├── logo
├── breach.png
├── krack.png
├── venom.png
├── slowloris.png
├── ccsinjection.svg
├── heartbleed.svg
├── badlock.svg
├── meltdown.svg
├── drown.svg
├── shellshock.svg
├── spectre.svg
├── duhk.svg
├── robot.svg
├── sweet32.svg
└── efail.svg
├── LICENSE
├── LICENSE.CC0
└── README.md
/logo/breach.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hannob/vulns/HEAD/logo/breach.png
--------------------------------------------------------------------------------
/logo/krack.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hannob/vulns/HEAD/logo/krack.png
--------------------------------------------------------------------------------
/logo/venom.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hannob/vulns/HEAD/logo/venom.png
--------------------------------------------------------------------------------
/logo/slowloris.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hannob/vulns/HEAD/logo/slowloris.png
--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
1 | The document itself is released as [CC0](LICENSE.CC0).
2 |
3 | The DUHK logo is the Duck emoji from [Googles Noto Emoji](https://github.com/googlei18n/noto-emoji) collection
4 | and released under an [Apache 2 license](https://github.com/googlei18n/noto-emoji/blob/master/LICENSE).
5 |
6 | The KRACK and VENOM logos are released as
7 | [Creative Commons by-sa 4.0](https://creativecommons.org/licenses/by/4.0/).
8 |
9 | All other Logos are CC0 or public domain.
10 |
--------------------------------------------------------------------------------
/logo/ccsinjection.svg:
--------------------------------------------------------------------------------
1 |
2 |
27 |
--------------------------------------------------------------------------------
/logo/heartbleed.svg:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
24 |
--------------------------------------------------------------------------------
/logo/badlock.svg:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
40 |
--------------------------------------------------------------------------------
/logo/meltdown.svg:
--------------------------------------------------------------------------------
1 |
2 |
3 |
41 |
--------------------------------------------------------------------------------
/logo/drown.svg:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
47 |
--------------------------------------------------------------------------------
/logo/shellshock.svg:
--------------------------------------------------------------------------------
1 |
--------------------------------------------------------------------------------
/logo/spectre.svg:
--------------------------------------------------------------------------------
1 |
2 |
3 |
57 |
--------------------------------------------------------------------------------
/logo/duhk.svg:
--------------------------------------------------------------------------------
1 |
2 |
--------------------------------------------------------------------------------
/LICENSE.CC0:
--------------------------------------------------------------------------------
1 | Creative Commons Legal Code
2 |
3 | CC0 1.0 Universal
4 |
5 | CREATIVE COMMONS CORPORATION IS NOT A LAW FIRM AND DOES NOT PROVIDE
6 | LEGAL SERVICES. DISTRIBUTION OF THIS DOCUMENT DOES NOT CREATE AN
7 | ATTORNEY-CLIENT RELATIONSHIP. CREATIVE COMMONS PROVIDES THIS
8 | INFORMATION ON AN "AS-IS" BASIS. CREATIVE COMMONS MAKES NO WARRANTIES
9 | REGARDING THE USE OF THIS DOCUMENT OR THE INFORMATION OR WORKS
10 | PROVIDED HEREUNDER, AND DISCLAIMS LIABILITY FOR DAMAGES RESULTING FROM
11 | THE USE OF THIS DOCUMENT OR THE INFORMATION OR WORKS PROVIDED
12 | HEREUNDER.
13 |
14 | Statement of Purpose
15 |
16 | The laws of most jurisdictions throughout the world automatically confer
17 | exclusive Copyright and Related Rights (defined below) upon the creator
18 | and subsequent owner(s) (each and all, an "owner") of an original work of
19 | authorship and/or a database (each, a "Work").
20 |
21 | Certain owners wish to permanently relinquish those rights to a Work for
22 | the purpose of contributing to a commons of creative, cultural and
23 | scientific works ("Commons") that the public can reliably and without fear
24 | of later claims of infringement build upon, modify, incorporate in other
25 | works, reuse and redistribute as freely as possible in any form whatsoever
26 | and for any purposes, including without limitation commercial purposes.
