Lucene search
K

360 matches found

CNNVD
CNNVD
added 2025/03/11 12:0 a.m.2 views

Microsoft NTLM 安全漏洞

Microsoft NTLM is a Microsoft USA authentication protocol used on networks including systems running the Windows operating system as well as standalone systems. A security vulnerability exists in Microsoft NTLM. An attacker could exploit the vulnerability to perform spoofing attacks. The followin...

6.5CVSS8.5AI score0.0119EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/02/05 3:31 a.m.4 views

CVE-2024-45368

The H2-DM1E PLC's authentication protocol appears to utilize either a custom encoding scheme or a challenge-response protocol. However, there's an observed anomaly in the H2-DM1E PLC's protocol execution, namely its acceptance of multiple distinct packets as valid authentication responses. This...

8.8CVSS7.2AI score0.00342EPSS
Exploits0References1
OSV
OSV
added 2025/01/14 6:15 p.m.1 views

DEBIAN-CVE-2025-21311

Windows NTLM V1 Elevation of Privilege Vulnerability...

9.8CVSS8.8AI score0.02348EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/01/14 12:0 a.m.4 views

PT-2025-1145

Name of the Vulnerable Software and Affected Versions Windows NTLM V1 affected versions not specified Description The issue is related to an elevation-of-privilege vulnerability in the implementation of the NTLMv1 protocol in Windows operating systems. This vulnerability is associated with...

10CVSS9.7AI score0.02348EPSS
Exploits0References21
OSV
OSV
added 2024/12/18 3:33 p.m.3 views

GHSA-P7C9-8XX8-H74F Apache Kafka's SCRAM implementation Incorrectly Implements Authentication Algorithm

Incorrect Implementation of Authentication Algorithm in Apache Kafka's SCRAM implementation. Issue Summary: Apache Kafka's implementation of the Salted Challenge Response Authentication Mechanism SCRAM did not fully adhere to the requirements of RFC 5802 1. Specifically, as per RFC 5802, the serv...

6.3CVSS6.6AI score0.0078EPSS
Exploits0References8
HackRead
HackRead
added 2024/11/19 1:19 p.m.5 views

Critical Windows Kerberos Flaw Exposes Millions of Servers to Attack

A critical vulnerability in the Windows Kerberos authentication protocol poses a significant risk to millions of servers. Microsoft…...

7.4AI score
Exploits0
CNNVD
CNNVD
added 2024/11/12 12:0 a.m.5 views

Microsoft NTLM 安全漏洞

Microsoft NTLM is a Microsoft USA authentication protocol used on networks including systems running the Windows operating system as well as standalone systems. A security vulnerability exists in Microsoft NTLM. An attacker could exploit the vulnerability to perform spoofing attacks. The followin...

6.5CVSS7.8AI score0.81817EPSS
Exploits0References2
NVD
NVD
added 2024/09/30 7:15 a.m.11 views

CVE-2024-8452

Certain switch models from PLANET Technology only support obsolete algorithms for authentication protocol and encryption protocol in the SNMPv3 service, allowing attackers to obtain plaintext SNMPv3 credentials potentially...

7.5CVSS0.00174EPSS
Exploits0References2
CVE
CVE
added 2024/09/30 7:7 a.m.48 views

CVE-2024-8452

CVE-2024-8452 affects PLANET Technology switch models where SNMPv3 authentication/encryption rely on obsolete algorithms, enabling potential exposure of plaintext SNMPv3 credentials. The vulnerability is rooted in the SNMPv3 service cryptographic choices and is described with a high impact to con...

7.5CVSS7.6AI score0.00174EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2024/09/25 12:0 a.m.6 views

The vulnerability of the SAE H2E authentication protocol implementation in the embedded operating system OpenWrt allows a hacker to downgrade the version of the authentication protocol used.

The vulnerability of the SAE H2E authentication protocol implementation in the embedded operating system OpenWrt is related to errors in processing input data. Exploiting this vulnerability can allow a malicious actor to downgrade the version of the authentication protocol used...

10CVSS5.5AI score
Exploits0References2Affected Software1
NVD
NVD
added 2024/09/13 5:15 p.m.10 views

CVE-2024-45368

The H2-DM1E PLC's authentication protocol appears to utilize either a custom encoding scheme or a challenge-response protocol. However, there's an observed anomaly in the H2-DM1E PLC's protocol execution, namely its acceptance of multiple distinct packets as valid authentication responses. This...

