encryption-weakness

2 articles
sort: new top best
clear filter
bug-bounty507 xss274 rce154 google122 bragging-post119 account-takeover115 facebook111 privilege-escalation101 exploit98 malware97 authentication-bypass95 open-source94 microsoft90 csrf87 access-control78 stored-xss75 cve73 ai-agents67 web-security66 reflected-xss63 phishing60 information-disclosure52 input-validation52 sql-injection51 smart-contract49 privacy49 cross-site-scripting48 ssrf48 defi48 tool46 reverse-engineering46 ethereum46 writeup45 api-security45 ai-security41 apple40 vulnerability-disclosure40 web-application38 llm38 opinion37 burp-suite37 automation36 web336 responsible-disclosure35 credential-theft35 remote-code-execution34 supply-chain34 race-condition34 browser33 infrastructure33
0 7/10
Symantec authentication Bypass
vulnerability

Symantec Messaging Gateway contains an authentication bypass vulnerability in its password reset feature that uses weak static encryption (PBEWithMD5AndDES with hardcoded key) to protect tokens formatted as 'username:password'. An attacker can encrypt 'admin:' and pass it as the authorization parameter to gain valid administrator session access.

authentication-bypass password-reset encryption-weakness hardcoded-key pbe-with-md5-and-des token-manipulation appliance-vulnerability symantec-messaging-gateway get-parameter-injection session-hijacking
Symantec Messaging Gateway Artem Kondratenko Philip Pettersson SYMSA1461 PBEWithMD5AndDES SMG 10.6.5
artkond.com · devanshbatham/Awesome-Bugbounty-Writeups · 17 hours ago · details
0 8/10
Duolingo Is Talking to ByteDance: Cracking the Pangle SDK's Encryption
vulnerability

ByteDance's Pangle SDK, embedded in 40+ popular apps including Duolingo and BeReal, transmits sensitive device fingerprinting data (battery level, IP address, storage, IDFV) encrypted with AES-256-CBC where the encryption key and IV are embedded in every message in plaintext, making the encryption trivial to break via reverse-engineered SDK code. Additionally, a hardcoded AES key was found in the native library, shared across all SDK versions.

encryption-weakness reverse-engineering bytedance pangle-sdk mobile-security data-collection cryptanalysis device-fingerprinting aes-encryption android-security ios-security privacy tldr-weak-key-management
ByteDance Pangle SDK Duolingo BeReal Character.AI Wattpad Letterboxd HelloTalk SmartNews Sweatcoin CamScanner libtobEmbedPagEncrypt.so libpglarmor.so PangleEncryptManager.java PglCryptUtils.java aT.java AES-256-CBC ECIES api16-access-ttp.tiktokpangle.us
buchodi.com · ibobev · 2 days ago · details · hn