27 | These owners may contribute to the Commons to promote the ideal of a free
28 | culture and the further production of creative, cultural and scientific
29 | works, or to gain reputation or greater distribution for their Work in
30 | part through the use and efforts of others.
31 |
32 | For these and/or other purposes and motivations, and without any
33 | expectation of additional consideration or compensation, the person
34 | associating CC0 with a Work (the "Affirmer"), to the extent that he or she
35 | is an owner of Copyright and Related Rights in the Work, voluntarily
36 | elects to apply CC0 to the Work and publicly distribute the Work under its
37 | terms, with knowledge of his or her Copyright and Related Rights in the
38 | Work and the meaning and intended legal effect of CC0 on those rights.
39 |
40 | 1. Copyright and Related Rights. A Work made available under CC0 may be
41 | protected by copyright and related or neighboring rights ("Copyright and
42 | Related Rights"). Copyright and Related Rights include, but are not
43 | limited to, the following:
44 |
45 | i. the right to reproduce, adapt, distribute, perform, display,
46 | communicate, and translate a Work;
47 | ii. moral rights retained by the original author(s) and/or performer(s);
48 | iii. publicity and privacy rights pertaining to a person's image or
49 | likeness depicted in a Work;
50 | iv. rights protecting against unfair competition in regards to a Work,
51 | subject to the limitations in paragraph 4(a), below;
52 | v. rights protecting the extraction, dissemination, use and reuse of data
53 | in a Work;
54 | vi. database rights (such as those arising under Directive 96/9/EC of the
55 | European Parliament and of the Council of 11 March 1996 on the legal
56 | protection of databases, and under any national implementation
57 | thereof, including any amended or successor version of such
58 | directive); and
59 | vii. other similar, equivalent or corresponding rights throughout the
60 | world based on applicable law or treaty, and any national
61 | implementations thereof.
62 |
63 | 2. Waiver. To the greatest extent permitted by, but not in contravention
64 | of, applicable law, Affirmer hereby overtly, fully, permanently,
65 | irrevocably and unconditionally waives, abandons, and surrenders all of
66 | Affirmer's Copyright and Related Rights and associated claims and causes
67 | of action, whether now known or unknown (including existing as well as
68 | future claims and causes of action), in the Work (i) in all territories
69 | worldwide, (ii) for the maximum duration provided by applicable law or
70 | treaty (including future time extensions), (iii) in any current or future
71 | medium and for any number of copies, and (iv) for any purpose whatsoever,
72 | including without limitation commercial, advertising or promotional
73 | purposes (the "Waiver"). Affirmer makes the Waiver for the benefit of each
74 | member of the public at large and to the detriment of Affirmer's heirs and
75 | successors, fully intending that such Waiver shall not be subject to
76 | revocation, rescission, cancellation, termination, or any other legal or
77 | equitable action to disrupt the quiet enjoyment of the Work by the public
78 | as contemplated by Affirmer's express Statement of Purpose.
79 |
80 | 3. Public License Fallback. Should any part of the Waiver for any reason
81 | be judged legally invalid or ineffective under applicable law, then the
82 | Waiver shall be preserved to the maximum extent permitted taking into
83 | account Affirmer's express Statement of Purpose. In addition, to the
84 | extent the Waiver is so judged Affirmer hereby grants to each affected
85 | person a royalty-free, non transferable, non sublicensable, non exclusive,
86 | irrevocable and unconditional license to exercise Affirmer's Copyright and
87 | Related Rights in the Work (i) in all territories worldwide, (ii) for the
88 | maximum duration provided by applicable law or treaty (including future
89 | time extensions), (iii) in any current or future medium and for any number
90 | of copies, and (iv) for any purpose whatsoever, including without
91 | limitation commercial, advertising or promotional purposes (the
92 | "License"). The License shall be deemed effective as of the date CC0 was
93 | applied by Affirmer to the Work. Should any part of the License for any
94 | reason be judged legally invalid or ineffective under applicable law, such
95 | partial invalidity or ineffectiveness shall not invalidate the remainder
96 | of the License, and in such case Affirmer hereby affirms that he or she
97 | will not (i) exercise any of his or her remaining Copyright and Related
98 | Rights in the Work or (ii) assert any associated claims and causes of
99 | action with respect to the Work, in either case contrary to Affirmer's
100 | express Statement of Purpose.
