Next Page >>
encryption key
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Cisco Security Advisory: IronPort Encryption Appliance / PostX and
PXE Encryption Vulnerabilities
Advisory ID: cisco-sa-20090114-ironport
Revision 1.0
There are some mitigating factors though:
1. files are uploaded to "download" directory, but filenames are
random. As we can see above, server response contains filename on JSON
format, but it's encrypted. Random filename example:
waraxe.jpg.620d348d4551ea2870e4cb602881a1d8
2. upload script allows through only files with specific extensions - images
and text files. If we try to upload file "test.php", then server responds as:
Vendor Contact Date: 4/20/2010
Status: Vendor does not want to fix the vulnerability.
Vulnerability Details:
RSA Key Manager Client software uses an SQLite database to cache its encryption keys. The software fails to properly validate the metadata embedded inside of the RSA Key Manager encrypted data when it perform a key lookup when the encrypted data is being decrypted.An attacker can inject SQL commands into the metadata section of the RSA Key Manager encrypted data, which will be executed by the Key Manager Client software. For example, an attacker can inject SQL statements to modify existing encryption keys, remove existing encryption keys, add new encryption keys, etc.
The Key Manager client uses two types of cache: memory cache and file cache. As long as both or either of the caches are enabled the problem can be triggered easily.
RSA Key Manager Client 1.5.x uses the following format when it encrypts data:
Field 1 = KeyIdStringField 2 = NULL TerminatorField 3 = Encryption IVField 4 = Encrypted Data
Encryptionn Key Cache tables:
as S/N, default SSID, and default WEP/WPA key. Chances are that if you
own a wireless router which uses a default WEP or WPA key, such key
can be predicted based on publicly-available information such as the
router's MAC address or SSID. In other words: it's quite likely that
the bad guys can break into your network if you're using the default
encryption key. Thanks to Kevin, our suspicion that such issue exists
on the BT Home Hub has been confirmed (keep reading for more
details!). Our advice is: *use WPA rather than WEP and change the
default encryption key now!*
as S/N, default SSID, and default WEP/WPA key. Chances are that if you
own a wireless router which uses a default WEP or WPA key, such key
can be predicted based on publicly-available information such as the
router's MAC address or SSID. In other words: it's quite likely that
the bad guys can break into your network if you're using the default
encryption key. Thanks to Kevin, our suspicion that such issue exists
on the BT Home Hub has been confirmed (keep reading for more
details!). Our advice is: *use WPA rather than WEP and change the
default encryption key now!*
as S/N, default SSID, and default WEP/WPA key. Chances are that if you
own a wireless router which uses a default WEP or WPA key, such key
can be predicted based on publicly-available information such as the
router's MAC address or SSID. In other words: it's quite likely that
the bad guys can break into your network if you're using the default
encryption key. Thanks to Kevin, our suspicion that such issue exists
on the BT Home Hub has been confirmed (keep reading for more
details!). Our advice is: *use WPA rather than WEP and change the
default encryption key now!*
as S/N, default SSID, and default WEP/WPA key. Chances are that if you
own a wireless router which uses a default WEP or WPA key, such key
can be predicted based on publicly-available information such as the
router's MAC address or SSID. In other words: it's quite likely that
the bad guys can break into your network if you're using the default
encryption key. Thanks to Kevin, our suspicion that such issue exists
on the BT Home Hub has been confirmed (keep reading for more
details!). Our advice is: *use WPA rather than WEP and change the
default encryption key now!*
#
#############################################################
#
# Product: LSrunasE, Supercrypt
# Vendor: Geert Moernaut
# Type: Flawed Encryption
# Risk: Medium
# Author: Daniel Roethlisberger
# Date: 2008-01-29
# CVE Name: CVE-2007-6340
#
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Cisco Security Advisory: Multiple Vulnerabilities in Cisco IronPort
Encryption Appliance
Advisory ID: cisco-sa-20100210-ironport
Revision 1.0
+Impact
Potentially High
+Description
When logging into a Prolog database all of the usernames and passwords
are sent to the workstation. Depending on the encryption level of the
database cracking the passwords is trivial to annoying.
