CVE-2023-21689

Microsoft Protected Extensible Authentication Protocol PEAP Remote Code Execution Vulnerability...

CVE-2023-21690

Microsoft Protected Extensible Authentication Protocol PEAP Remote Code Execution Vulnerability...

CVE-2023-21691

Microsoft Protected Extensible Authentication Protocol PEAP Information Disclosure Vulnerability...

DEBIAN-CVE-2023-25566

GSS-NTLMSSP is a mechglue plugin for the GSSAPI library that implements NTLM authentication. Prior to version 1.2.0, a memory leak can be triggered when parsing usernames which can trigger a denial-of-service. The domain portion of a username may be overridden causing an allocated memory area the...

UBUNTU-CVE-2023-25567

GSS-NTLMSSP, a mechglue plugin for the GSSAPI library that implements NTLM authentication, has an out-of-bounds read when decoding target information prior to version 1.2.0. The length of the avpair is not checked properly for two of the elements which can trigger an out-of-bound read. The...

KLA20233 Multiple vulnerabilities in Microsoft Windows

Multiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to obtain sensitive information, execute arbitrary code, gain privileges, cause denial of service. Below is a complete list of vulnerabilities: 1. An information disclosure vulnerability in...

KB5022845: Windows 11 Security Update (February 2023)

The remote Windows host is missing security update 5022845. It is, therefore, affected by multiple vulnerabilities - Microsoft PostScript Printer Driver Remote Code Execution Vulnerability CVE-2023-21684, CVE-2023-21801 - Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution...

Microsoft Windows Protected EAP 安全漏洞

Microsoft Windows is a suite of operating systems for use on personal devices from the U.S.-based Microsoft Corporation Microsoft. A security vulnerability exists in Microsoft Windows Protected EAP PEAP. The following products and editions are affected:Windows Server 2016 Server Core...

Microsoft Windows 安全漏洞

Microsoft Windows is a suite of operating systems for use on personal devices from the U.S.-based Microsoft Corporation Microsoft. A security vulnerability exists in Microsoft Windows Protected EAP PEAP. The following products and versions are affected: Windows 10 Version 20H2 for 32-bit...

KB5022893: Windows Server 2008 Security Update (February 2023)

The remote Windows host is missing security update 5022893. It is, therefore, affected by multiple vulnerabilities - Windows iSCSI Discovery Service Remote Code Execution Vulnerability CVE-2023-21803 - Microsoft PostScript Printer Driver Remote Code Execution Vulnerability CVE-2023-21684,...

PT-2023-1448 · Microsoft · Windows

Name of the Vulnerable Software and Affected Versions: Microsoft Windows affected versions not specified Description: The issue is related to the implementation of the Protected Extensible Authentication Protocol PEAP in Windows operating systems, which is associated with insufficient input...

USN-5849-1: Heimdal vulnerabilities

Helmut Grohne discovered that Heimdal GSSAPI incorrectly handled logical conditions that are related to memory management operations. An attacker could possibly use this issue to cause a denial of service...

Wireshark 安全漏洞

Wireshark is a network packet analyzer. A security vulnerability exists in Wireshark EAP dissector, which can be exploited by remote attackers to submit a special request that can crash the application...

PT-2023-16252 · Wireshark +3 · Wireshark +3

Name of the Vulnerable Software and Affected Versions: Wireshark versions 4.0.0 through 4.0.2 Description: The issue is related to a crash in the EAP dissector, allowing denial of service via packet injection or crafted capture file. Recommendations: For Wireshark versions 4.0.0 through 4.0.2,...

ALPINE-CVE-2022-41860

In freeradius, when an EAP-SIM supplicant sends an unknown SIM option, the server will try to look that option up in the internal dictionaries. This lookup will fail, but the SIM code will not check for that failure. Instead, it will dereference a NULL pointer, and cause the server to crash...

DEBIAN-CVE-2022-41859

In freeradius, the EAP-PWD function computepasswordelement leaks information about the password which allows an attacker to substantially reduce the size of an offline dictionary attack...

CVE-2022-4861

Incorrect implementation in authentication protocol in M-Files Client before 22.5.11356.0 allows high privileged user to get other users tokens to another resource...

Authentication flaw

Incorrect implementation in authentication protocol in M-Files Client before 22.5.11356.0 allows high privileged user to get other users tokens to another resource...

CVE-2022-4861

CVE-2022-4861 maps to an authentication flaw in M-Files Client. Connected PT-2022-28147 confirms the issue affects M-Files Client prior to 22.5.11356.0 (and also mentions Server impact). Root cause: incorrect implementation in the authentication protocol that enables a high-privileged user to obt...

The vulnerability in the implementation of the Windows operating system’s Network Authentication Protocol NTLM allows attackers to perform spoofing attacks.

The vulnerability of the Windows operating system’s Network Authentication Protocol NTLM implementation lies in the ability to bypass authentication through spoofing attacks. Exploiting this vulnerability allows a malicious actor to carry out spoofing attacks remotely...