UBUNTU-CVE-2015-9543

An issue was discovered in OpenStack Nova before 18.2.4, 19.x before 19.1.0, and 20.x before 20.1.0. It can leak consoleauth tokens into log files. An attacker with read access to the service's logs may obtain tokens used for console access. All Nova setups using novncproxy are affected. This is...

Open Redirection

github.com/pusher/oauth2proxy is vulnerable to open redirection. Lack of validation in the redirecturl parameter allows an attacker to redirect a user to a malicious website and potentially steal the user's authentication tokens...

CVE-2020-5233

OAuth2 Proxy before 5.0 has an open redirect vulnerability. Authentication tokens could be silently harvested by an attacker. This has been patched in version 5.0...

CVE-2020-8092

A privilege escalation vulnerability in BDLDaemon as used in Bitdefender Antivirus for Mac allows a local attacker to obtain authentication tokens for requests submitted to the Bitdefender Cloud. This issue affects: Bitdefender Bitdefender Antivirus for Mac versions prior to 8.0.0...

CVE-2020-8092

A privilege escalation vulnerability in BDLDaemon as used in Bitdefender Antivirus for Mac allows a local attacker to obtain authentication tokens for requests submitted to the Bitdefender Cloud. This issue affects: Bitdefender Bitdefender Antivirus for Mac versions prior to 8.0.0...

CVE-2020-8092

CVE-2020-8092 affects Bitdefender Antivirus for Mac and its BDLDaemon. A privilege escalation allows a local attacker to obtain authentication tokens used for requests to the Bitdefender Cloud, impacting versions prior to 8.0.0. The root cause is a privilege/permission issue in BDLDaemon that ena...

Improper Session Management

nifi-web-api does not properly handle the authentication tokens. When using an authentication mechanism other than PKI, nifi-web-api does not invalidate the server-side authentication tokens when the user clicks log out. This results in the session being valid for another 12 hours despite logging...

Github-Dorks - Collection Of Github Dorks And Helper Tool To Automate The Process Of Checking Dorks

Github search is quite powerful and useful feature and can be used to search sensitive data on the repositories. Collection of github dorks that can reveal sensitive personal and/or organizational information such as private keys, credentials, authentication tokens, etc. This list is supposed to ...

TrickBot Targets Verizon, T-Mobile, Sprint Users to Siphon PINs

The TrickBot malware, known previously for targeting U.S. banks, is now setting a bullseye on users of U.S.-based mobile carriers, including Verizon Wireless, T-Mobile and Sprint, to launch SIM swapping attacks. Researchers with Dell’s Secureworks research team warned that they have observed the...

CVE-2019-8932

Redbrick Shift through 3.4.3 allows an attacker to extract authentication tokens of services such as Gmail, Outlook, etc. used in the application...

CVE-2019-8932

Redbrick Shift through 3.4.3 allows an attacker to extract authentication tokens of services such as Gmail, Outlook, etc. used in the application...

CVE-2019-12911

Redbrick Shift through 3.4.3 allows an attacker to extract authentication tokens of services such as Gmail, Outlook, etc. used in the application...

CVE-2019-12914

Redbrick Shift through 3.4.3 allows an attacker to extract authentication tokens of services such as Gmail, Outlook, etc. used in the application...

Authentication flaw

Redbrick Shift through 3.4.3 allows an attacker to extract authentication tokens of services such as Gmail, Outlook, etc. used in the application...

CVE-2019-8932

Redbrick Shift through 3.4.3 allows an attacker to extract authentication tokens of services such as Gmail, Outlook, etc. used in the application...

CVE-2019-12914

Redbrick Shift up to version 3.4.3 has an information-disclosure vulnerability that lets an attacker extract authentication tokens for services used by the application (e.g., Gmail, Outlook). The issue is described as arising from configuration-related errors during operation in Shift 3.4.3 and e...

CVE-2019-12914

Redbrick Shift through 3.4.3 allows an attacker to extract authentication tokens of services such as Gmail, Outlook, etc. used in the application...

CVE-2019-12911

Redbrick Shift through 3.4.3 allows an attacker to extract authentication tokens of services such as Gmail, Outlook, etc. used in the application...

CVE-2019-12911

The CVE-2019-12911 entry concerns Redbrick Shift (3.4.3 and prior). The vulnerability allows an attacker to extract authentication tokens from services (e.g., Gmail, Outlook) used by the application. The connected Red Hat, CNVD, and CVE records echo the same impact, indicating token exposure thro...

EA Games Patches Account-Hijacking Bug

Researchers chained together two vulnerabilities in the Electronic Arts EA gaming platform and developed a proof-of-concept attack that allowed for possible account takeovers. A successful attack could allow a malicious actor to gain access to a user’s account and steal credit card information or...