If you attempt a login with ANY username/password combination the
entire dataset of usernames and passwords is passed to the workstation
to parse and authenticate. Any network sniffer can catch the dataset
Vendor: QNAP Systems
Products (verified): TS-239 Pro, TS-639 Pro
Products (unverified): SS-439 Pro, TS-439 Pro, TS-439U-SP/RP,
TS-509 Pro, SS-839 Pro, TS-809 Pro, TS-809U-RP
Vulnerability: hard disk encryption bypass due recovery key
Affected Releases: 3.1.1 0815, 3.1.0 0627, 2.1.7 0613,
and presumably all other
Severity: Moderate/High
CVE: CVE-2009-3200
======
CVE-2010-1324
An unauthenticated remote attacker can forge GSS tokens that are
intended to be integrity-protected but unencrypted, if the targeted
pre-existing application session uses a DES session key.
An authenticated remote attacker can forge PACs if using a KDC that
does not filter client-provided PAC data. This can result in
privilege escalation against a service that relies on PAC contents to
===============================ADVISORY===============================
Advisory: Data Encryption Systems - DESLock+ - Local Kernel
Code Execution/Denial of Service
Advisory ID: DSEC-2011-0002
Author: Neil Kettle, Digit Security Ltd
Affected Software: Data Encryption Systems - DESLock+
Vendor URL: http://www.deslock.com
Vendor Status: unpatched
Category: Denial of Service/Privilege Escalation
Date Reported: 2008/07/31
SWITCH-CERT SECURITY ADVISORY
=============================
Vulnerability: Insecure Implementation of RSA Encryption
Affected Products: jCryption, PEAR Crypt_RSA, PEAR Crypt_RSA2
Advisory Date: 2011-11-30
Advisory Author: Daniel Roethlisberger, SWITCH-CERT
## Introduction
What is the issue?
This message is in response to the original message posted on June 3, 2010 addressing a SQL Injection vulnerability in the RSA Key Manager C Client version 1.5. The original message referenced CVE-2010-1904.
A vulnerability has been identified in the RSA Key Manager (RKM) C client 1.5 that may expose the product to a SQL Injection attack. An attacker having access to encrypted data may be able to leverage this vulnerability in an attempt to alter the RKM C Client 1.5 cache.
Affected Products:
RKM C Client versions 1.5.x.x, all platforms (Windows, Linux, Solaris, HP-UX, etc).
Unaffected Products:
fix the CAPTCHA value to a specific value and send that value to the
server as part of every request and gain access to protected
resources.
The Formshield CAPTCHA uses a dynamic key stored in the __VIEWSTATE of
the request and sends encrypted text to the server for obtaining and
displaying new image text in the CAPTCHA on the page every time. There
are 2 problems with this approach:
The encrypted text for a specific image always remains the same
fix the CAPTCHA value to a specific value and send that value to the
server as part of every request and gain access to protected
resources.
The Formshield CAPTCHA uses a dynamic key stored in the __VIEWSTATE of
the request and sends encrypted text to the server for obtaining and
displaying new image text in the CAPTCHA on the page every time. There
are 2 problems with this approach:
The encrypted text for a specific image always remains the same
However, it is also possible to access the hosts connected to the kvm
switch via a network using an ordinary PC as a client. As this can
also be used via an insecure network, it is very important that this
connection is cryptographically protected against sniffing of
confidential data (e.g. keystrokes, monitor signals) and man in the
middle attacks. The affected products provide an SSL encrypted web
interface. After authenticating to the web interface the user can
download a client program (java or windows). The client program
contains temporary authentication data so that it can connect to the
kvm switch without asking the user for username/password again.
Public disclosure: 03/2008
PART I - COMPROMISING USER’S ACCOUNT
Explanation:
When user already has session and he/she clicks on that link (from email), the exploit code will be automatically executed. User’s email address is changed without his/her notice. At the same time, his/her current email address, first and last name, and current encrypted password (in User Information page) is logged by a remote server side script.
