AI scammers target Gmail accounts, say they have your death certificate

Several reputable sources are warning about a very sophisticated Artificial Intelligence AI supported type of scam that is bound to trick a lot of people into compromising their Gmail account. The most recent warning comes from CEO of Y Combinator Garry Tan who posted on X, saying the scammers...

Debian dla-3496 : lemonldap-ng - security update

The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3496 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3496-1 [email protected] https://www.debian.org/lts/security/...

CVE-2023-28862

An issue was discovered in LemonLDAP::NG before 2.16.1. Weak session ID generation in the AuthBasic handler and incorrect failure handling during a password check allow attackers to bypass 2FA verification. Any plugin that tries to deny session creation after the store step does not deny an...

Session fixation

An issue was discovered in LemonLDAP::NG before 2.16.1. Weak session ID generation in the AuthBasic handler and incorrect failure handling during a password check allow attackers to bypass 2FA verification. Any plugin that tries to deny session creation after the store step does not deny an...

No rate limit on "resend email feature" while enable or disable 2FA from /prefs/mfa endpoint

Description When a user is setting up 2FA , a verification code will be sent to the registered email . There is no rate limit on email triggering that will result in an email flood / does attack or will also increase the expenses on your mail server as an attacker can send 1 million emails throug...