Douglas Held
Douglas Held
In BaseCipherSuitePlugin/KeyExchangeAlgorithmRSA.cs, line 78 the RSACryptoProvider is instructed to encrypt without OAEP padding, which may weaken the encryption. Basically the second parameter is "false" instead of "true". Reconsider whether you...
On line 61 of TLSHandshakePacketizer.cs, MemoryStream.Read() is called but the possible return code of 0 or less than the number expected, is never captured. This is basically missing exception handling...
In line 229 of Main.cs from Pem2CNG and in line 291 of Pem2XML, it is possible for the attacker to deny service by somehow specifying a really large file or...
In Main.cs, lines 224/225 two input strings are trimmed but they are not forced to comply with safe or expected input arguments. The effect of this is that a user...
in RecordHandler.cs line 241, a default pseudo-random number is generated. These can be a focus of an attack on the encrypted connection. You should update this with a cryptographically secure...
Please review the content that is being served from https://bttstrp.github.io/bootstrap-switch and remove the malware or disable the mini-site. Warning to random reader: do not click the link! I am also...
So perhaps I am being obtuse here, but this attack code directly receives the starting address and length of the secret string, does it not? It is reading bytes using...
Hello, I got the error pattern.c:32:10: fatal error: 'pcre.h' file not found #include After building/installing pcre 8.35 and openssl 1.0.1h. To work around this, I first did: ln -s /usr/local/include/pcre.h...