The attacker reads all these information in a log file.
After that, he gets a new user password sent to his email address by using Lost Password form.
With victim’s username and password, the attacker has full permission on that account and does whatever he wants.
Upon finishing his works, he changes back user’s initial email address and encrypted password.
To: L-rsyncrypto <rsyncrypto-devel@lists.sourceforge.net>
Background
Rsyncrypto[1] is a file encryption tool. It has a single RSA key that
encrypts symmetric AES keys per file. The files themselves are subject
to an encryption method that is based on CBC, but does a
security-performance trade off. In particular, the files are encrypted
in such a way that re-encrypting, using the same key, a file that was
slightly modified will result in slightly modified cypher text. This is
>
> What is the issue?
>
> This message is in response to the original message posted on June 3, 2010 addressing a SQL Injection vulnerability in the RSA Key Manager C Client version 1.5. The original message referenced CVE-2010-1904.
>
> A vulnerability has been identified in the RSA Key Manager (RKM) C client 1.5 that may expose the product to a SQL Injection attack. An attacker having access to encrypted data may be able to leverage this vulnerability in an attempt to alter the RKM C Client 1.5 cache.
>
> Affected Products:
> RKM C Client versions 1.5.x.x, all platforms (Windows, Linux, Solaris, HP-UX, etc).
>
> Unaffected Products:
Aditya K Sood wrote:
> The pidgin client inherits client side password disclosure
> vulnerability. The credentials used to
> connect to the required service i.e. username and password is not
> encrypted properly. The credentials
what do you propose? encrypt the password and store the encryption key
in memory? encrypt the password and the encryption key and store the
encryption key of the encryption key in memory?
Aditya K Sood wrote:
> The pidgin client inherits client side password disclosure
> vulnerability. The credentials used to
> connect to the required service i.e. username and password is not
> encrypted properly. The credentials
what do you propose? encrypt the password and store the encryption key
in memory? encrypt the password and the encryption key and store the
encryption key of the encryption key in memory?
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Cisco Security Advisory: Cisco IOS Software Crafted Encryption Packet
Denial of Service Vulnerability
Advisory ID: cisco-sa-20090923-tls
Revision 1.0
---------
EXPLOIT:
---------
1.-WITHOUT ENCRYPTION:
Add cookie --> Name ~> dogarchive_user_info
--> Value ~> email=&uid=-1%20or%201=1#&seclev=
Updated January 13, 2011
Summary:
The vulnerability that was identified in the RSA Key Manager (RKM) C client 1.5 which may expose the product to SQL Injection attack has been addressed. An attacker having access to encrypted data could have leveraged this vulnerability to alter the RKM C Client 1.5 cache.
Platforms:
Architecture: ARM
Designed by: Storm Semiconductor Inc (www.storlinksemi.com)
Problem:
Hard disk encryption key stored in plain on unencrypted partition.
Time line:
Found: 09. March 2008
Reported: 09. March 2008
you'd like to subscribe then send an email to
newsletter@enablesecurity.com
.....
Apple's Mail.app stores your S/MIME encrypted emails in clear text
Date published: 2008-10-03
Affected version: 3.5 (929.4/929.2)
SektionEins GmbH
www.sektioneins.de
-= Security Advisory =-
Advisory: Suhosin PHP Extension Transparent Cookie Encryption Stack
Buffer Overflow
Release Date: 2012/01/19
Last Modified: 2012/01/19
Author: Stefan Esser [stefan.esser[at]sektioneins.de]
The ReadyNAS-devices employs a proprietary embedded SoC design, based on
the Infrant NSP IT3107, which is based on a Leon SPARC processor design.
The device boots from its internal flash. The Linux kernel and
initrd-image is contained in flash (and also downloadable from the
Infrant website in order to upgrade devices), but are encrypted with an
on-chip 3DES-based encryption algorithm. Without knowing this key, or
having access to the device, it's not possible to change the initrd image.
The initrd image will look for installed harddisks, and initialize them.
If an uninitialized harddisk is found, it will be added to the RAID
Next Page>>
|
