CVE-2021-41011

LINE client for iOS before 11.15.0 might expose authentication information for a certain service to external entities under certain conditions. This is usually impossible, but in combination with a server-side bug, attackers could get this information...

CVE-2021-20332 MongoDB Rust Driver may publish events containing authentication-related data to a connection pool event listener configured by an application

Specific MongoDB Rust Driver versions can include credentials used by the connection pool to authenticate connections in the monitoring event that is emitted when the pool is created. The user's logging infrastructure could then potentially ingest these events and unexpectedly leak the credential...

CVE-2021-25644

An issue was discovered in Couchbase Server 5.x and 6.x through 6.6.1 and 7.0.0 Beta. Incorrect commands to the REST API can result in leaked authentication information being stored in cleartext in the debug.log and info.log files, and is also shown in the UI visible to administrators...

Debian DLA-2664-1 : curl security update

Viktor Szakats reported that libcurl, an URL transfer library, does not strip off user credentials from the URL when automatically populating the Referer HTTP request header field in outgoing HTTP requests. Sensitive authentication data may leak to the server that is the target of the second HTTP...

CVE-2020-27185

Cleartext transmission of sensitive information via Moxa Service in NPort IA5000A series serial devices. Successfully exploiting the vulnerability could enable attackers to read authentication data, device configuration, and other sensitive data transmitted over Moxa Service...

CVE-2020-27185

Cleartext transmission of sensitive information via Moxa Service in NPort IA5000A series serial devices. Successfully exploiting the vulnerability could enable attackers to read authentication data, device configuration, and other sensitive data transmitted over Moxa Service...

CVE-2021-20331

Specific versions of the MongoDB C Driver may erroneously publish events containing authentication-related data to a command listener configured by an application. The published events may contain security-sensitive data when commands such as "saslStart", "saslContinue", "isMaster", "createUser",...

CVE-2021-20331 MongoDB C# Driver may publish events containing authentication-related data to a command listener configured by an application

Specific versions of the MongoDB C Driver may erroneously publish events containing authentication-related data to a command listener configured by an application. The published events may contain security-sensitive data when commands such as "saslStart", "saslContinue", "isMaster", "createUser",...

PT-2021-13890 · Mongodb · Mongodb C Driver

Name of the Vulnerable Software and Affected Versions: MongoDB C Driver versions 2.12.0 through 2.12.1 Description: The MongoDB C Driver may erroneously publish events containing authentication-related data to a command listener configured by an application. The published events may contain...

Security update for irssi (moderate)

openSUSE Security Update: Security update for irssi Announcement ID: openSUSE-SU-2021:0587-1 Rating: moderate References: 1184848 Affected Products: openSUSE Leap 15.2 An update that contains security fixes can now be installed. Description: This update for irssi fixes the following issues: irssi...

MDR Vendor Must-Haves, Part 4: Ingestion of Authentication Data Across Local, Domain, and Cloud Sources

This blog post is part of an ongoing series about evaluating Managed Detection and Response MDR providers. For more insights, check out our guide, “10 Things Your MDR Service Must Do.” There isn’t a single threat or breach that doesn’t involve attackers using legitimate credentials to cause harm...

The vulnerability of the authentication policy for the “Red Database” database management systems, related to errors in authentication data verification, allows attackers to increase their privileges.

The vulnerability of the authentication policy for the “Red Database” database management systems is related to an error in verifying authentication data. Exploiting this vulnerability can allow attackers, operating remotely, to increase their privileges...

USN-4869-1 aria2 vulnerability

It was discovered that aria2 could accidentally leak authentication data. An attacker could possibly use this to gain access to sensitive information...

Sovremennye Delovye Tekhnologii FX Aggregator Security Breach

A security vulnerability exists in Sovremennye Delovye Tekhnologii FX that originates from storing authentication credentials in plaintext during login...

Sql injection

SolarWinds Orion Platform before 2020.2.4, as used by various SolarWinds products, installs and uses a SQL Server backend, and stores database credentials to access this backend in a file readable by unprivileged users. As a result, any user having access to the filesystem can read database login...

Interpol Arrests 3 Nigerian BEC Scammers For Targeting Over 500,000 Entities

Three Nigerian citizens suspected of being members of an organized cybercrime group behind distributing malware, carrying out phishing campaigns, and extensive Business Email Compromise BEC scams have been arrested in the city of Lagos, Interpol reported yesterday. The investigation, dubbed...

CVE-2020-27656

Cleartext transmission of sensitive information vulnerability in DDNS in Synology DiskStation Manager DSM before 6.2.3-25426-2 allows man-in-the-middle attackers to eavesdrop authentication information of DNSExit via unspecified vectors...

PT-2020-16750 · Synology · Synology Diskstation Manager

Name of the Vulnerable Software and Affected Versions: Synology DiskStation Manager DSM versions prior to 6.2.3-25426-2 Description: The issue concerns the cleartext transmission of sensitive information in DDNS, allowing man-in-the-middle attackers to eavesdrop on authentication information of...

CVE-2020-6319

SAP NetWeaver Application Server Java, versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, and 7.50 allows an unauthenticated attacker to include JavaScript blocks in any web page or URL with different symbols which are otherwise not allowed. On successful exploitation an attacker can steal...

ARC Informatique PcVue Denial of Service Vulnerability

Pcvue is a multi-functional HMI-SCADA software from ARC Informatique, an all-in-one solution that monitors all aspects of a customer's assets.PcVue is used in a wide range of applications including industrial control, building management, energy management, smart grid, energy distribution,...