https://github.com/keenrivals/bugsite-index

Index of websites publishing bugs along the lines of heartbleed.com
https://github.com/keenrivals/bugsite-index

heartbleed mitm-attacks netsec security ssl tls

Last synced: about 1 year ago
JSON representation

Index of websites publishing bugs along the lines of heartbleed.com

• Host: GitHub
• URL: https://github.com/keenrivals/bugsite-index
• Owner: KeenRivals
• Created: 2016-05-04T14:27:53.000Z (about 10 years ago)
• Default Branch: master
• Last Pushed: 2018-02-21T12:46:28.000Z (over 8 years ago)
• Last Synced: 2024-08-04T23:11:00.089Z (almost 2 years ago)
• Topics: heartbleed, mitm-attacks, netsec, security, ssl, tls
• Language: HTML
• Size: 37 MB
• Stars: 40
• Watchers: 6
• Forks: 3
• Open Issues: 0
• Metadata Files:
  • Readme: README.md

Awesome Lists containing this project

• awesome-security-collection - **38**星

README

          
# Overview

The goal of this project is to maintain a list of bug websites such as [Heartbleed.com](http://heartbleed.com). Contributions welcome!

# Websites

* [Backronym.fail](http://backronym.fail/) – allows for an attacker to downgrade and snoop on the SSL/TLS connection that MySQL client libraries use to communicate to a MySQL server.

* [Badlock.org](http://badlock.org/) – MITM attack for samba in an Active Directory environment.

* [BreachAttack.com](http://breachattack.com/) – HTTPS information leak by compression. Related to CRIME.

* [Dirty COW](https://dirtycow.ninja) – a privilege escalation vulnerability in the Linux Kernel. 

* [DUHK Attack](https://duhkattack.com) – devices using the ANSI X9.31 Random Number Generator (RNG) in conjunction with a hard-coded seed key allows attackers to recover the secret key.

* [DrownAttack.com](https://drownattack.com/) – attacks servers supporting modern TLS protocol suites by using their support for the obsolete, insecure, SSL v2 protocol.

* [Factorable.net](https://factorable.net/) – widespread weak keys in network devices.

* [FreakAttack.com](https://freakattack.com/) – allows an attacker to intercept HTTPS connections between vulnerable clients and servers and force them to use weakened encryption

* [GoToFail.com](https://gotofail.com/) – certain Apple iOS versions did not check TLS certificate validity.

* [Heartbleed.com](http://heartbleed.com) – OpenSSL memory leak which could leak private keys.

* [httpoxy.org](https://httpoxy.org/) – insecure handling of HTTP proxy environment variable in CGI applications.

* [ImageTragick.com](https://imagetragick.com/) – remote code execution in imagemagick via user-submitted images.

* [KRACKAttacks.com](https://krackattacks.com/) – WPA2 vulnerability resulting from nonce reuse that enables decryption of sent packets. In some cases this leads to MITM.

* [MeltdownAttack.com](https://meltdownattack.com) - Information leak via broken isolation between priviledged and unpriviledged memory.

* [OCSP Status Request](http://security.360.cn/cve/CVE-2016-6304/) - Allows exhaustion of server memory through OSCP Status Requests. 

* [Poodle.io](https://poodle.io/) – allows MITM attacker to downgrade TLS connections and decrypt SSLv3 connections.

* [ROBOTAttack.org](https://robotattack.org/) – Return of a 19-year-old vulnerability that allows performing RSA decryption and signing operations with the private key of a TLS server.

* [SHAttered.io](https://shattered.io) - Collision attack against SHA-1.

* [SpectreAttack.com](https://spectreattack.com) - Information leak via speculative execution behaviors in modern CPUs.

* [Sweet32.info](https://sweet32.info/) - Birthday attacks on 64-bit block ciphers in TLS and OpenVPN.

* [WeakDH.org](https://weakdh.org/) – applications which support DHE_EXPORT ciphers allow MITM via weak Diffie-Hellman keys.