Weak Crypto | writeups.xyz

Title	Vulnerabilities	Programs	Authors
Insecure Authentication Tokens leading to Account Takeover	Account Takeover Android Hardcoded Credentials Weak Crypto Authentication Bypass Client-Side Enforcement of Server-Side Security	Undisclosed	Thomas Delfino
Microsoft Office 365 Message Encryption Insecure Mode of Operation	Weak Crypto	Microsoft	Harry Sintonen
Weak private key generation in SSH.NET <= 2020.0.1	Weak Crypto Security Code Review	SSH.NET	Guillaume André (@Yaumn_)
A vulnerability on Patreon, and their elusive bounty program.	Payment Bypass Weak Crypto	Patreon	Datura Mater (@DaturaMater)
We discovered major vulnerabilities in Control Web Panel. Here’s how we found them.	Path Traversal RCE Weak Crypto Password Reset Account Takeover	Centos Web Panel (CWP)	Immersive Labs (@Immersivelabs)
How I Gained Access To A Finance Company’s Accounts (Session Hijacking)	Session Fixation Weak Crypto	Undisclosed	Talha Karakumru
Pre-Account Takeover by Reversing a Weak Email Verification Token Algorithm	Weak Crypto	Undisclosed	Craig Hays (@Craighays)
Kaspersky Password Manager: All your passwords are belong to us	Weak Crypto	Kaspersky	Jean-Baptiste Bédrune
Cracking Encrypted Credit Card Numbers Exposed By API	Information Disclosure Weak Crypto	Undisclosed	Craig Hays (@Craighays)
Pentest-Story: Empirum password decryption	Weak Crypto Reverse Engineering	Matrix42	Evait Security GmbH (@Evait_security)
How Netgear meshed(*) up WiFi for Business	Weak Crypto Broken Authentication	Netgear	Thorsten Schröder
break and bypass verification email	Open Redirect Email Verification Bypass Weak Crypto	Bukalapak	Abdelhak Kharroubi
Disclose files content from Facebook internal CDNs	Weak Encryption Weak Crypto	Meta / Facebook	Youssef Sammouda (@Samm0uda)

Page 1 of 1