Software Security Research
CyRC Vulnerability Advisory: Denial of service vulnerabilities in RabbitMQ, EMQ X, and VerneMQ
CVE-2021-22116, CVE-2021-33175, and CVE-2021-33176 are denial of service vulnerabilities in three popular open source message broker applications. The post CyRC Vulnerability Advisory: Denial of service vulnerabilities in RabbitMQ, EMQ X, and VerneMQ ...
Synopsys CyRC named a CVE Numbering Authority
As a CVE Numbering Authority, Synopsys can assign CVE ID numbers and publish newly discovered vulnerabilities. The post Synopsys CyRC named a CVE Numbering Authority appeared first on Software Integrity Blog ...
CyRC Vulnerability Advisory: Denial of service vulnerability in Jetty web server
CVE-2020-27223 is a denial of service vulnerability discovered in the Eclipse Foundation’s popular Jetty web server. The post CyRC Vulnerability Advisory: Denial of service vulnerability in Jetty web server appeared first on ...
CyRC analysis: Authentication bypass vulnerability in Bouncy Castle
CVE-2020-28052 is an authentication bypass vulnerability discovered in Bouncy Castle’s OpenBSDBcrypt class. It allows attackers to bypass password checks. The post CyRC analysis: Authentication bypass vulnerability in Bouncy Castle appeared first on ...
CyRC analysis: Circumventing WPA authentication in wireless routers with Defensics fuzz testing
Three WPA authentication bypass vulnerabilities were found in wireless routers using the Defensics fuzz testing tool. The post CyRC analysis: Circumventing WPA authentication in wireless routers with Defensics fuzz testing appeared first ...
CyRC Vulnerability Advisory: Authentication bypass vulnerabilities in multiple wireless router chipsets (CVE-2019-18989, CVE-2019-18990, and CVE-2019-18991)
Read the Synopsys Cybersecurity Research Center’s (CyRC) analysis of CVE-2019-18989, CVE-2019-18990, and CVE-2019-18991. The post CyRC Vulnerability Advisory: Authentication bypass vulnerabilities in multiple wireless router chipsets (CVE-2019-18989, CVE-2019-18990, and CVE-2019-18991) appeared first ...
Apache Struts research at scale, Part 3: Exploitation
During our CVE-2018-11776 research, we created our own proofs-of-concept so they’d work in a variety of configurations at scale (115 versions of Struts). The post Apache Struts research at scale, Part 3: ...
CyRC analysis: CVE-2020-7958 biometric data extraction in Android devices
We dig into the inner workings of trustlets, how different components work together to provide a Trusted Execution Environment, and how to attack them. The post CyRC analysis: CVE-2020-7958 biometric data extraction ...
CyRC Vulnerability Advisory: CVE-2020-7958 biometric data disclosure vulnerability in OnePlus 7 Pro Android phone
Read the Synopsys Cybersecurity Research Center’s (CyRC) analysis of CVE-2020-7958, a biometric data disclosure vulnerability in the OnePlus 7 Pro Android phone. The post CyRC Vulnerability Advisory: CVE-2020-7958 biometric data disclosure vulnerability ...
Apache Struts research at scale, Part 2: Execution environments
During our CVE-2018-11776 research, after building 115 versions of Apache Struts, we had to address the challenges of recreating the execution environments. The post Apache Struts research at scale, Part 2: Execution ...
