45 matches found
MUSASI version 3 performing authentication on client-side
Overview MUSASI provided by NEUMANN CO.LTD. is an e-learning system for driving schools. MUSASI version 3 performs authentication within the client-side code CWE-603, and the client in pre-authentication state retrieves the credential information from the server just when a user ID is input. This...
UBUNTU-CVE-2022-47630
Trusted Firmware-A through 2.8 has an out-of-bounds read in the X.509 parser for parsing boot certificates. This affects downstream use of getext and authnvctr. Attackers might be able to trigger dangerous read side effects or obtain sensitive information about microarchitectural state...
[SECURITY] [DSA 3170-1] linux security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3160-1 [email protected] http://www.debian.org/security/ Ben Hutchings February 23, 2015 http://www.debian.org/security/faq -...
Authentication flaw
The Identity Firewall IDFW functionality in Cisco Adaptive Security Appliance ASA Software allows remote attackers to trigger authentication-state modifications via a crafted NetBIOS logout probe response, aka Bug ID CSCuj45340...
CVE-2014-0653
The Cisco ASA Identity Firewall (IDFW) NetBIOS logout probe vulnerability (CVE-2014-0653) stems from insufficient validation of NetBIOS probe responses, allowing an unauthenticated remote attacker to modify a user’s authentication state. Cisco notes the issue in Cisco-SA-20140108-CVE-2014-0653 an...