Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-29445PUBLISHED: 2021-04-16
jose-node-esm-runtime is an npm package which provides a number of cryptographic functions. In versions prior to 3.11.4 the AES_CBC_HMAC_SHA2 Algorithm (A128CBC-HS256, A192CBC-HS384, A256CBC-HS512) decryption would always execute both HMAC tag verification and CBC decryption, if either failed `JWEDe...
CVE-2021-29446PUBLISHED: 2021-04-16
jose-node-cjs-runtime is an npm package which provides a number of cryptographic functions. In versions prior to 3.11.4 the AES_CBC_HMAC_SHA2 Algorithm (A128CBC-HS256, A192CBC-HS384, A256CBC-HS512) decryption would always execute both HMAC tag verification and CBC decryption, if either failed `JWEDe...
CVE-2021-29451PUBLISHED: 2021-04-16Portofino is an open source web development framework. Portofino before version 5.2.1 did not properly verify the signature of JSON Web Tokens. This allows forging a valid JWT. The issue will be patched in the upcoming 5.2.1 release.
CVE-2021-29452PUBLISHED: 2021-04-16
a12n-server is an npm package which aims to provide a simple authentication system. A new HAL-Form was added to allow editing users in version 0.18.0. This feature should only have been accessible to admins. Unfortunately, privileges were incorrectly checked allowing any logged in user to make this ...
CVE-2021-29444PUBLISHED: 2021-04-16
jose-browser-runtime is an npm package which provides a number of cryptographic functions. In versions prior to 3.11.4 the AES_CBC_HMAC_SHA2 Algorithm (A128CBC-HS256, A192CBC-HS384, A256CBC-HS512) decryption would always execute both HMAC tag verification and CBC decryption, if either failed `JWEDec...
0 Comments
Tweet This
User Rank: Ninja
6/13/2017 | 3:37:47 PM
The average person is definitely aware (even if on a subconscious level) the impact on infrastructure something as singular as a traffic accident can have, or a train collision. The amount of interdependent systems and parts that are affected freeze up more than just traffic around an accident. We are all resources to some extent for other systems, and cargo trucks held up by traffic are causing other systems again delays, and so on.
Now, imagine your airport shutting down entirely due to an electronic intrusion of the air traffic control systems. Or your state power grids completely shut off. Imagine nuclear plants pushed to meltdown, or missile silos engaged outside normal controls. For all the information security industry puts into protecting banks (yes, those too can be brought to a complete shutdown), we need to be sure equal if not superior effort and resources are being assigned to infrastructure.
Understanding the level of intertwined systems that keep society moving, we would see a devastating cascade effect of descent into chaos should any number of U.S. infrastructure towers should crumble. Incidents like those in the Ukraine are a huge red flag to us in the U.S. to not slumber on this. We must find more funding, more resources and move quickly to ensure the protection of our infrastructure, both high- and low-tech.