#ssl

Sippts is a set of tools to audit VoIP servers and devices using SIP protocol. It is programmed in Python script and it allows us to check the security of a VoIP server using SIP protocol, over UDP, TCP and TLS protocols.

By Deeba Ahmed A recent discovery of 4 security flaws in ThroughTek's Kalay platform leaves millions of IoT devices exposed. This article explores the security risks to your connected home and the broader threat to IoT devices. Act now – secure your smart devices! This is a post from HackRead.com Read the original post: IoT Cameras Exposed by Chainable Exploits, Millions Affected

By Uzair Amir Dubai, UAE, May 16, 2024 – Entangle, an interoperable data infrastructure layer, announces the successful launch of its… This is a post from HackRead.com Read the original post: Entangle Launches Mainnet Leveraging Omnichain Interoperability

The encryption and decryption process were vulnerable against the Bleichenbacher's attack, which is a padding oracle vulnerability disclosed in the 98'. The issue was about the wrong padding utilized, which allowed to retrieve the encrypted content. The OPENSSL_PKCS1_PADDING version, aka PKCS v1.5 was vulnerable (is the one set by default when using openssl_* methods), while the PKCS v2.0 isn't anymore (it's also called OAEP). A fix for this vulnerability was merged at https://github.com/Cosmicist/AsymmetriCrypt/pull/5/commits/a0318cfc5022f2a7715322dba3ff91d475ace7c6.

SAP Cloud Connector versions 2.15.0 through 2.16.1 were found to happily accept self-signed TLS certificates between SCC and SAP BTP.

Apple Security Advisory 05-13-2024-7 - watchOS 10.5 addresses bypass and code execution vulnerabilities.

By Deeba Ahmed Is FIDO2 truly unbreachable?  Recent research exposes a potential vulnerability where attackers could use MITM techniques to bypass FIDO2 security keys. This is a post from HackRead.com Read the original post: MITM Attacks Can Still Bypass FIDO2 Security, Researchers Warn

(This advisory is canonically <https://advisories.nats.io/CVE/CVE-2021-32026.txt>) ### Problem Description The NATS server by default uses a restricted set of modern ciphersuites for TLS. This selection can be overridden through configuration. The defaults include just RSA and ECDSA with either AES/GCM with a SHA2 digest or ChaCha20/Poly1305. The configuration system allows for extensive use of CLI options to override configuration settings. When using these to set a key/cert for TLS, the restricted ciphersuite settings were lost, enabling all ciphersuites supported by Go by default. None of these additional ciphersuites are broken, so the NATS maintainers have fixed this in public git and the next release is not being hurried, nor is this security advisory embargoed. ### Affected versions NATS Server: * All versions prior to 2.2.3 * fixed with nats-io/nats-server commit ffccc2e1bd (2021-04-29) ### Impact If a server administrator chooses to start the nats-server with TLS...

An issue was discovered in Bouncy Castle Java TLS API and JSSE Provider before 1.78. Timing-based leakage may occur in RSA based handshakes because of exception processing.

An issue was discovered in ECCurve.java and ECCurve.cs in Bouncy Castle Java (BC Java) before 1.78, BC Java LTS before 2.73.6, BC-FJA before 1.0.2.5, and BC C# .Net before 2.3.1. Importing an EC certificate with crafted F2m parameters can lead to excessive CPU consumption during the evaluation of the curve parameters.