Stefan Viehböck
@sviehb.bsky.social
Reposted by Stefan Viehböck
Hanno Böck (of badkeys.info among other projects) posted an interesting article about OpenID Connect implementations that mix up their public and private keys:
Mixing up Public and Private Keys in OpenID Connect deployments - Hanno's blog
This blog is written by Hanno Böck. Unless noted otherwise, its content is licensed as CC0.
blog.hboeck.de
February 25, 2025 at 7:55 PM
Hanno Böck (of badkeys.info among other projects) posted an interesting article about OpenID Connect implementations that mix up their public and private keys:
VxWorks 6.9 uses SHA-256 + salt but with only one iteration 🤦♂️ this was implemented in response to CVE-2010-2965 by
@hdm.io Check out the full disclosure drama: sec-consult.com/blog/detail/...
@hdm.io Check out the full disclosure drama: sec-consult.com/blog/detail/...
A Missed Opportunity: Addressing Weak Password Hashing in VxWorks
The security of embedded systems running Real-Time Operating Systems (RTOS) like Wind River VxWorks is vital in high stakes sectors such as OT, defense, and aviation.
sec-consult.com
January 27, 2025 at 3:26 PM
VxWorks 6.9 uses SHA-256 + salt but with only one iteration 🤦♂️ this was implemented in response to CVE-2010-2965 by
@hdm.io Check out the full disclosure drama: sec-consult.com/blog/detail/...
@hdm.io Check out the full disclosure drama: sec-consult.com/blog/detail/...