Technical Analysis – Page 6

DP API encryption ineffective in Windows containers: Publicly Available Cryptographic Keys (CVE-2021-1645)

Written by Marc Nimmerrichter on 16.03.202118.05.2021

We recently discovered a vulnerability in the DP API key management of Windows containers. This vulnerability was assigned CVE-2021-1645 by Microsoft [1] and ...

CSRF in JSF 2.0: Predicting CSRF Tokens for Apache MyFaces

Written by Wolfgang Ettlinger on 19.02.202118.05.2021

JavaServer Faces (JSF) is a commonly used server-side web framework. Developers appreciate its relative ease of use while security engineers appreciate its ready-made ...

Windows Docker Information Disclosure Vulnerability (CVE-2021-1645)

Written by Marc Nimmerrichter on 14.01.202116.03.2021

In 2020, we discovered a vulnerability in the Microsoft Docker implementation and reported it to Microsoft. Microsoft published updates for its Windows client and ...

The Importance of Trust Validation: Microsoft’s Dangerous Mistake

Written by Marc Nimmerrichter on 26.08.202026.01.2021

Vulnerability in VSIX signature validation Last year we discovered a vulnerability in the Visual Studio Extension (VSIX) installer, which comes with ...