CVE-2022-39369

phpCAS is an authentication library that allows PHP applications to easily authenticate users via a Central Authentication Service CAS server. The phpCAS library uses HTTP headers to determine the service URL used to validate tickets. This allows an attacker to control the host header and use a...

freeradius: forgery attack

A vulnerability in the RADIUS Remote Authentication Dial-In User Service protocol allows attackers to forge authentication responses when the Message-Authenticator attribute is not enforced. This issue arises from a cryptographically insecure integrity check using MD5, enabling attackers to spoof...

PYSEC-2024-183

CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. Authentication method confusion allows logging in as the built-in root user from an external service. The built-in root user up until 6.24.1 is generated in a weak manner, cannot...

freeradius: forgery attack

A vulnerability in the RADIUS Remote Authentication Dial-In User Service protocol allows attackers to forge authentication responses when the Message-Authenticator attribute is not enforced. This issue arises from a cryptographically insecure integrity check using MD5, enabling attackers to spoof...

USN-6913-2: phpCAS vulnerability

USN-6913-1 fixed CVE-2022-39369 for Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. This update provides the corresponding fix for Ubuntu 16.04 LTS. Original advisory details: Filip Hejsek discovered that phpCAS was using HTTP headers to determine the service URL used to validate tickets. A remote attacke...

freeradius: forgery attack

A vulnerability in the RADIUS Remote Authentication Dial-In User Service protocol allows attackers to forge authentication responses when the Message-Authenticator attribute is not enforced. This issue arises from a cryptographically insecure integrity check using MD5, enabling attackers to spoof...

USN-6913-1: phpCAS vulnerability

Filip Hejsek discovered that phpCAS was using HTTP headers to determine the service URL used to validate tickets. A remote attacker could possibly use this issue to gain access to a victim's account on a vulnerable CASified service. This security update introduces an incompatible API change. Afte...

freeradius: forgery attack

A vulnerability in the RADIUS Remote Authentication Dial-In User Service protocol allows attackers to forge authentication responses when the Message-Authenticator attribute is not enforced. This issue arises from a cryptographically insecure integrity check using MD5, enabling attackers to spoof...

GHSA-C5MJ-39CF-3PP5 TYPO3 Security Misconfiguration for Backend User Accounts

When using the TYPO3 backend in order to create new backend user accounts, database records containing insecure or empty credentials might be persisted. When the type of user account is changed - which might be entity type or the admin flag for backend users - the backend form is reloaded in orde...

GHSA-RXC9-F2X6-QH4W TYPO3 Security Misconfiguration for Backend User Accounts

When using the TYPO3 backend in order to create new backend user accounts, database records containing insecure or empty credentials might be persisted. When the type of user account is changed - which might be entity type or the admin flag for backend users - the backend form is reloaded in orde...

PT-2024-40463 · Typo3 · Typo3

Name of the Vulnerable Software and Affected Versions: TYPO3 affected versions not specified Description: The issue arises when creating new backend user accounts in the TYPO3 backend, potentially leading to database records with insecure or empty credentials being persisted. This occurs when the...

(Pwn2Own) QNAP TS-464 Authentication Service Improper Certificate Validation Vulnerability

This vulnerability allows network-adjacent attackers to compromise the integrity of downloaded information on affected installations of QNAP TS-464 NAS devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the authentication functionality, which...

CVE-2024-33516

An unauthenticated Denial of Service DoS vulnerability exists in the Auth service accessed via the PAPI protocol provided by ArubaOS. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the controller...

UBUNTU-CVE-2023-38319

An issue was discovered in OpenNDS before 10.1.3. It fails to sanitize the FAS key entry in the configuration file, allowing attackers that have direct or indirect access to this file to execute arbitrary OS commands...

The vulnerability of the authentication library in applications that use the SAP Identity Services (IAS) cloud-security-client-go development, integration, and extension platform for applications in the SAP Business Technology Platform (BTP) environment arises from insecure management of privileges. This allows attackers to escalate their privileges.

The vulnerability of the authentication library in applications that use the SAP Identity Authentication Service IAS on the SAP Business Technology Platform BTP for application development, integration, and expansion involves insecure management of privileges. Exploiting this vulnerability could...

Citrix FAS - Failed to connect to Citrix Cloud

When using the Federated Authentication Service FAS administration console to connect a FAS server to Citrix Cloud, the following error message is shown. Error Message: "Failed to retrieve your customers, reload the page and if it still fails contact customer support."...

Apereo CAS Authorization Issues Vulnerability

Apereo CAS is a web-based enterprise multilingual single sign-on solution. A security vulnerability exists in Apereo CAS 7.0.0-RC7 and earlier versions, which originates in the jakarta.servlet.http.HttpServletRequest.getRemoteAddr method that allows bypassing multiple authentications...

Fortinet FortiGuest Log Information Disclosure Vulnerability

Fortinet FortiGuest is a network visitor management solution from Fortinet that helps organizations manage and control visitor access on their networks. A security vulnerability exists in Fortinet FortiGuest that stems from sensitive information being written to log files. This allows a local...

SUSE-SU-2023:3795-1 Security update for open-vm-tools

This update for open-vm-tools fixes the following issues: Update to 12.3.0 build 22234872 bsc1214850 - There are no new features in the open-vm-tools 12.3.0 release. This is primarily a maintenance release that addresses a few critical problems, including: - This release integrates CVE-2023-20900...

The vulnerability of the TACACS and RADIUS protocols implemented in Cisco NX-OS operating system routers MDS 9000, Nexus 1000, Nexus 1000V, Nexus 3000, Nexus 5500, Nexus 5600, Nexus 6000, Nexus 7000, Nexus 9000 allows a attacker to cause service interruptions.

The vulnerability of the TACACS and RADIUS protocols for operating systems of Cisco NX-OS routers such as MDS 9000, Nexus 1000, Nexus 1000V, Nexus 3000, Nexus 5500, Nexus 5600, Nexus 6000, Nexus 7000, and Nexus 9000 exists due to insufficient validation of input data. Exploiting this vulnerabilit...