101 |
102 | 4. Limitations and Disclaimers.
103 |
104 | a. No trademark or patent rights held by Affirmer are waived, abandoned,
105 | surrendered, licensed or otherwise affected by this document.
106 | b. Affirmer offers the Work as-is and makes no representations or
107 | warranties of any kind concerning the Work, express, implied,
108 | statutory or otherwise, including without limitation warranties of
109 | title, merchantability, fitness for a particular purpose, non
110 | infringement, or the absence of latent or other defects, accuracy, or
111 | the present or absence of errors, whether or not discoverable, all to
112 | the greatest extent permissible under applicable law.
113 | c. Affirmer disclaims responsibility for clearing rights of other persons
114 | that may apply to the Work or any use thereof, including without
115 | limitation any person's Copyright and Related Rights in the Work.
116 | Further, Affirmer disclaims responsibility for obtaining any necessary
117 | consents, permissions or other rights required for any use of the
118 | Work.
119 | d. Affirmer understands and acknowledges that Creative Commons is not a
120 | party to this document and has no duty or obligation with respect to
121 | this CC0 or use of the Work.
122 |
--------------------------------------------------------------------------------
/logo/robot.svg:
--------------------------------------------------------------------------------
1 |
--------------------------------------------------------------------------------
/logo/sweet32.svg:
--------------------------------------------------------------------------------
1 |
2 |
64 |
--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | # Vulnerabilities and Attacks
2 |
3 | Have vulnerabilities been used in real world attacks?
4 |
5 | | Logo | Name | Year | Target | Description | Real attack? | Notes/Sources |
6 | | :---: | :--- | :--- | :--- | :--- | :--- | :--- |
7 | | | [Slowloris](https://web.archive.org/web/20090822001255/http://ha.ckers.org/slowloris/) | 2009 | HTTP servers | Denial of service by keeping connections open | Yes | [Abused by Spammers](https://web.archive.org/web/20170306152831/https://mackeeper.com/blog/post/339-spammergate-the-fall-of-an-empire) |
8 | | - | [BEAST](https://www.youtube.com/watch?v=-BjpkHCeqU0) | 2011 | TLS 1.0 | Attacking implicit IV in CBC mode encryption | No | - |
9 | | - | [CRIME](https://en.wikipedia.org/wiki/CRIME) | 2012 | TLS | TLS Compression leaks information | No | - |
10 | | | BREACH | 2013 | TLS | HTTP compression inside TLS leaks information | No | - |
11 | | - | [TIME](https://www.youtube.com/watch?v=rTIpFfTp3-w) | 2013 | TLS | Compression attack with Javascript/TCP sidechannel | No | - |
12 | | | [Heartbleed](http://heartbleed.com/) | 2014 | OpenSSL | Buffer overread leaking server memory | Yes | [Reuters/Canadian tax agency](https://www.reuters.com/article/us-cybersecurity-heartbleed/heartbleed-blamed-in-attack-on-canada-tax-agency-more-expected-idUSBREA3D1PR20140414) [JPMorgan Hack](https://techcrunch.com/2018/09/10/prosecutors-charge-russian-accused-of-hacking-jp-morgan-dow-jones/) |
13 | | | [CCS Injection](http://ccsinjection.lepidum.co.jp/) | 2014 | OpenSSL | State machine confusion via early CCS | No | - |
14 | | | [Shellshock](https://en.wikipedia.org/wiki/Shellshock_(software_bug)) | 2014 | Bash | Remote code execution via variables | Yes | [Cloudflare/Exploits](https://blog.cloudflare.com/inside-shellshock/) |
15 | | - | [Drupalgeddon](https://www.drupal.org/forum/newsletters/security-advisories-for-drupal-core/2014-10-15/sa-core-2014-005-drupal-core-sql) | 2014 | Drupal | SQL Injection leading to RCE | Yes | [Drupal/Automated attacks after 7h](https://www.drupal.org/forum/newsletters/security-public-service-announcements/2014-10-29/drupal-core-highly-critical) |
