Technical Analysis – Page 6

Citrix ADC & Citrix Gateway Vulnerability CVE-2020-8300

Written by Wolfgang Ettlinger on 09.06.202130.11.2021

Update: Details regarding this vulnerability can be found here: https://certitude.consulting/blog/en/citrix-header-injection-2/ We have identified an issue in ...

DP API encryption ineffective in Windows containers: Publicly Available Cryptographic Keys (CVE-2021-1645)

Written by Marc Nimmerrichter on 16.03.202118.05.2021

We recently discovered a vulnerability in the DP API key management of Windows containers. This vulnerability was assigned CVE-2021-1645 by Microsoft [1] and ...

CSRF in JSF 2.0: Predicting CSRF Tokens for Apache MyFaces

Written by Wolfgang Ettlinger on 19.02.202118.05.2021

JavaServer Faces (JSF) is a commonly used server-side web framework. Developers appreciate its relative ease of use while security engineers appreciate its ready-made ...

Windows Docker Information Disclosure Vulnerability (CVE-2021-1645)

Written by Marc Nimmerrichter on 14.01.202116.03.2021

In 2020, we discovered a vulnerability in the Microsoft Docker implementation and reported it to Microsoft. Microsoft published updates for its Windows client and ...