Next Page >>
weaknesses
###############################################################################
3. Insufficiently random names for uploaded files in "product.php"
###############################################################################
Reason: using of "rand()" function, which has known weaknesses
Preconditions: Windows platform
Source code snippet from script "product.php":
-----------------[ source code start ]---------------------------------
public function upload() {
> ===============================================
>
> Ben Laurie of Google's Applied Security team, while working with an
> external researcher, Dr. Richard Clayton of the Computer Laboratory,
> Cambridge University, found that various OpenID Providers (OPs) had
> TLS Server Certificates that used weak keys, as a result of the Debian
> Predictable Random Number Generator (CVE-2008-0166).
>
> In combination with the DNS Cache Poisoning issue (CVE-2008-1447) and
> the fact that almost all SSL/TLS implementations do not consult CRLs
> (currently an untracked issue), this means that it is impossible to
===============================================
Ben Laurie of Google's Applied Security team, while working with an
external researcher, Dr. Richard Clayton of the Computer Laboratory,
Cambridge University, found that various OpenID Providers (OPs) had
TLS Server Certificates that used weak keys, as a result of the Debian
Predictable Random Number Generator (CVE-2008-0166).
In combination with the DNS Cache Poisoning issue (CVE-2008-1447) and
the fact that almost all SSL/TLS implementations do not consult CRLs
(currently an untracked issue), this means that it is impossible to
===================
1. IBM Tivoli Provisioning Manager Express Multiple Cross-Site
Scripting Vulnerabilities
2. IBM Tivoli Provisioning Manager Express Remote Username
Enumeration Weakness
3. Computer Associates eTrust Threat Management Console
IP Address HTML Injection Weakness
4. Gadu-Gadu Skin Attribute Handling Remote Denial of Service
Vulnerability
5. Gadu-Gadu Remote User Addition Vulnerability
----------------------------------------------------------------------------------------------------
Benchmarking attacks and major security weakness on all recent Windows versions up to Windows 2008
----------------------------------------------------------------------------------------------------
+ Author: Fabien KERBOUCI
+ Version/Date: 27/01/2009
+ Keywords: [ benchmark timing benchmarking attacks Windows runas vulnerability password length ]
Get a more detailed version of this advisory with complete tutorial and video in Haking9 Magazine
of May 2009.
>
> Particularly the following statement is funny, and shows complete lack
> of understanding of the terminology and of the problem space:
>
> 'ISC would like to assure the Internet community that this is much
> less an issue of using "extremely weak crypto" as it has been
> described, than the use of a random number generator that did not
> provide sufficient randomness.'
>
> My understanding is that they used a pseudo random number generator in
> bind9, and when you use a pseudo random number generator (whose
The Web Application Security Consortium (WASC) is pleased to announce the long awaited release of the WASC
Threat Classification v2.0. The Threat Classification is an effort to classify the weaknesses, and attacks
that can lead to the compromise of a website, its data, or its users. This document's primarily purpose is
to serve as a reference guide for common attacks and weaknesses.
Main goals
- Refine document scope, terminology, and purpose
- Update existing sections when applicable
- Add missing attacks and weaknesses
- Creation of a firm, scalable base foundation allowing for the introduction of data views allowing for various
standalone form factor for discrete data center deployments."
Vulnerability Overview
----------------------
On June 4th 2009, VSR identified multiple weaknesses in the Cisco CSS
11500's handling of HTTP header interpretation and client-side SSL
certificates. Individually, these issues may be considered minor, but
combined they could allow for the compromise of an application that
relies on a vulnerable CSS to assist in authenticating clients. If
successfully exploited, an attacker could spoof another application
http://seclists.org/fulldisclosure/2005/Feb/0101.html
http://forums.techarena.in/small-business-server/1006421.htm
Microsoft Outlook Web Access "owalogon.asp" Redirection Weakness
http://secunia.com/advisories/14144/
In general, a standard system upgrade is sufficient to effect the
necessary changes.