16 | | - | [POODLE](https://www.openssl.org/~bodo/ssl-poodle.pdf) | 2014 | SSLv3 | Padding oracle with downgrade attack | No | - |
17 | | - | [goto fail](https://www.imperialviolet.org/2014/02/22/applebug.html) | 2014 | Apple iOS | Typo in source code disabling TLS certificate verification | No | - |
18 | | - | [GHOST](https://blog.qualys.com/laws-of-vulnerabilities/2015/01/27/the-ghost-vulnerability) | 2015 | Glibc | Buffer overflow via DNS | No | - |
19 | | - | [FREAK](https://www.freakattack.com/) | 2015 | TLS | Downgrade to export ciphers | No | - |
20 | | - | [Superfish](https://en.wikipedia.org/wiki/Superfish) | 2015 | Lenovo laptops | Bundled software with shared root certificate | No | - |
21 | | - | [Rowhammer](https://googleprojectzero.blogspot.com/2015/03/exploiting-dram-rowhammer-bug-to-gain.html) | 2015 | DRAM | Bitflips in RAM modules | No | - |
22 | | - | [Logjam](https://weakdh.org/) | 2015 | TLS | Weak diffie hellman parameters | No* | Speculation this may've been exploited by the NSA |
23 | | - | [Stagefright](https://en.wikipedia.org/wiki/Stagefright_(bug)) | 2015 | Stagefright/Android | Memory corruption in media parsers | No | - |
24 | | | [VENOM](https://venom.crowdstrike.com/) | 2015 | QEMU | VM escape | No | - |
25 | | | [DROWN](https://drownattack.com/) | 2016 | TLS/SSLv2 | Bleichenbacher attack using SSLv2 | No | - |
26 | | | [Badlock](https://web.archive.org/web/20170608065927/http://badlock.org/) | 2016 | Samba/SMB | Various man in the middle attacks | No | - |
27 | | - | [ImageTragick](https://imagetragick.com/) | 2016 | Imagemagick | Remote code execution in image parsers | Yes | [Cloudflare reporting attacks](https://blog.cloudflare.com/inside-imagetragick-the-real-payloads-being-used-to-hack-websites-2/) |
28 | | - | [HEIST](https://tom.vg/papers/heist_blackhat2016.pdf) | 2016 | TLS | Compression attack with Javascript/TCP sidechannel | No | - |
29 | | | [Sweet32](https://sweet32.info/) | 2016 | TLS/3DES | Block collissions in 64 bit block ciphers | No | - |
30 | | | [Dirty COW](https://dirtycow.ninja/) | 2016 | Linux Kernel | Race condition leading to local root exploit | Yes | [ZDNet/Drupalgeddon2/DirtyCOW attacks](https://www.zdnet.com/article/hackers-use-drupalgeddon-2-and-dirty-cow-exploits-to-take-over-web-servers/) [TrendMicro/ZNIU Android Malware](https://blog.trendmicro.com/trendlabs-security-intelligence/zniu-first-android-malware-exploit-dirty-cow-vulnerability/) |
31 | | | [KRACK](https://www.krackattacks.com/) | 2017 | WPA2 | Nonce reuse in wireless encryption | No | - |
32 | | | [DUHK](https://duhkattack.com/) | 2017 | FortiOS | Hardcoded key in FIPS-certified X9.31 RNG | No | - |
33 | | | [ROBOT](https://robotattack.org/) | 2017 | TLS | Lack of Bleichenbacher attack countermeasures | No | - |
34 | | - | [EternalBlue](https://en.wikipedia.org/wiki/EternalBlue) | 2017 | Windows/SMBv1 | Remote code exection via SMB | Yes | [WaPo/NSA use](https://www.washingtonpost.com/business/technology/nsa-officials-worried-about-the-day-its-potent-hacking-tool-would-get-loose-then-it-did/2017/05/16/50670b16-3978-11e7-a058-ddbb23c75d82_story.html?utm_term=.494c978e2f2e), [WannaCry](https://en.wikipedia.org/wiki/WannaCry_ransomware_attack), [NotPetya](https://en.wikipedia.org/wiki/Petya_(malware)) |
35 | | - | [SambaCry](https://www.samba.org/samba/security/CVE-2017-7494.html) | 2017 | Samba | RCE via Samba shares | Yes | [Kaspersky/Honeypot attacks](https://securelist.com/sambacry-is-coming/78674/) |
