des software vulnerabilities
vulnerabilities.aspcode.net
Searching des software vulnerabilities
The Protected Store in Windows 2000 does not pr
Protected
|
Windows
|
Store
|
The Protected Store in Windows 2000 does not properly select the strongest encryption when available, which causes it to use a default of 40-bit encryption instead of 56-bit DES encryption, aka the "Protected Store Key Length" vulnerability.
Common Cryptographic Architecture (CCA) in IBM
Cryptographic
|
Architecture
|
Common
|
Common Cryptographic Architecture (CCA) in IBM 4758 allows an attacker with physical access to the system and Combine_Key_Parts permissions, to steal DES and 3DES keys by using a brute force attack to create a 3DES exporter key.
Unknown vulnerability in the AUTH_DES authentic
authentication
|
vulnerability
|
AUTH_DES
|
Solaris
|
Unknown
|
RPC
|
Unknown vulnerability in the AUTH_DES authentication for RPC in Solaris 2.5.1, 2.6, and 7, SGI IRIX 6.5 to 6.5.19f, and possibly other platforms, allows remote attackers to gain privileges.
Certain weaknesses in the implementation of ver
implementation
|
weaknesses
|
Kerberos
|
protocol
|
Certain
|
version
|
Certain weaknesses in the implementation of version 4 of the Kerberos protocol (krb4) in the krb5 distribution, when triple-DES keys are used to key krb4 services, allow an attacker to create krb4 tickets for unauthorized principals using a cut-and-paste attack and "ticket splicing."
The PSCipher function in PeopleSoft People Tool
PeopleSoft
|
dictionary
|
passwords
|
PSCipher
|
function
|
compares
|
strings
|
attack
|
easier
|
People
|
output
|
makes
|
local
|
guess
|
users
|
store
|
fixed
|
using
|
which
|
Tools
|
uses
|
PKCS
|
user
|
84x
|
key
|
DES
|
The PSCipher function in PeopleSoft People Tools 8.4x uses PKCS #5 with a fixed DES key to store user passwords, which makes it easier for local users to guess passwords using a dictionary attack that compares output strings.
The crypt_gensalt functions for BSDI-style exte
crypt_blowfish
|
FreeBSD-sytle
|
crypt_gensalt
|
BSDI-style
|
MD5-based
|
functions
|
DES-based
|
password
|
extended
|
hashes
|
The crypt_gensalt functions for BSDI-style extended DES-based and FreeBSD-sytle MD5-based password hashes in crypt_blowfish 0.4.7 and earlier do not evenly and randomly distribute salts, which makes it easier for attackers to guess passwords from a stolen password file due to the increased number of collisions.
Multiple cross-site scripting (XSS) vulnerabili
cross-site
|
scripting
|
Multiple
|
Multiple cross-site scripting (XSS) vulnerabilities in Eazy Cart allow remote attackers to inject arbitrary web script or HTML via easycart.php, possibly related to the (1) des and (2) qty parameters in an add action, and via other unspecified vectors. NOTE: some details are obtained from third party information.
GuppY 4.0 allows remote attackers to delete arb
install/installphp
|
"Installation
|
arbitrary
|
selecting
|
attackers
|
propre"
|
request
|
delete
|
allows
|
remote
|
direct
|
GuppY
|
files
|
then
|
via
|
GuppY 4.0 allows remote attackers to delete arbitrary files via a direct request to install/install.php, then selecting "Installation propre" (cleanup.php) and then "Suppression des fichiers d'installation" (delete.php).
Nortel VPN Router (aka Contivity) 1000, 2000, 4
Router
|
Nortel
|
VPN
|
Nortel VPN Router (aka Contivity) 1000, 2000, 4000, and 5000 before 6_05.140 uses a fixed DES key to encrypt passwords, which allows remote authenticated users to obtain a password via a brute force attack on a hash from the LDAP store.
Software vulnerabilities results 1 to 10 of 10
Page:
1