Software Integrity Blog

Archive for the 'Software Security Research' Category

 

Synopsys CyRC named a CVE Numbering Authority

As a CVE Numbering Authority, Synopsys can assign CVE ID numbers and publish newly discovered vulnerabilities.

Continue Reading...

Posted in Software Compliance, Quality & Standards, Software Security Research

 

CyRC Vulnerability Advisory: Denial of service vulnerability in Jetty web server

CVE-2020-27223 is a denial of service vulnerability discovered in the Eclipse Foundation’s popular Jetty web server.

Continue Reading...

Posted in Software Security Research

 

CyRC analysis: Authentication bypass vulnerability in Bouncy Castle

CVE-2020-28052 is an authentication bypass vulnerability discovered in Bouncy Castle’s OpenBSDBcrypt class. It allows attackers to bypass password checks.

Continue Reading...

Posted in Software Security Research

 

CyRC analysis: Circumventing WPA authentication in wireless routers with Defensics fuzz testing

Three WPA authentication bypass vulnerabilities were found in wireless routers using the Defensics fuzz testing tool.

Continue Reading...

Posted in Fuzz Testing, Software Security Research

 

CyRC Vulnerability Advisory: Authentication bypass vulnerabilities in multiple wireless router chipsets (CVE-2019-18989, CVE-2019-18990, and CVE-2019-18991)

Read the Synopsys Cybersecurity Research Center’s (CyRC) analysis of CVE-2019-18989, CVE-2019-18990, and CVE-2019-18991.

Continue Reading...

Posted in Software Security Research

 

Apache Struts research at scale, Part 3: Exploitation

During our CVE-2018-11776 research, we created our own proofs-of-concept so they’d work in a variety of configurations at scale (115 versions of Struts).

Continue Reading...

Posted in Software Security Research

 

CyRC analysis: CVE-2020-7958 biometric data extraction in Android devices

We dig into the inner workings of trustlets, how different components work together to provide a Trusted Execution Environment, and how to attack them.

Continue Reading...

Posted in Mobile App Security, Software Security Research

 

CyRC Vulnerability Advisory: CVE-2020-7958 biometric data disclosure vulnerability in OnePlus 7 Pro Android phone

Read the Synopsys Cybersecurity Research Center’s (CyRC) analysis of CVE-2020-7958, a biometric data disclosure vulnerability in the OnePlus 7 Pro Android phone.

Continue Reading...

Posted in Software Security Research

 

Apache Struts research at scale, Part 2: Execution environments

During our CVE-2018-11776 research, after building 115 versions of Apache Struts, we had to address the challenges of recreating the execution environments.

Continue Reading...

Posted in Software Security Research

 

World’s top hackers meet at the first 5G Cyber Security Hackathon

Our Defensics R&D team put a couple of Synopsys tools to the test in the 5G Cyber Security Hackathon in Oulu, Finland, and placed in both of their competitions.

Continue Reading...

Posted in Fuzz Testing, Software Composition Analysis (SCA), Software Security Research