCT drivers can be used via the ct-api interface, the ifdhandler interface, or its own interface/middle-ware. It implements drivers for several USB crypto tokens, USB smart card readers, serial smart card readers, and PCMCIA smart card readers.
737cafaef803e21d63c61a196b07b61c1ba47320a24b9c7c2790c68f92719b6a
Pam_p11 is a pluggable authentication module (PAM) package for using cryptographic tokens such as smart cards and USB crypto tokens for authentication. Pam_p11 is very simple, as it has no config file, no options other than the PKCS#11 module file, and does not know about certificate chains, certificate authorities, revocation lists, or OCSP. There is one module that uses the $HOME/.eid/authorized_certificates file (like the old pam_opensc did) and one module that uses the $HOME/.ssh/authorized_keys file (like ssh does).
baad7142f703eb31000ef9ff5242364b29cf70a85db4e2eee0fdf871cce38fb8
Gentoo Linux Security Advisory GLSA 200710-06 - Moritz Jodeit reported an off-by-one error in the SSL_get_shared_ciphers() function, resulting from an incomplete fix of CVE-2006-3738. A flaw has also been reported in the BN_from_montgomery() function in crypto/bn/bn_mont.c when performing Montgomery multiplication. Versions less than 0.9.8e-r3 are affected.
0b7f742d6f45bd21e2f630fffb548c74e417ec802f803d9f557efab7654c51fd
Ultra Crypto Component remote buffer overflow exploit that makes use of CryptoX.dll versions 2.0 and below using the AcquireContext() function.
450971ae74450e851185f89b5554d88740d1fe72a4772cb6352c0e12c2a0b971
Pam_p11 is a pluggable authentication module (PAM) package for using cryptographic tokens such as smart cards and USB crypto tokens for authentication. Pam_p11 is very simple, as it has no config file, no options other than the PKCS#11 module file, and does not know about certificate chains, certificate authorities, revocation lists, or OCSP. There is one module that uses the $HOME/.eid/authorized_certificates file (like the old pam_opensc did) and one module that uses the $HOME/.ssh/authorized_keys file (like ssh does).
cb5d1d7e79fb3775ddbe85f7023645e26424a18264e1a5e0894734e1fca4e25a
FreeBSD Security Advisory: Multiple problems in crypto(3) [revised]
cf24f2e129bca457df67226f2da481a6cd4cd412bc1dd50076f6b090a5725090
FreeBSD Security Advisory: Multiple problems in crypto(3)
0187927fa4f8bfa1d2e8ed32a2b55c51090ed0b77f08caa6a6f2abc617a0afaf
Symantec Vulnerability Research SYMSA-2006-003 - Cisco Secure ACS 3.x for Windows stores passwords for administrative users in the registry. The passwords are encrypted using the Crypto API Microsoft Base Cryptographic Provider version 1.0. Along with the passwords, ACS also stores the key used to encrypt the information.
b304fda49e4522962451e9d0ea78704e0db872b7bbf32470161e1c81ea12df57
Secunia Security Advisory - A vulnerability has been reported in various Cisco products, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to errors in the processing of IKEv1 Phase 1 protocol exchange messages. This can be exploited to cause a DoS. The vulnerability has been reported in the following products. * Cisco IOS versions based on 12.2SXD, 12.3T, 12.4 and 12.4T * Cisco PIX Firewall versions up to but not including 6.3(5) * Cisco PIX Firewall/ASA versions up to but not including 7.0.1.4 * Cisco Firewall Services Module (FWSM) versions up to but not including 2.3(3) * Cisco VPN 3000 Series Concentrators versions up to but not including 4.1(7)H and 4.7(2)B * Cisco MDS Series SanOS versions up to but not including 2.1(2) Note: For Cisco IOS, only images that contain the Crypto Feature Set are vulnerable.
ae9f1a36323689ac2e6e097e7e38f6e0c581a13a70ebfe959b2202d9b94d80fd
Secunia Security Advisory - Secgo has acknowledged a vulnerability in Secgo Crypto IP Gateway/Client, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially to compromise a vulnerable system. For more information: SA17553 The vulnerability has been reported in the following products: * Crypto IP gateway/client 2.3 (all 2.3 versions) * Crypto IP gateway/client 3.0.0 - 3.0.82 * Crypto IP client 3.1 (all 3.1 versions) * Crypto IP gateway/client 3.2.0 - 3.2.26 Older software versions Crypto IP 3.0.84 and 3.2.28 are not vulnerable.
