220 matches found
python-paramiko: Authentication bypass in transport.py
It was found that when acting as an SSH server, paramiko did not properly check whether authentication is completed before processing other requests. A customized SSH client could use this to bypass authentication when accessing any resources controlled by paramiko...
Multiple Belden Hirschmann Switch Products Brute Force Vulnerabilities
Belden Hirschmann RS, etc. are switch products of Belden USA. A security vulnerability exists in the web interface of multiple Belden Hirschmann switch products, which stems from the program failing to properly limit the number of authentication requests. An attacker could use this vulnerability ...
Cross site scripting
Cross-site scripting XSS vulnerability in MistServer before 2.13 allows remote attackers to inject arbitrary web script or HTML via vectors related to failed authentication requests alerts...
CVE-2017-16884
Cross-site scripting XSS vulnerability in MistServer before 2.13 allows remote attackers to inject arbitrary web script or HTML via vectors related to failed authentication requests alerts...
Microsoft Skype for Business Elevation of Privilege Vulnerability
Microsoft Lync 2013 SP1 and Skype for Business 2016 are both products of Microsoft Corporation.Microsoft Lync formerly known as Microsoft Office Communicator 2013 SP1 is a new generation of integrated communication platform for the enterprise. Skype for Business 2016 is a set of integrated...
Users get multiple OTP Push Notifications, Radius servers see multiple Auth requests & Auth Failures
Users will receive authentication denials, may receive multiple Push Notifications, Radius servers will log multiple simultaneous authentication requests for the same user with different Radius IDs, or user One Time Password tokens will become locked out. If you review traces, you will see multip...
The vulnerability of the Windows operating system, which allows a perpetrator to trigger a service failure
The vulnerability of the LSASS component in the Windows operating system exists due to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to trigger a service failure reboot through a specially crafted authentication request...
MS17-004: Security Update for Local Security Authority Subsystem Service (3216771)
The remote Windows host is missing a security update. It is, therefore, affected by a denial of service vulnerability in the Local Security Authority Subsystem Service LSASS component due to improper handling of authentication requests. An unauthenticated, remote attacker can exploit this to...
CVE-2016-0917
The CVE-2016-0917 entry concerns EMC SMB services in VNXe (VNXe3200 OE <3.1.5.8711957 and VNXe3100/3150/3300 OE <2.4.4.22638), VNX1 File OE <7.1.80.3, VNX2 File OE
CVE-2016-0917
The SMB service in EMC VNXe VNXe3200 Operating Environment prior to 3.1.5.8711957 and VNXe3100/3150/3300 Operating Environment prior to 2.4.4.22638, VNX1 File OE before 7.1.80.3, VNX2 File OE before 8.1.9.155, and Celerra all supported versions does not prevent duplicate NTLM challenge-response...
The vulnerability of the Cisco Wireless LAN Controller 2500 software allows a malicious individual to cause service failure.
Vulnerability exists in Cisco Wireless LAN Controller WLC devices due to improper memory release. This allows malicious actors operating remotely to trigger a service failure by sending frequent WebAuth authorization requests...
The vulnerability of the Cisco Wireless LAN Controller 5500 software allows a malicious individual to cause service failure.
Vulnerability exists in Cisco Wireless LAN Controller WLC devices due to improper memory release. This allows malicious actors operating remotely to trigger a service failure by sending frequent WebAuth authorization requests...
The vulnerability of the Firefox browser, which allows a hacker to gain access to protected information
The vulnerability of Firefox browsers is related to the lack of protection for service data. Exploiting this vulnerability allows a malicious actor, operating remotely, to gain access to protected information through a specially crafted web page that sends NTLM requests...
sssd: memory leak in the sssd_pac_plugin
It was found that SSSD's Privilege Attribute Certificate PAC responder plug-in would leak a small amount of memory on each authentication request. A remote attacker could potentially use this flaw to exhaust all available memory on the system by making repeated requests to a Kerberized daemon...
sssd: memory leak in the sssd_pac_plugin
It was found that SSSD's Privilege Attribute Certificate PAC responder plug-in would leak a small amount of memory on each authentication request. A remote attacker could potentially use this flaw to exhaust all available memory on the system by making repeated requests to a Kerberized daemon...
LOCKON EC-CUBE Cross-Site Request Forgery Vulnerability (CNVD-2015-07298)
LOCKON EC-CUBE is an open source e-commerce website building platform developed by Japan LOCKON Co. A cross-site request forgery vulnerability exists in LOCKON EC-CUBE versions 2.11.0 through 2.13.3. It allows remote attackers to hijack arbitrary users to write PHP scripts and arbitrary user...
Cybozu Garoon vulnerable to LDAP injection
Overview Cybozu Garoon is a groupware. Cybozu Garoon contains an issue in processing authentication requests, which may result in an LDAP injection vulnerability. Impact A malicious user authorized to administer uesrs in certain groups may obtain information from the authentication server or may...
CentOS Update for krb5-devel CESA-2015:0794 centos6
Check the version of krb5-devel SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.882160";...
ColdFusion Server 2.0/3.x/4.x Administrator Login Password DoS Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/1314/info Due to a faulty mechanism in the password parsing implementation in authentication requests, it is possible to launch a denial of service attack against Allaire ColdFusion 4.5.1 or previous by inputting a string...
Design/Logic Flaw
The web management interface on the Cisco RV110W firewall with firmware 1.2.0.9 and earlier, RV215W router with firmware 1.1.0.5 and earlier, and CVR100W router with firmware 1.0.1.19 and earlier does not prevent replaying of modified authentication requests, which allows remote attackers to obta...