55 matches found
CVE-2021-40329
The Authentication API in Ping Identity PingFederate before 10.3 mishandles certain aspects of external password management...
CVE-2021-40329
Summary: CVE-2021-40329 affects Ping Identity PingFederate’s Authentication API prior to version 10.3, where external password management is mishandled. The vulnerability is tied to authentication handling and could impact confidentiality, integrity, and availability as reflected by the CVSS metr...
Ping Identity PingFederate 加密问题漏洞
Ping Identity PingFederate is a flagship software-based federation server in the United States. for identity management. A cryptographic issue vulnerability exists in Ping Identity PingFederate that stems from the mishandling of certain aspects of external password management by the Authenticatio...
Microsoft Windows Security Vulnerabilities
Microsoft Windows is a suite of operating systems for use on personal devices from the U.S.-based Microsoft Corporation. A security vulnerability exists in the Microsoft Windows Trust Authentication API. The following products and editions are affected: Windows 10 Version 20H2 for x64-based...
How Account Takeover Botnets Outsmart Traditional Security Controls
Account Takeover ATO describes when an online account is accessed and/ or used by someone other than its legitimate owner, usually for malicious purposes. Account Takeover attacks happen when an attacker is trying to get unauthorized access to an account or when the account has already been...
KDE KAuth Input Validation Error Vulnerability
KDE KAuth is a cross-platform authentication API from the KDE community. A security vulnerability exists in versions of KDE KAuth prior to 5.55. An attacker can exploit the vulnerability to bypass restrictions...
Portainer has an unspecified vulnerability (CNVD-2019-40492)
Portainer is a lightweight user management interface for managing Docker environments and Docker hosts. A security vulnerability exists in Portainer 1.19.2 and earlier versions, which stems from an API endpoint used for authentication returning 404 when an administrator has not been created, and...
CVE-2017-2343
The Integrated User Firewall UserFW feature was introduced in Junos OS version 12.1X47-D10 on the Juniper SRX Series devices to provide simple integration of user profiles on top of the existing firewall polices. As part of an internal security review of the UserFW services authentication API,...
CVE-2017-2343
The Integrated User Firewall UserFW feature was introduced in Junos OS version 12.1X47-D10 on the Juniper SRX Series devices to provide simple integration of user profiles on top of the existing firewall polices. As part of an internal security review of the UserFW services authentication API,...
CVE-2017-2343 SRX Series: Hardcoded credentials in Integrated UserFW feature.
The Integrated User Firewall UserFW feature was introduced in Junos OS version 12.1X47-D10 on the Juniper SRX Series devices to provide simple integration of user profiles on top of the existing firewall polices. As part of an internal security review of the UserFW services authentication API,...
ESA-2013-029: RSA SecurID Sensitive Information Disclosure Vulnerability
EMC Identifier: ESA-2013-029 CVE Identifier: CVE-2013-0941 Severity Rating: CVSS v2 Base Score: 6.8 AV:L/AC:L/Au:S/C:C/I:C/A:C Affected Products: RSA Authentication API versions prior to 8.1 SP1 RSA Web Agent for Apache Web Server versions prior to 5.3.5 RSA Web Agent for IIS versions prior to...
CVE-2013-0941
EMC RSA Authentication API before 8.1 SP1, RSA Web Agent before 5.3.5 for Apache Web Server, RSA Web Agent before 5.3.5 for IIS, RSA PAM Agent before 7.0, and RSA Agent before 6.1.4 for Microsoft Windows use an improper encryption algorithm and a weak key for maintaining the stored data of the no...
CVE-2013-0941
CVE-2013-0941 affects RSA/SecurID components. The node secret in affected products is stored using a dated encryption algorithm with a weak key, exposing confidentiality and integrity risk for local communications between RSA/Access Manager components. Affected: RSA Authentication API up to 8.1 S...
Wind River Systems VxWorks weak default hashing algorithm in standard authentication API (loginLib)
Overview The hashing algorithm that is used in the standard authentication API for VxWorks is susceptible to collisions. An attacker can brute force a password by guessing a string that produces the same hash as a legitimate password. Description An attacker with a known username and access to a...
Mandrake Linux Security Advisory : cyrus-sasl (MDKSA-2002:018)
Kari Hurtta discovered that a format bug exists in the Cyrus SASL library, which is used to provide an authentication API for mail clients and servers, as well as other services such as LDAP. The format bug was found in one of the logging functions which could be used by an attacker to obtain...