8.8CVSS0.00342EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/09/13 4:36 p.m.11 views

CVE-2024-45368 AutomationDirect DirectLogic H2-DM1E Session Fixation

The H2-DM1E PLC's authentication protocol appears to utilize either a custom encoding scheme or a challenge-response protocol. However, there's an observed anomaly in the H2-DM1E PLC's protocol execution, namely its acceptance of multiple distinct packets as valid authentication responses. This...

8.8CVSS7.2AI score0.00342EPSS
Exploits0References1
CVE
CVE
added 2024/09/13 4:36 p.m.45 views

CVE-2024-45368

CVE-2024-45368 affects AutomationDirect DirectLogic H2-DM1E PLC (versions 2.8.0 and earlier). The vulnerability stems from an authentication protocol that may accept multiple distinct packets as valid responses, enabling potential session hijacking or bypass. Reports cite session fixation and aut...

8.8CVSS8.9AI score0.00342EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2024/07/22 12:0 a.m.4 views

The vulnerability of the Windows operating system’s network authentication protocol, NT LAN Manager (NTLM), allows attackers to perform spoofing attacks.

The vulnerability of the Windows operating system’s Network Authentication Protocol, NT LAN Manager NTLM, is related to the lack of protection for service data. Exploiting this vulnerability can allow attackers to perform spoofing attacks...

7.1CVSS5.5AI score0.23988EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/07/09 12:0 a.m.4 views

PT-2024-4969 · Microsoft · Windows

Name of the Vulnerable Software and Affected Versions: Windows affected versions not specified Description: A spoofing vulnerability affects the system, potentially allowing attackers to perform spoofing attacks due to a lack of protection of service data within the Windows NTLM authentication...

7.1CVSS6AI score0.23988EPSS
Exploits0References11
CNNVD
CNNVD
added 2024/05/14 12:0 a.m.4 views

strongSwan Security Vulnerabilities

strongSwan is an open source IPsec-based VPN solution for use on Linux platforms by Andreas Steffen, an individual developer in Switzerland. The solution includes authentication mechanisms such as X.509 public key certificates, secure storage of private keys, and smart cards. A security...

7.7CVSS6.9AI score0.00464EPSS
Exploits0References6
CNNVD
CNNVD
added 2024/05/03 12:0 a.m.3 views

D-Link DIR-2150 安全漏洞

The D-Link DIR-2150 is a wireless router from China-based AUO D-Link. A security vulnerability exists in the D-Link DIR-2150, which originates from a HNAP authentication algorithm error realizing an authentication bypass vulnerability...

8.8CVSS9AI score0.01108EPSS
Exploits0References2
CNVD
CNVD
added 2024/03/14 12:0 a.m.8 views

Microsoft Windows Kerberos Security Feature Bypass Vulnerability

Microsoft Windows Kerberos is a software for authentication in network clusters from Microsoft.Kerberos also serves as a network authentication protocol designed to provide authentication services to client/server applications through a key system. A security feature bypass vulnerability exists i...

7.5CVSS6.8AI score0.01522EPSS
Exploits0References1
OSV
OSV
added 2024/02/22 5:15 p.m.5 views

ALPINE-CVE-2023-52160

The implementation of PEAP in wpasupplicant through 2.10 allows authentication bypass. For a successful attack, wpasupplicant must be configured to not verify the network's TLS certificate during Phase 1 authentication, and an eappeapdecrypt vulnerability can then be abused to skip Phase 2...

6.5CVSS7AI score0.01177EPSS
Exploits0References1
OSV
OSV
added 2024/02/22 5:15 p.m.2 views

DEBIAN-CVE-2023-52161

The Access Point functionality in eapolauthkeyhandle in eapol.c in iNet wireless daemon IWD before 2.14 allows attackers to gain unauthorized access to a protected Wi-Fi network. An attacker can complete the EAPOL handshake by skipping Msg2/4 and instead sending Msg4/4 with an all-zero key...

7.5CVSS7.6AI score0.01103EPSS
Exploits0References1
Rows per page
Query Builder