Multiple Information Disclosure Vulnerabilities in Fortinet FortiAuthenticator Appliance

Fortinet FortiAuthenticator is a family of secure authentication software from Fortinet that can be combined with FortiToken two-factor authentication token to provide secure two-factor authentication to third-party devices authenticated via RADIUS or LDAP. The Fortinet FortiAuthenticator Applian...

[SECURITY] [DSA 3017-1] php-cas security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3017-1 [email protected] http://www.debian.org/security/ Thijs Kinkhorst September 2, 2014 http://www.debian.org/security/faq -...

Debian Security Advisory DSA 3017-1 (php-cas - security update)

Marvin S. Addison discovered that Jasig phpCAS, a PHP library for the CAS authentication protocol, did not encode tickets before adding them to an URL, creating a possibility for cross site scripting. OpenVAS Vulnerability Test $Id: deb3017.nasl 6692 2017-07-12 09:57:43Z teissa $ Auto-generated...

DSA-3017-1 php-cas - security update

Bulletin has no description...

Oracle Database Server Authentication Protocol Security Bypass Vulnerability

Oracle Database Server is prone to a security bypass vulnerability. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Fedora Update for php-pear-Auth-OpenID FEDORA-2013-15253

Check for the Version of php-pear-Auth-OpenID OpenVAS Vulnerability Test Fedora Update for php-pear-Auth-OpenID FEDORA-2013-15253 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it...

Cisco IOS Extensible Authentication Protocol Vulnerability (cisco-sr-20071019-eap)

The version of Cisco IOS running on the remote host has a denial of service vulnerability. The Extensible Authentication Protocol EAP implementation does not properly process EAP packets, which could cause the device to crash. A remote, unauthenticated attacker could exploit this to execute...

Ruckus ZoneDirector authentication bypass

Unauthorized access if external authentication protocol is configured...

VMSA-2013-0001:VMware vSphere security updates for the authentication service and third party libraries

VMSA-2013-0001.5 VMware vSphere security updates for the authentication service and third party libraries VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2013-0001.5 VMware Security Advisory Synopsis: VMware vSphere security updates for the authentication service and third par...

The latest Oracle Database authentication Protocol security bypass vulnerability-vulnerability warning-the black bar safety net

The Oracle Database was found likely to cause a remote security bypass vulnerability, and impact to its own authentication Protocol. An attacker can exploit this vulnerability to bypass the database authentication to access the database from unauthorized access. Affected versions: Oracle Database...

Oracle Database Authentication Protocol Security Bypass

Oracle Database is prone to a remote security-bypass vulnerability that affects the authentication protocol. An attacker can exploit this issue to bypass the authentication process and gain unauthorized access to the database. This vulnerability affects Oracle Database 11g Release 1 and 11g Relea...

DEBIAN-CVE-2012-4445

Heap-based buffer overflow in the eapservertlsprocessfragment function in eapservertlscommon.c in the EAP authentication server in hostapd 0.6 through 1.0 allows remote attackers to cause a denial of service crash or abort via a small "TLS Message Length" value in an EAP-TLS message with the "Mor...

CVE-2012-3137

The authentication protocol in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3 allows remote attackers to obtain the session key and salt for arbitrary users, which leaks information about the cryptographic hash and makes it easier to conduct brute force...

CVE-2012-3137

The authentication protocol in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3 allows remote attackers to obtain the session key and salt for arbitrary users, which leaks information about the cryptographic hash and makes it easier to conduct brute force...

Oracle Database stealth password cracking vulnerability

Oracle suffered with serious vulnerability in the authentication protocol used by some Oracle databases. This Flaw enable a remote attacker to brute-force a token provided by the server prior to authentication and determine a user's password. A researcher - Esteban Martinez Fayo, a researcher wit...

Chip and PIN payment card system vulnerable to Card cloning

At a cryptography gathering in Leuven, Belgium, on Tuesday, Cambridge University researchers made it known that they do not like what they see in chip and pin systems. The chip and PIN system employed by most European and Asian banks is definitely more secure than the magnetic strip one, but it...

Microsoft Warns Users About ChapCrack Tool Availability

Microsoft is warning customers about the availability of the ChapCrack tool that Moxie Marlinspike built to crack the VPN credentials for systems built on MS-CHAPv2 protocol. The company said that while it’s not aware of any active attacks using the tool, customers can protect themselves by...

New Tool From Moxie Marlinspike Cracks Some Crypto Passwords

Moxie Marlinspike, the security and privacy researcher known for his SSLStrip, Convergence and RedPhone tools, has released a new tool that can crack passwords used for some VPNs and wireless networks that rely on encryption using Microsoft’s MS-CHAPv2 protocol. Marlinspike discussed the tool...

IBM solidDB User Authentication Bypass Vulnerability

IBM solidDB is prone to an authentication bypass vulnerability. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:ibm:soliddb";...

3D Secure Authentication Taken to Task

Researchers at the University of Cambridge Computer Laboratory, say the 3D Secure 3DS authentications system branded as the “Verified by Visa” and “MasterCard SecureCode” schemes are “a text book example of how not to design an authentication protocol.” Read the full article. The H Security...