78 matches found
Debian: Security Advisory (DSA-4301-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
BotPassword can bypass CentralAuth's account lock
More info at https://phabricator.wikimedia.org/T194605...
mediawiki -- multiple vulnerabilities
Mediawiki reports: Security fixes: T169545: $wgRateLimits entry for 'user' overrides 'newbie'. T194605: BotPasswords can bypass CentralAuth's account lock. T187638: When a log event is partially hidden Special:Redirect/logid can link to the incorrect log and reveal hidden T193237:...
UBUNTU-CVE-2017-11191
DISPUTED FreeIPA 4.x with API version 2.213 allows a remote authenticated users to bypass intended account-locking restrictions via an unlock action with an old session ID for the same user account that had been created for an earlier session. NOTE: Vendor states that issue does not exist in...
PT-2017-11811 · Red Hat +1 · Freeipa +1
Name of the Vulnerable Software and Affected Versions: FreeIPA versions 4.x Description: The issue allows a remote authenticated user to bypass intended account-locking restrictions via an unlock action with an old session ID for the same user account that had been created for an earlier session...
CVE-2016-7030
FreeIPA uses a default password policy that locks an account after 5 unsuccessful authentication attempts, which allows remote attackers to cause a denial of service by locking out the account in which system services run on...
Basware Banking Denial of Service Vulnerability
Basware Banking Maksuliikenne is a suite of software from the Finnish company Basware that establishes connections with banks to manage their own finances. A security vulnerability exists in Basware Banking version 8.90.07 and earlier, which arises from the program's reliance on the client to...
phpwind登录处可撞库可锁定他人帐号
简要描述: Phpwind在登录处可以撞库官网演示 以及锁定他人帐号,可持续批量锁定是不是很爽,未测试。。。。。 开启验证码也可绕过。 详细说明: 黑盒测试的直接说怎么用吧。 1. 我们先把所有帐号的用户提取出来。 代码如下 def getuid: con=urllib2.urlopen"http://www.phpwind.net/index.php?m=space&uid="+struid.read r=re.compile'\S+的个人空间' return r.findallcon 2. 再来做个社工库的接口,根据用户名提取密码。 def getpassname:...
Count as vulnerability? PayPal account locked is to bypass the controversial-vulnerability warning-the black bar safety net
Security researchers&white hat Kunz Mejri recently found out about Paypal mobile payment API the vulnerability, an attacker could exploit the vulnerability to bypass Paypal's anti-theft Number Lock design. The use of mobile payment API to bypass account locking design PayPal's anti-theft Number...
Facebook Glitch Locks Out Accounts
A bug in an account verification system used by Facebook resulted in a wave of account suspensions Tuesday that had users locked out of the world’s largest social network and scratching their heads over the reason. Facebook discovered a bug in a system designed to detect and disable fake accounts...
Crack Oracle Password: [Oracle password]-vulnerability warning-the black bar safety net
Note: the station authorization starting, reprint please indicate the source Author:Mickey To connect to a remote Oracle database, need to know the SID, user name, password, and of course the most important IP address. SID If is administrator to modify, you can use sidguess to be cracked, the spe...
S21SEC-040-en: Infinite invalid authentication attempts possible in BEA WebLogic Server
S21Sec Advisory - Title: Infinite invalid authentication attempts possible in BEA WebLogic Server ID: S21SEC-040-en Severity: Medium Scope: BEA Weblogic Platforms: All Author: [email protected] URL: http://www.s21sec.com/avisos/s21sec-040-en.txt Release: Public SUMMARY It's possible to launch a...
3proxy user account locking
It's possible to lock user's account if user's password is stored as NT-hash via HTTP proxy. Service restart or configuration reload is required to restore account in working state. In addition, Basic authentication is offered as first authentication protocol, it can lead to shoosing weak clearte...
CVE-2005-4274
CVE-2005-4274 affects Business Objects WebIntelligence 6.5x. The vulnerability permits remote attackers to cause a denial of service (user account lockout) via unknown attack vectors related to authentication mechanisms and form input. The available sources describe the issue but do not provide c...
CVE-2005-4274
Unspecified vulnerability in Business Objects WebIntelligence 6.5x allows remote attackers to cause a denial of service user account lock out via unknown attack vectors related to "authentication mechanisms" and "form input."...
CVE-2005-4274
Unspecified vulnerability in Business Objects WebIntelligence 6.5x allows remote attackers to cause a denial of service user account lock out via unknown attack vectors related to "authentication mechanisms" and "form input."...
WebEOC account lock-out policy may allow a denial-of-service
Overview WebEOC account lock out policy may allow a remote attacker to disable user and system accounts resulting in a denial-of-service condition. Description WebEOC is a web-based crisis information management application that provides functions to gather, coordinate, and disseminate informatio...
CVE-2002-2028
The screensaver on Windows NT 4.0, 2000, XP, and 2002 does not verify if a domain account has already been locked when a valid password is provided, which makes it easier for users with physical access to conduct brute force password guessing...