Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Switch (optional) encryption of identified passwords from ncrack to use AGE #2311

Open
J12934 opened this issue Feb 23, 2024 · 0 comments
Open

Switch (optional) encryption of identified passwords from ncrack to use AGE #2311

J12934 opened this issue Feb 23, 2024 · 0 comments
Labels
enhancement New feature or request

Comments

@J12934
Copy link
Member

J12934 commented Feb 23, 2024

➹ New Feature implementation request

Is your feature request related to a problem?

Currently the ncrack parser has a optional feature to encrypt the passwords that were identified using RSA.
This is potentially dangerous as RSA has a lot of potentials to do something wrong and void the encryption.

Describe the solution you'd like

Switch encryption a state of the art encryption mechanism like age.

Describe alternatives you've considered

Additional context

Came up during the CVE-2023-46809 in node. (https://nodejs.org/en/blog/vulnerability/february-2024-security-releases#nodejs-is-vulnerable-to-the-marvin-attack-timing-variant-of-the-bleichenbacher-attack-against-pkcs1-v15-padding-cve-2023-46809---medium)
@J12934 J12934 added the enhancement New feature or request label Feb 23, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
secureCodeBox v4
Status: Backlog
Milestone
No milestone
Development

No branches or pull requests
1 participant
@J12934