Author Archives: CERT

Speculative execution is a technique used by many modern processors to improve performance by predicting which instructions may be executed based on past execution history. When a program attempts to access data in memory,the logical memory address is … Continue reading VU#982149: Intel processors are vulnerable to a speculative execution side-channel attack called L1 Terminal Fault (L1TF)→

Microsoft Windows task scheduler contains a local privilege escalation vulnerability in the Advanced Local Procedure Call(ALPC)interface,which can allow a local user to obtain SYSTEM privileges. Continue reading VU#906424: Microsoft Windows task scheduler contains a local privilege escalation vulnerability in the ALPC interface→

CWE-325: Missing Required Cryptographic Step – CVE-2018-5383 Bluetooth utilizes a device pairing mechanism based on elliptic-curve Diffie-Hellman (ECDH) key exchange to allow encrypted communication between devices. The ECDH key pair consists of a priv… Continue reading VU#304725: Bluetooth implementations may not sufficiently validate elliptic curve parameters during Diffie-Hellman key exchange→

The Internet Key Exchange v1 main mode is vulnerable to offline dictionary or brute force attacks. (CVE-2018-5389) It is well known, that the aggressive mode of IKEv1 PSK is vulnerable to offline dictionary or brute force attacks. For the main mode how… Continue reading VU#857035: IKEv1 Main Mode vulnerable to brute force attacks→

Internet Key Exchange v1 main mode is vulnerable to offline dictionary or brute force attacks. Continue reading VU#857035: IKEv1 Main Mode vulnerable to brute force attacks→