Details follow:
USN-612-3 addressed a weakness in OpenSSL certificate and key
generation in OpenVPN by introducing openssl-blacklist to aid in
detecting vulnerable private keys. This update enhances the
openssl-vulnkey tool to check Certificate Signing Requests, accept
input from STDIN, and check moduli without a certificate.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: BIND: Weak random number generation
Date: August 18, 2007
Bugs: #186556
ID: 200708-13
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
In general, a standard system upgrade is sufficient to effect the
necessary changes.
Details follow:
USN-612-3 addressed a weakness in OpenSSL certificate and key
generation in OpenVPN by introducing openssl-blacklist to aid in
detecting vulnerable private keys. This update enhances the
openssl-vulnkey tool to check X.509 certificates as well, and
provides the corresponding update for Ubuntu 6.06. While the
OpenSSL in Ubuntu 6.06 was not vulnerable, openssl-blacklist is
OpenID is just one example of many where this is going to keep happening
as long as DNS is unpatched.
I thought of one possible mitigation that can protect OpenID end users
against remote web sites which have not patched their DNS. OpenID
providers who used weak OpenSSL certs would have to change their URLs
so that their old X.509 CA certs on their old URLs no longer work on the
new ones. This will require all of their clients (users who log in with
their OpenID credentials) to change their identifiers. DNS based MITMs
will not be able to forge messages related to the new identifiers.
Ubuntu Security Notice USN-612-2 May 13, 2008
openssh vulnerability
CVE-2008-0166, http://www.ubuntu.com/usn/usn-612-1
===========================================================
A weakness has been discovered in the random number generator used
by OpenSSL on Debian and Ubuntu systems. As a result of this
weakness, certain encryption keys are much more common than they
should be, such that an attacker could guess the key through a
brute-force attack given minimal knowledge of the system. This
particularly affects the use of encryption keys in OpenSSH.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
A weakness in the DNS protocol has been reported, which could lead to
cache poisoning on recursive resolvers.
Background
==========
POSITRON SECURITY LLC
<http://www.positronsecurity.com/>
Security Advisory #2009-001
Memcached and MemcacheDB ASLR Bypass Weakness
Author: Joe Testa <jt _at_sign_ positronsecurity_dot_com>
Date: April 28th, 2009
>>
>> From: "Davide Del Vecchio" <dante@alighieri.org>
>> To: secure@microsoft.com
>>
>> Subject: Microsoft Outlook Web Access "redir.asp" Redirection
Weakness
>> Date: Tue, 10 Apr 2007 15:40:13 +0200
>>
>> Hello,
>>
>> I found a weakness in Microsoft Outlook Web Access (OWA), which
>
>
> From: "Davide Del Vecchio" <dante@alighieri.org>
> To: secure@microsoft.com
>
> Subject: Microsoft Outlook Web Access "redir.asp" Redirection Weakness
> Date: Tue, 10 Apr 2007 15:40:13 +0200
>
> Hello,
>
> I found a weakness in Microsoft Outlook Web Access (OWA), which
Details follow:
USN-612-2 introduced protections for OpenSSH, related to the OpenSSL
vulnerabilities addressed by USN-612-1. This update provides the
corresponding updates for OpenSSH in Ubuntu 6.06 LTS. While the OpenSSL
in Ubuntu 6.06 is not vulnerable, this update will block weak keys
generated on systems that may have been affected themselves.
Original advisory details:
A weakness has been discovered in the random number generator used
www.sektioneins.de
-= Security Advisory =-
Advisory: Joomla Weak Random Password Reset Token Vulnerability
Release Date: 2008/09/11
Last Modified: 2008/09/11
Author: Stefan Esser [stefan.esser[at]sektioneins.de]
Application: Joomla <= 1.5.7
corresponding updates for ssl-cert -- potentially compromised snake-oil
SSL certificates will be regenerated.
