359 matches found
Memory corruption
The Internet Authentication Service IAS in Microsoft Windows Vista SP2 and Server 2008 SP2 does not properly validate MS-CHAP v2 Protected Extensible Authentication Protocol PEAP authentication requests, which allows remote attackers to execute arbitrary code via crafted structures in a malformed...
PT-2009-4912 · Microsoft · Windows Server 2008 R2 +2
Name of the Vulnerable Software and Affected Versions: Microsoft Windows Vista SP2 Microsoft Windows Server 2008 SP2 Description: A remote code execution issue exists due to improper validation of MS-CHAP v2 Protected Extensible Authentication Protocol PEAP authentication requests. This allows...
PT-2009-5949 · Microsoft · Ias +3
Name of the Vulnerable Software and Affected Versions: Microsoft Windows versions prior to the fixed version Description: The issue concerns the Internet Authentication Service IAS not properly verifying credentials in an MS-CHAP v2 Protected Extensible Authentication Protocol PEAP authentication...
pidgin: ignores SSL/TLS requirements with old jabber servers
protocols/jabber/auth.c in libpurple in Pidgin 2.6.0, and possibly other versions, does not follow the "require TLS/SSL" preference when connecting to older Jabber servers that do not follow the XMPP specification, which causes libpurple to connect to the server without the expected encryption an...
evolution-data-server: insufficient checking of NTLM authentication challenge packets
The ntlmchallenge function in the NTLM SASL authentication mechanism in camel/camel-sasl-ntlm.c in Camel in Evolution Data Server aka evolution-data-server 2.24.5 and earlier, and 2.25.92 and earlier 2.25.x versions, does not validate whether a certain length value is consistent with the amount o...
CVE-2008-1114
Vocera Communications wireless handsets, when using Protected Extensible Authentication Protocol PEAP, do not validate server certificates, which allows remote wireless access points to steal hashed passwords and conduct man-in-the-middle MITM attacks...
MIT Kerberos 5 RPC library RPCSEC_GSS buffer overflow
Added: 12/03/2007 CVE: CVE-2007-3999 BID: 25534 OSVDB: 37324 Background Kerberos is a network authentication protocol which provides strong authentication for client/server applications. MIT Kerberos 5 is a free implementation of this protocol. Problem A buffer overflow in the svcauthgssvalidate...
Mandrake Linux Security Advisory : MySQL (MDKSA-2007:177)
A vulnerability was found in MySQL's authentication protocol, making it possible for a remote unauthenticated attacker to send a specially crafted authentication request to the MySQL server causing it to crash CVE-2007-3780. Another flaw was discovered in MySQL that allowed remote authenticated...
CentOS 4 / 5 : mysql (CESA-2007:0875)
Updated mysql packages that fix a security flaw are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having important security impact by the Red Hat Security Response Team. MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server...
RHEL 4 / 5 : mysql (RHSA-2007:0875)
Updated mysql packages that fix a security flaw are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having important security impact by the Red Hat Security Response Team. MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server...
mysql security update
CentOS Errata and Security Advisory CESA-2007:0875 Updated mysql packages that fix a security flaw are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having important security impact by the Red Hat Security Response Team. MySQL is a multi-user, multi-threaded SQ...
DSA-1276-1 krb5 - several vulnerabilities
Bulletin has no description...
3APA3A : NTLM in corporate networks
November 18, 2004| 3APA3A NTLM in corporate networks Introduction When, a decade and a half ago, Microsoft began serious work on creating enterprise-wide centralized networks while working on the Windows NT operating system, the developers were given a very difficult and new task for those times ...
[Full-disclosure] RealVNC 4.1.1 Remote Compromise
Rumors of this bug began spreading on Slashdot and other sites, thanks to Steve Wiseman of intelliadmin.com who serendipitously discovered it while writing a VNC client. At first it was only a rumor, as Steve's site gave scant details and he himself was surprised such a huge hole could possibly...
CVE-2004-1459
Cisco Secure Access Control Server ACS 3.2, when configured as a Light Extensible Authentication Protocol LEAP RADIUS proxy, allows remote attackers to cause a denial of service device crash via certain LEAP authentication requests...
Release of Cisco Attack tool Asleap
In August 2003, I wrote a tool called asleap for Linux systems to exploit a weakness in the Cisco LEAP authentication protocol. Using this tool, an attacker can actively compromise Cisco LEAP networks by mounting an offline dictionary attack against weak user passwords. In my testing, I was able ...
Strong authentication bypass in SSH
By spoofing AllowedAuthentications variably client can shoose weak authentication protocol...
Kerberos 4 4.05 5.0 - KDC Spoofing
Kerberos 4 4.05 5.0 - KDC Spoofing source: https://www.securityfocus.com/bid/1616/info Kerberos is a cryptographic authentication protocol that allows users of a network to access services without transmitting cleartext passwords. A common implementation of the protocol includes a login service...
CVE-2000-0142
The authentication protocol in Timbuktu Pro 2.0b650 allows remote attackers to cause a denial of service via connections to port 407 and 1417...