Maxim Suhanov

The vendor reported that this issue has been fixed in 14.1-60.52. No security advisory, CVE ID, release notes entry was published. Although this is a minor vulnerability, it is a vulnerability. 2/2

NotCVE-2026-0002: if you run two NetScalers in the high availability (HA/HA-INC) deployment, no SSH host key checks are performed between them, even when you followed every advice listed here: https://t.co/V5M7nz1Xsv (see: Set up secure communication between peer appliances) 1/2

- BestCrypt Volume Encryption breaks many XTS mode guarantees (and the vendor doesn't care). 4/4

My long post about wide-block & AEAD modes in full-disk encryption: it cover threat models, vulnerabilities, and edge cases. Key points: - It's common for FDE implementations to fail outside of the encryption layer. https://t.co/ze4H8jBF48 1/4

directory entries). - Defusing the Elephant diffuser: injecting a bunch of null bytes into the BitLocker-encrypted volume (AES-CBC with Elephant diffuser). An interesting but unexploitable bug present since Vista. 3/4

Do we really need XTS key scopes here? 5/5