5c6244572a3265f7b099869243a4d738937a016e9dbb49c69a62ec64c46277f2
Pam_p11 is a pluggable authentication module (PAM) package for using cryptographic tokens such as smart cards and USB crypto tokens for authentication. Pam_p11 is very simple, as it has no config file, no options other than the PKCS#11 module file, and does not know about certificate chains, certificate authorities, revocation lists, or OCSP. There is one module that uses the $HOME/.eid/authorized_certificates file (like the old pam_opensc did) and one module that uses the $HOME/.ssh/authorized_keys file (like ssh does).
8e884842865f7f3b54f2aa2f187d781210863c8596b9fca94065bfbd4dc1a8a2
Apparently SHA-0 has been broken. This is information obtained from a French mailing-list that shows a collision. This data is to be presented at CRYPTO '04.
b3607c58b2f78efd56d6386e19b19d049cf31d307272923c94635ef49cbdaf5c
A.R.C.S., or the Angelo Rosiello and Roberto Carrrozzo Stream 256 bit cipher, is an algorithm registered with the S.I.A.E. that the authors have allowed this site sole rights to host and distribute. The algorithm's theory utilizes Vernam's cipher, respecting Shannon's principles, and is based on MD5. The authors hope that someone will try to break this cipher and welcome all attempts and added research. Be forewarned, commercial use of this algorithm is forbidden without the Authors' consent. If you successfully crack this file that was encrypted with A.R.C.S., Packet Storm will send you a free t-shirt with the classic shellcode on the front of it. Supplies are limited, but we are not extremely worried. Thanks to all that help further the research and development of strong crypto.
6436c9950463b20a49248c7880067dabc09f043214835d7de2a41f3a947cb7ec
Tiny SHell is an open-source UNIX backdoor that compiles on all variants, has full pty support, and uses strong crypto for communication.
6cb0bc541e848ecd40a2623b75688255e001fe3476c765acd037f1906f171a14
NMRC symmetric file encryptor/decryptor/wiper that includes multiple crypto choices (Rijndael, Serpent, or Twofish) and multiple secure file wiping techniques.
89caa35b66944f2c6953f1333745ef889ab02ac638fec61e68476812acdc34d9
Two simple utilities that test the use of the crypt function. des-crypt.c takes in a user entered string and outputs the encrypted hash. des-decrypt.c tests for a valid password.
5e039b17397c46cdcd88bc0165dad7a6fccb7e02cbb5705effeed7daa77bec55
The idea of the International Kernel Patch is to collect all crypto patches so that using crypto in the kernel will be easier than today. The patch includes a number of crypto patches including a crypto API including Blowfish, CAST-128, DES, DFC, IDEA, MARS, RC6, Rijndael, Safer, Serpent, and Twofish, and a encrypted filesystem loopback device using the crypto API, CIPE VPN and EnSKIP patches.
88fa42b2374d068319c1421249b5c8e90b3aea82892226d012b6f400d327ecd2
Crypto GIF
9cb314864bca537862b862726d542fad4a3452f8c9eac270e8f3ccfa1263ce1a
The Havoc Korp Kryptoluzer analyses encrypted files and displays information about the word statistics, allowing you to break some crypto algorithms such as the ceaser's algorithm.
7f6bcd4018380ade17340f40591b9ee92b14b368dcaa8338e40c581bf16a1ffb
Secura is an open source cross platform java crypto package. Jar available here.
acf7db722cae09a47aea5da574ec7b5987a73d183e902e4cc9da92e568481ee0
Crypto-gram for May 15, 2001. In this issue: Defense Options: What Military History Can Teach Network Security, Part 2, The Futility of Digital Copy Prevention, Microsoft and the Window of Vulnerability, and Safe Personal Computing.
20b338b599dd4ab17ef2a4948a8fbd99759076f754f8239a9958eb784470405a
Crypto-gram for April 15, 2001. In this issue: Natural Advantages of Defense: What Military History Can Teach Network Security, Part 1, A Correction: nCipher, CSI's Computer Crime and Security Survey, Crypto-Gram Reprints, and Fake Microsoft Certificates.
341b3529b2ea2c8c9a00ad34655943b05387e5d7056707073869ca80e4b44d0c