36 | | | [Meltdown](https://meltdownattack.com/) | 2018 | CPU/OS | Speculative execution sidechannel attacking root/user barrier | No | - |
37 | | | [Spectre](https://spectreattack.com/) | 2018 | CPU/OS | Speculative execution sidechannel attacking program flow | No | - |
38 | | - | [Drupalgeddon 2](https://www.drupal.org/sa-core-2018-002) | 2018 | Drupal | Remote code execution | Yes | [ZDNet/Drupalgeddon2/DirtyCOW attacks](https://www.zdnet.com/article/hackers-use-drupalgeddon-2-and-dirty-cow-exploits-to-take-over-web-servers/) |
39 | | | [EFAIL](https://efail.de/) | 2018 | OpenPGP/SMIME | Exfiltrate decrypted mails with HTML | No | - |
40 | | - | [Bleichenbacher's CAT](http://cat.eyalro.net/) | 2018 | TLS | Lack of Bleichenbacher attack countermeasures | No | - |
41 |
42 | FAQ
43 | ===
44 |
45 | What?
46 | -----
47 |
48 | I'm wondering how many of the "famous" security vulnerabilities have actually been used in attacks that
49 | have been documented, so I made a list.
50 |
51 | Couldn't there be unknown attacks?
52 | ----------------------------------
53 |
54 | Obviously this list can only cover attacks that have been publicly documented, particularly targetted
55 | attacks or attacks within communities with low transparency.
56 |
57 | Still if attacks have been widely used it's reasonable to assume that someone will have documented them.
58 |
59 | The table is wrong! Attack X has been used!
60 | -------------------------------------------
61 |
62 | Please open an issue or a pull request. I created this repo to learn whether my assumptions are correct.
63 |
64 | What counts as a real world attack?
65 | -----------------------------------
66 |
67 | I realize the distinction can be blurry, but it should be an attack that has been carried out without
68 | the consent of the owner of the affected system and it should've successfully compromised some security
69 | expectation.
70 |
71 | Also there should be at least one publicly available description with sufficient detail to make the attack
72 | plausible, not just vague rumors.
73 |
74 | There's an important attack missing!
75 | ------------------------------------
76 |
77 | Open an issue or a pull request, but I may close it if I believe the attack hasn't received sufficient
78 | attention or is a pure marketing stunt.
79 |
80 | There's a logo missing!
81 | -----------------------
82 |
83 | Likely due to unclear licensing terms. All logos used here are under free licenses.
84 |
85 | Copyright
86 | =========
87 |
88 | The document and most logos are CC0 / public domain, with [some exceptions](LICENSE).
89 |
--------------------------------------------------------------------------------
/logo/efail.svg:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
256 |
--------------------------------------------------------------------------------
| [Slowloris](https://web.archive.org/web/20090822001255/http://ha.ckers.org/slowloris/) | 2009 | HTTP servers | Denial of service by keeping connections open | Yes | [Abused by Spammers](https://web.archive.org/web/20170306152831/https://mackeeper.com/blog/post/339-spammergate-the-fall-of-an-empire) |
8 | | - | [BEAST](https://www.youtube.com/watch?v=-BjpkHCeqU0) | 2011 | TLS 1.0 | Attacking implicit IV in CBC mode encryption | No | - |
9 | | - | [CRIME](https://en.wikipedia.org/wiki/CRIME) | 2012 | TLS | TLS Compression leaks information | No | - |
10 | | 
| BREACH | 2013 | TLS | HTTP compression inside TLS leaks information | No | - |
11 | | - | [TIME](https://www.youtube.com/watch?v=rTIpFfTp3-w) | 2013 | TLS | Compression attack with Javascript/TCP sidechannel | No | - |
12 | | 
