Blackboard Learn bb-auth-provider-cas authentication module input validation error vulnerability

Blackboard Learn is a learning management system from Blackboard, Inc. bb-auth-provider-cas authentication is one of the authentication modules. A security vulnerability exists in the bb-auth-provider-cas authentication module in Blackboard Learn version 2018-07-02. An attacker could exploit this...

CVE-2018-13257

The bb-auth-provider-cas authentication module within Blackboard Learn 2018-07-02 is susceptible to HTTP host header spoofing during Central Authentication Service CAS service ticket validation, enabling a phishing attack from the CAS server login page...

CVE-2018-13257

The CVE-2018-13257 vulnerability affects Blackboard Learn (2018-07-02) in the bb-auth-provider-cas authentication module. The issue is HTTP host header spoofing during CAS service ticket validation, enabling a phishing attack from the CAS server login page. Connected records consistently describe...

httpd: mod_auth_digest: access control bypass due to race condition

A race condition was found in modauthdigest when the web server was running in a threaded MPM configuration. It could allow a user with valid credentials to authenticate using another username, bypassing configured access control restrictions...

The vulnerability of the PAM module of Cisco Firepower Threat Defense’s microprogramming network interfaces, as well as the Cisco Firepower Management Center’s network management software and the Cisco FX-OS operating system, allows a perpetrator to trigger a service failure.

The vulnerability of the PAM module of Cisco Firepower Threat Defense’s microprogramming network interfaces, as well as the Cisco Firepower Management Center’s network management software and the Cisco FX-OS operating system, involves an uncontrolled consumption of resources. Exploiting this...

Regular Expression Denial Of Service (ReDoS)

webrick is vulenrable to regex denial of service. An attacker is able to crash the application by submitting malicious strings within the Authorization header to the authentication module...

DEBIAN-CVE-2019-14287

In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer account can bypass certain policy blacklists and session PAM modules, and can cause incorrect logging, by invoking sudo with a crafted user ID. For example, this allows bypass of !root configuration, and USER= logging, for a "su...

CVE-2019-12700

A vulnerability in the configuration of the Pluggable Authentication Module PAM used in Cisco Firepower Threat Defense FTD Software, Cisco Firepower Management Center FMC Software, and Cisco FXOS Software could allow an authenticated, remote attacker to cause a denial of service DoS condition. Th...

CVE-2019-12700

A vulnerability in the configuration of the Pluggable Authentication Module PAM used in Cisco Firepower Threat Defense FTD Software, Cisco Firepower Management Center FMC Software, and Cisco FXOS Software could allow an authenticated, remote attacker to cause a denial of service DoS condition. Th...

CVE-2019-12700 Cisco FTD, FMC, and FXOS Software Pluggable Authentication Module Denial of Service Vulnerability

A vulnerability in the configuration of the Pluggable Authentication Module PAM used in Cisco Firepower Threat Defense FTD Software, Cisco Firepower Management Center FMC Software, and Cisco FXOS Software could allow an authenticated, remote attacker to cause a denial of service DoS condition. Th...

CVE-2019-12700 Cisco FTD, FMC, and FXOS Software Pluggable Authentication Module Denial of Service Vulnerability

A vulnerability in the configuration of the Pluggable Authentication Module PAM used in Cisco Firepower Threat Defense FTD Software, Cisco Firepower Management Center FMC Software, and Cisco FXOS Software could allow an authenticated, remote attacker to cause a denial of service DoS condition. Th...

Cisco FTD, FMC, and FXOS Software Pluggable Authentication Module Denial of Service Vulnerability

A vulnerability in the configuration of the Pluggable Authentication Module PAM used in Cisco Firepower Threat Defense FTD Software, Cisco Firepower Management Center FMC Software, and Cisco FXOS Software could allow an authenticated, remote attacker to cause a denial of service DoS condition. Th...

DEBIAN-CVE-2019-16729

pam-python before 1.0.7-1 has an issue in regard to the default environment variable handling of Python, which could allow for local root escalation in certain PAM setups...

The vulnerability of the krb_parse_authz_data function in the SnAuthRPC module of the Secret Net Studio security system allows a hacker to trigger a service failure.

The vulnerability of the krbparseauthzdata function in the SnAuthRPC module of the Secret Net Studio security system is related to buffer overflow attacks. Exploiting this vulnerability could allow a malicious actor to cause service interruptions remotely...

httpd: Weak Digest auth nonce generation in mod_auth_digest

In Apache httpd 2.2.0 to 2.4.29, when generating an HTTP Digest authentication challenge, the nonce sent to prevent reply attacks was not correctly generated using a pseudo-random seed. In a cluster of servers using a common Digest authentication configuration, HTTP requests could be replayed...

The vulnerability of the connected authentication module of the Linux operating system PAM, which allows a hacker to trigger a service failure.

The vulnerability of the connected authentication module in the PAM operating system of Astra Linux relates to the inability for domain users to obtain token tokens during authentication when they lose connection to the domain server. Exploiting this vulnerability could allow a malicious actor to...

The vulnerability of the PAM module for handling NSS data for the LDAP server nss-pam-ldapd allows a perpetrator to bypass the authentication process.

The vulnerability of the PAM module “nslcd/pam.c” for handling NSS data for the LDAP server nss-pam-ldapd is related to the return of the success code when the user is not found in the LDAP database. Exploiting this vulnerability can allow a malicious actor to bypass the authentication process...

FreeRDP NTLM Authentication Module Out-of-Bounds Read Vulnerability

FreeRDP is a free, open source implementation of the Remote Desktop Protocol RDP developed by the FreeRDP team.NTLM Authentication module is one of the NTLM NT Lan Manager authentication modules. An out-of-bounds read vulnerability exists in the NTLM Authentication module in versions prior to...

Micro Focus openSUSE Leap and SUSE Linux Enterprise PAM Access Bypass Vulnerabilities

Micro Focus openSUSE Leap and SUSE Linux Enterprise are both different versions of the Linux operating system from Micro Focus in the U.K. PAM is one of the Pluggable Authentication Modules. An access bypass vulnerability exists in Micro Focus openSUSE Leap version 15.0 and PAM version 1.3.0 in...

CVE-2018-0052

If RSH service is enabled on Junos OS and if the PAM authentication is disabled, a remote unauthenticated attacker can obtain root access to the device. RSH service is disabled by default on Junos. There is no documented CLI command to enable this service. However, an undocumented CLI command...