Original advisory details:
A weakness has been discovered in the random number generator used
by OpenSSL on Debian and Ubuntu systems. As a result of this
weakness, certain encryption keys are much more common than they
should be, such that an attacker could guess the key through a
brute-force attack given minimal knowledge of the system. This
particularly affects the use of encryption keys in OpenSSH, OpenVPN
A valid web interface user account is _not_ necessary to exploit this
flaw!
3) Weak default accounts for OS and web interface
Two independent installations have been tested and the same standard
user accounts were found.
The operating system, where voxlog professional comes preinstalled,
has three different accounts with very weak passwords, at least one
Products:
rPath Linux 1
Rating: Informational
Exposure Level Classification:
Local Weakness
Updated Versions:
cups=conary.rpath.com@rpl:1/1.1.23-14.5-1
rPath Issue Tracking System:
https://issues.rpath.com/browse/RPL-2009
=====================================================================
Description:
During an external pentest exercise for one of our clients, multiple
vulnerabilities and weaknesses were found on the Cisco CUVC-5110-HD10 which
allowed us to ultimately gain access to the internal network.
- - Hard-coded credentials - CVE-2010-3038
Three accounts have a login shell and a password the administrator can neither
> - There's no need for required action from the victim.
> - There's no modification in the password of the victim.
> - There's no locking in the victim account.
> - There's no security notification to the victim.
>
> The vulnerability is aggravated due Gmail allows weak passwords to be
> used by the users. So, Gmail accepts password using only one character
> (e.g. "aaaaaaaa") or dictionary words (e.g. "pentagon" or "computer").
>
> The abuse of this functionality permits an attacker to do thousands of
> authentication requests during a day over one user account, so if the
In general, a standard system upgrade is sufficient to effect the
necessary changes.
Details follow:
USN-612-3 addressed a weakness in OpenSSL certificate and key
generation in OpenVPN by adding checks for vulnerable certificates
and keys to OpenVPN. A regression was introduced in OpenVPN when
using TLS with password protected certificates which caused OpenVPN
to not start when used with applications such as NetworkManager.
Dear Peter Watkins,
PW> I don't know how small the salt universe would need to be before
PW> precomputing dictionaries would be worthwhile (vs. having a botnet only work
PW> on crypted passwords already captured), but certainly the obviously weak
PW> srand(time(NULL)) code only helps the black hats. And with modern OSes
PW> providing reasonably good entropy sources, there's little reason not to
PW> "do it right". It's not the worst mistake I've seen, by far not the most
PW> dangerous. But it's sloppy of the Apache Group to have ignored it for half
PW> a decade.
Packetninjas L.L.C
www.packetninjas.net
-= Security Advisory =-
Advisory: Zeacom Chat Server JSESSIONID weak SessionID Vulnerability
Release Date: unknown
Last Modified: 09/27/2010
Author: Daniel Clemens [daniel.clemens[at]packetninjas.net]
Application: Zeacom Chat Application <= 5.0 SP4
>> - There's no need for required action from the victim.
>> - There's no modification in the password of the victim.
>> - There's no locking in the victim account.
>> - There's no security notification to the victim.
>>
>> The vulnerability is aggravated due Gmail allows weak passwords to be
>> used by the users. So, Gmail accepts password using only one character
>> (e.g. "aaaaaaaa") or dictionary words (e.g. "pentagon" or "computer").
>>
>> The abuse of this functionality permits an attacker to do thousands of
>> authentication requests during a day over one user account, so if the
in Microsoft Windows Active Directory. Administrators find it easy to
automate password resets, account unlocks while managing optimizing the
expenses associated with helpdesk calls.
The security question mechanism used for password recovery can be
weakened by tampering the HTTP POST request containing the answers,
allowing an attacker to pass the security check by guessing just one of
the security answers. Additionally, the CAPTCHA mechanism can be
bypassed in the same manner, enabling the automation of the guessing
attempts.
Next Page>>
|
