FreeBSD : salt -- Insecure configuration of PAM external authentication service (6d25c306-f3bb-11e5-92ce-002590263bf5)

SaltStack reports : This issue affects all Salt versions prior to 2015.8.8/2015.5.10 when PAM external authentication is enabled. This issue involves passing an alternative PAM authentication service with a command that is sent to LocalClient, enabling the attacker to bypass the configured...

VMware ESX / ESXi Authentication Service and Third-Party Libraries Multiple Vulnerabilities (VMSA-2013-0001) (remote check)

The remote VMware ESX / ESXi host is missing a security-related patch. It is, therefore, affected by multiple vulnerabilities, including remote code execution vulnerabilities, in several components and third-party libraries : - Authentication Service - bind - libxml2 - libxslt C Tenable Network...

The Kerberos Protocol vulnerability: cause a system completely controlled-vulnerability warning-the black bar safety net

Recently, a security expert in the Windows of the Kerberos authentication system found a“very destructive”vulnerability. Last year had exposed the system in a similar vulnerability, the attacker controls the entire network, including the installation of the program, and delete data. The Kerberos...

The vulnerability of the Apache ActiveMQ software platform, which allows a perpetrator to bypass the authentication process

The vulnerability of the LDAPLoginModule and the Java Authentication and Authorization Service components of the Apache ActiveMQ software platform is related to deficiencies in the authentication process. Exploiting this vulnerability allows a malicious actor to bypass the authentication process ...

Jasig / Apereo Central Authentication Service (CAS) Detection (HTTP)

HTTP based detection of the Apereo formerly Jasig Central Authentication Service CAS. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

UBUNTU-CVE-2015-6524

The LDAPLoginModule implementation in the Java Authentication and Authorization Service JAAS in Apache ActiveMQ 5.x before 5.10.1 allows wildcard operators in usernames, which allows remote attackers to obtain credentials via a brute force attack. NOTE: this identifier was SPLIT from CVE-2014-361...

CVE-2015-1169

Apereo Central Authentication Service CAS Server before 3.5.3 allows remote attackers to conduct LDAP injection attacks via a crafted username, as demonstrated by using a wildcard and a valid password to bypass LDAP authentication...

CVE-2015-1169

Apereo Central Authentication Service CAS Server before 3.5.3 allows remote attackers to conduct LDAP injection attacks via a crafted username, as demonstrated by using a wildcard and a valid password to bypass LDAP authentication...

AIX NAS Advisory : nas_advisory2.asc

The version of the Network Authentication Service NAS installed on the remote AIX host is affected by a vulnerability related to Kerberos 5 which allows authenticated users to retrieve current keys, which can be used to forge tickets. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text ...

SafeNet SAS OWA Agent Detection (HTTP)

HTTP based detection of the SafeNet Authentication Service SAS Outlook Web Access OWA Agent formerly CRYPTOCard. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

SafeNet SAS OWA Agent < 1.03.30109 Directory Traversal Vulnerability - Active Check

SafeNet Authentication Service SAS Outlook Web Access OWA Agent formerly CRYPTOCard is prone to a directory traversal vulnerability. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

Directory traversal

Directory traversal vulnerability in SafeNet Authentication Service SAS Outlook Web Access Agent formerly CRYPTOCard before 1.03.30109 allows remote attackers to read arbitrary files via a .. dot dot in the GetFile parameter to owa/owa...

CVE-2014-5359

Directory traversal vulnerability in SafeNet Authentication Service SAS Outlook Web Access Agent formerly CRYPTOCard before 1.03.30109 allows remote attackers to read arbitrary files via a .. dot dot in the GetFile parameter to owa/owa...

CVE-2014-5359

SafeNet SAS OWA Agent (formerly CRYPTOCard) is affected by CVE-2014-5359. The vulnerability is a directory traversal in the GetFile parameter to owa/owa, allowing remote attackers to read arbitrary files. Affected product: SafeNet Authentication Service Outlook Web Access (OWA) Agent; vulnerable ...

Debian Security Advisory DSA 3017-1 (php-cas - security update)

Marvin S. Addison discovered that Jasig phpCAS, a PHP library for the CAS authentication protocol, did not encode tickets before adding them to an URL, creating a possibility for cross site scripting. OpenVAS Vulnerability Test $Id: deb3017.nasl 6692 2017-07-12 09:57:43Z teissa $ Auto-generated...

OpenJDK: insecure subject principals set handling (JAAS, 8024306)

Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect integrity via vectors related to JAAS. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that the...

Microsoft Internet Authentication Service MS-CHAP Security Bypass (MS09-071) - Ver2 (CVE-2009-3677)

An elevation of privilege vulnerability has been reported in the Internet Authentication Service. Internet Authentication Service IAS is the Microsoft implementation of a Remote Authentication Dial-in User Service RADIUS server and proxy. As a RADIUS server, IAS performs centralized connection...

Configuring Veeam Backup Cloud Edition with HP Cloud

Challenge Specifying a container in HP Cloud account settings results in the following error: Incorrect HTTP method used in the request 26301 Fault Name: IncorrectHTTPMethod Error Type: MethodValidationFailure Description: Incorrect HTTP method used in the request Service: publiccsservices...

VMSA-2013-0001 VMware vSphere security updates for the authentication service and third party libraries

The remote ESXi is missing one or more security related Updates from VMSA-2013-0001. Summary VMware vSphere security updates for for the authentication service and third party libraries Relevant releases vCenter Server 4.1 without Update 3a vSphere Client 4.1 without Update 3a ESXi 4.1 without...

VMSA-2013-0001:VMware vSphere security updates for the authentication service and third party libraries

VMSA-2013-0001.5 VMware vSphere security updates for the authentication service and third party libraries VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2013-0001.5 VMware Security Advisory Synopsis: VMware vSphere security updates for the authentication service and third par...