Re: [FD] [RT-SA-2016-001] Padding Oracle in Apache mod_session_crypto

Hi, On Tue, Dec 27, 2016 at 09:01:49AM -0800, Tim wrote: > [...] > > > > But there still are people who use CBC... > > [...] > > All traditional modes that lack integrity protection are vulnerable to > chosen-ciphertext attacks in these kinds of scenarios. > [...] > All traditional modes need a

Re: [FD] QNAP TS-469U shadow file world readable

Hi, the same holds for a QNAP TS-459U. Besides, the shadow file on that box contains MD5 hashes without salt. Cheers, Erik -- La perfection est atteinte non quand il ne reste rien ajouter, mais quand il ne reste rien à enlever. -- Antoine de Saint-Exupéry On Fri, Jul 11,