| [Heartbleed](http://heartbleed.com/) | 2014 | OpenSSL | Buffer overread leaking server memory | Yes | [Reuters/Canadian tax agency](https://www.reuters.com/article/us-cybersecurity-heartbleed/heartbleed-blamed-in-attack-on-canada-tax-agency-more-expected-idUSBREA3D1PR20140414) [JPMorgan Hack](https://techcrunch.com/2018/09/10/prosecutors-charge-russian-accused-of-hacking-jp-morgan-dow-jones/) |
13 | | 
| [CCS Injection](http://ccsinjection.lepidum.co.jp/) | 2014 | OpenSSL | State machine confusion via early CCS | No | - |
14 | | 
| [Shellshock](https://en.wikipedia.org/wiki/Shellshock_(software_bug)) | 2014 | Bash | Remote code execution via variables | Yes | [Cloudflare/Exploits](https://blog.cloudflare.com/inside-shellshock/) |
15 | | - | [Drupalgeddon](https://www.drupal.org/forum/newsletters/security-advisories-for-drupal-core/2014-10-15/sa-core-2014-005-drupal-core-sql) | 2014 | Drupal | SQL Injection leading to RCE | Yes | [Drupal/Automated attacks after 7h](https://www.drupal.org/forum/newsletters/security-public-service-announcements/2014-10-29/drupal-core-highly-critical) |
16 | | - | [POODLE](https://www.openssl.org/~bodo/ssl-poodle.pdf) | 2014 | SSLv3 | Padding oracle with downgrade attack | No | - |
17 | | - | [goto fail](https://www.imperialviolet.org/2014/02/22/applebug.html) | 2014 | Apple iOS | Typo in source code disabling TLS certificate verification | No | - |
18 | | - | [GHOST](https://blog.qualys.com/laws-of-vulnerabilities/2015/01/27/the-ghost-vulnerability) | 2015 | Glibc | Buffer overflow via DNS | No | - |
19 | | - | [FREAK](https://www.freakattack.com/) | 2015 | TLS | Downgrade to export ciphers | No | - |
20 | | - | [Superfish](https://en.wikipedia.org/wiki/Superfish) | 2015 | Lenovo laptops | Bundled software with shared root certificate | No | - |
21 | | - | [Rowhammer](https://googleprojectzero.blogspot.com/2015/03/exploiting-dram-rowhammer-bug-to-gain.html) | 2015 | DRAM | Bitflips in RAM modules | No | - |
22 | | - | [Logjam](https://weakdh.org/) | 2015 | TLS | Weak diffie hellman parameters | No* | Speculation this may've been exploited by the NSA |
23 | | - | [Stagefright](https://en.wikipedia.org/wiki/Stagefright_(bug)) | 2015 | Stagefright/Android | Memory corruption in media parsers | No | - |
24 | | 
| [VENOM](https://venom.crowdstrike.com/) | 2015 | QEMU | VM escape | No | - |
25 | | 
| [DROWN](https://drownattack.com/) | 2016 | TLS/SSLv2 | Bleichenbacher attack using SSLv2 | No | - |
26 | | 
| [Badlock](https://web.archive.org/web/20170608065927/http://badlock.org/) | 2016 | Samba/SMB | Various man in the middle attacks | No | - |
27 | | - | [ImageTragick](https://imagetragick.com/) | 2016 | Imagemagick | Remote code execution in image parsers | Yes | [Cloudflare reporting attacks](https://blog.cloudflare.com/inside-imagetragick-the-real-payloads-being-used-to-hack-websites-2/) |
28 | | - | [HEIST](https://tom.vg/papers/heist_blackhat2016.pdf) | 2016 | TLS | Compression attack with Javascript/TCP sidechannel | No | - |
29 | | 
| [Sweet32](https://sweet32.info/) | 2016 | TLS/3DES | Block collissions in 64 bit block ciphers | No | - |
30 | | 
| [Dirty COW](https://dirtycow.ninja/) | 2016 | Linux Kernel | Race condition leading to local root exploit | Yes | [ZDNet/Drupalgeddon2/DirtyCOW attacks](https://www.zdnet.com/article/hackers-use-drupalgeddon-2-and-dirty-cow-exploits-to-take-over-web-servers/) [TrendMicro/ZNIU Android Malware](https://blog.trendmicro.com/trendlabs-security-intelligence/zniu-first-android-malware-exploit-dirty-cow-vulnerability/) |
31 | | 
| [KRACK](https://www.krackattacks.com/) | 2017 | WPA2 | Nonce reuse in wireless encryption | No | - |
32 | | 
| [DUHK](https://duhkattack.com/) | 2017 | FortiOS | Hardcoded key in FIPS-certified X9.31 RNG | No | - |
