360 matches found
Microsoft NTLM 安全漏洞
Microsoft NTLM is a Microsoft USA authentication protocol used on networks including systems running the Windows operating system as well as standalone systems. A security vulnerability exists in Microsoft NTLM. An attacker could exploit the vulnerability to perform spoofing attacks. The followin...
CVE-2024-45368
The H2-DM1E PLC's authentication protocol appears to utilize either a custom encoding scheme or a challenge-response protocol. However, there's an observed anomaly in the H2-DM1E PLC's protocol execution, namely its acceptance of multiple distinct packets as valid authentication responses. This...
DEBIAN-CVE-2025-21311
Windows NTLM V1 Elevation of Privilege Vulnerability...
PT-2025-1145
Name of the Vulnerable Software and Affected Versions Windows NTLM V1 affected versions not specified Description The issue is related to an elevation-of-privilege vulnerability in the implementation of the NTLMv1 protocol in Windows operating systems. This vulnerability is associated with...
GHSA-P7C9-8XX8-H74F Apache Kafka's SCRAM implementation Incorrectly Implements Authentication Algorithm
Incorrect Implementation of Authentication Algorithm in Apache Kafka's SCRAM implementation. Issue Summary: Apache Kafka's implementation of the Salted Challenge Response Authentication Mechanism SCRAM did not fully adhere to the requirements of RFC 5802 1. Specifically, as per RFC 5802, the serv...
Critical Windows Kerberos Flaw Exposes Millions of Servers to Attack
A critical vulnerability in the Windows Kerberos authentication protocol poses a significant risk to millions of servers. Microsoft…...
Microsoft NTLM 安全漏洞
Microsoft NTLM is a Microsoft USA authentication protocol used on networks including systems running the Windows operating system as well as standalone systems. A security vulnerability exists in Microsoft NTLM. An attacker could exploit the vulnerability to perform spoofing attacks. The followin...
CVE-2024-8452
Certain switch models from PLANET Technology only support obsolete algorithms for authentication protocol and encryption protocol in the SNMPv3 service, allowing attackers to obtain plaintext SNMPv3 credentials potentially...
CVE-2024-8452
CVE-2024-8452 affects PLANET Technology switch models where SNMPv3 authentication/encryption rely on obsolete algorithms, enabling potential exposure of plaintext SNMPv3 credentials. The vulnerability is rooted in the SNMPv3 service cryptographic choices and is described with a high impact to con...
The vulnerability of the SAE H2E authentication protocol implementation in the embedded operating system OpenWrt allows a hacker to downgrade the version of the authentication protocol used.
The vulnerability of the SAE H2E authentication protocol implementation in the embedded operating system OpenWrt is related to errors in processing input data. Exploiting this vulnerability can allow a malicious actor to downgrade the version of the authentication protocol used...
CVE-2024-45368
The H2-DM1E PLC's authentication protocol appears to utilize either a custom encoding scheme or a challenge-response protocol. However, there's an observed anomaly in the H2-DM1E PLC's protocol execution, namely its acceptance of multiple distinct packets as valid authentication responses. This...
CVE-2024-45368 AutomationDirect DirectLogic H2-DM1E Session Fixation
The H2-DM1E PLC's authentication protocol appears to utilize either a custom encoding scheme or a challenge-response protocol. However, there's an observed anomaly in the H2-DM1E PLC's protocol execution, namely its acceptance of multiple distinct packets as valid authentication responses. This...
CVE-2024-45368
CVE-2024-45368 affects AutomationDirect DirectLogic H2-DM1E PLC (versions 2.8.0 and earlier). The vulnerability stems from an authentication protocol that may accept multiple distinct packets as valid responses, enabling potential session hijacking or bypass. Reports cite session fixation and aut...
The vulnerability of the Windows operating system’s network authentication protocol, NT LAN Manager (NTLM), allows attackers to perform spoofing attacks.
The vulnerability of the Windows operating system’s Network Authentication Protocol, NT LAN Manager NTLM, is related to the lack of protection for service data. Exploiting this vulnerability can allow attackers to perform spoofing attacks...
PT-2024-4969 · Microsoft · Windows
Name of the Vulnerable Software and Affected Versions: Windows affected versions not specified Description: A spoofing vulnerability affects the system, potentially allowing attackers to perform spoofing attacks due to a lack of protection of service data within the Windows NTLM authentication...
strongSwan Security Vulnerabilities
strongSwan is an open source IPsec-based VPN solution for use on Linux platforms by Andreas Steffen, an individual developer in Switzerland. The solution includes authentication mechanisms such as X.509 public key certificates, secure storage of private keys, and smart cards. A security...
D-Link DIR-2150 安全漏洞
The D-Link DIR-2150 is a wireless router from China-based AUO D-Link. A security vulnerability exists in the D-Link DIR-2150, which originates from a HNAP authentication algorithm error realizing an authentication bypass vulnerability...
Microsoft Windows Kerberos Security Feature Bypass Vulnerability
Microsoft Windows Kerberos is a software for authentication in network clusters from Microsoft.Kerberos also serves as a network authentication protocol designed to provide authentication services to client/server applications through a key system. A security feature bypass vulnerability exists i...
ALPINE-CVE-2023-52160
The implementation of PEAP in wpasupplicant through 2.10 allows authentication bypass. For a successful attack, wpasupplicant must be configured to not verify the network's TLS certificate during Phase 1 authentication, and an eappeapdecrypt vulnerability can then be abused to skip Phase 2...
DEBIAN-CVE-2023-52161
The Access Point functionality in eapolauthkeyhandle in eapol.c in iNet wireless daemon IWD before 2.14 allows attackers to gain unauthorized access to a protected Wi-Fi network. An attacker can complete the EAPOL handshake by skipping Msg2/4 and instead sending Msg4/4 with an all-zero key...