Microsoft PlayReady WMRMECC256 Key / root key issue (attack #5)

Read Time:24 Second

Posted by Security Explorations on Aug 13

Hello All,

There is an architectural / design issue of PlayReady, which can be
successfully exploited to gain access to license server by arbitrary
clients. The problem has its origin in flat certificate namespace /
reliance on a single root key in PlayReady along no auth at license
server end by default (deemed as no bug by Microsoft).

PlayReady client certificates encountered in Windows 10 / 11 and
CANAL+ STB device environments share a…

trunk-0.21.13-1.fc42

FEDORA-2025-3854530fd9 Packages in this update: trunk-0.21.13-1.fc42 Update description: Update Trunk to v0.21.13 Read More

April 8, 2025

USN-7424-1: Expat vulnerability

It was discovered that Expat could crash due to stack overflow when processing XML documents with deeply nested entity references....

April 8, 2025

mod_auth_openidc-2.4.16.11-1.fc41

FEDORA-2025-7d661758bd Packages in this update: mod_auth_openidc-2.4.16.11-1.fc41 Update description: REbase mod_auth_openidc-2.4.16.11 resolves CVE-2025-31492 - mod_auth_openidc allows OIDCProviderAuthRequestMethod POSTs to leak protected...

April 8, 2025

mod_auth_openidc-2.4.16.11-1.fc40

FEDORA-2025-80600b51c5 Packages in this update: mod_auth_openidc-2.4.16.11-1.fc40 Update description: REbase mod_auth_openidc-2.4.16.11 resolves CVE-2025-31492 - mod_auth_openidc allows OIDCProviderAuthRequestMethod POSTs to leak protected...

April 8, 2025