33 | | 
| [ROBOT](https://robotattack.org/) | 2017 | TLS | Lack of Bleichenbacher attack countermeasures | No | - |
34 | | - | [EternalBlue](https://en.wikipedia.org/wiki/EternalBlue) | 2017 | Windows/SMBv1 | Remote code exection via SMB | Yes | [WaPo/NSA use](https://www.washingtonpost.com/business/technology/nsa-officials-worried-about-the-day-its-potent-hacking-tool-would-get-loose-then-it-did/2017/05/16/50670b16-3978-11e7-a058-ddbb23c75d82_story.html?utm_term=.494c978e2f2e), [WannaCry](https://en.wikipedia.org/wiki/WannaCry_ransomware_attack), [NotPetya](https://en.wikipedia.org/wiki/Petya_(malware)) |
35 | | - | [SambaCry](https://www.samba.org/samba/security/CVE-2017-7494.html) | 2017 | Samba | RCE via Samba shares | Yes | [Kaspersky/Honeypot attacks](https://securelist.com/sambacry-is-coming/78674/) |
36 | | 
| [Meltdown](https://meltdownattack.com/) | 2018 | CPU/OS | Speculative execution sidechannel attacking root/user barrier | No | - |
37 | | 
| [Spectre](https://spectreattack.com/) | 2018 | CPU/OS | Speculative execution sidechannel attacking program flow | No | - |
38 | | - | [Drupalgeddon 2](https://www.drupal.org/sa-core-2018-002) | 2018 | Drupal | Remote code execution | Yes | [ZDNet/Drupalgeddon2/DirtyCOW attacks](https://www.zdnet.com/article/hackers-use-drupalgeddon-2-and-dirty-cow-exploits-to-take-over-web-servers/) |
39 | | 
| [EFAIL](https://efail.de/) | 2018 | OpenPGP/SMIME | Exfiltrate decrypted mails with HTML | No | - |
40 | | - | [Bleichenbacher's CAT](http://cat.eyalro.net/) | 2018 | TLS | Lack of Bleichenbacher attack countermeasures | No | - |
41 |
42 | FAQ
43 | ===
44 |
45 | What?
46 | -----
47 |
48 | I'm wondering how many of the "famous" security vulnerabilities have actually been used in attacks that
49 | have been documented, so I made a list.
50 |
51 | Couldn't there be unknown attacks?
52 | ----------------------------------
53 |
54 | Obviously this list can only cover attacks that have been publicly documented, particularly targetted
55 | attacks or attacks within communities with low transparency.
56 |
57 | Still if attacks have been widely used it's reasonable to assume that someone will have documented them.
58 |
59 | The table is wrong! Attack X has been used!
60 | -------------------------------------------
61 |
62 | Please open an issue or a pull request. I created this repo to learn whether my assumptions are correct.
63 |
64 | What counts as a real world attack?
65 | -----------------------------------
66 |
67 | I realize the distinction can be blurry, but it should be an attack that has been carried out without
68 | the consent of the owner of the affected system and it should've successfully compromised some security
69 | expectation.
70 |
71 | Also there should be at least one publicly available description with sufficient detail to make the attack
72 | plausible, not just vague rumors.
73 |
74 | There's an important attack missing!
75 | ------------------------------------
76 |
77 | Open an issue or a pull request, but I may close it if I believe the attack hasn't received sufficient
78 | attention or is a pure marketing stunt.
79 |
80 | There's a logo missing!
81 | -----------------------
82 |
83 | Likely due to unclear licensing terms. All logos used here are under free licenses.
84 |
85 | Copyright
86 | =========
87 |
88 | The document and most logos are CC0 / public domain, with [some exceptions](LICENSE).
89 |
--------------------------------------------------------------------------------
/logo/efail.svg:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
256 |
--------------------------------------------------------------------------------