818 matches found
krb5 security update
1.18.2-30.0.1 - Fixed race condition in krb5setpassword Orabug: 33609767 1.18.2-30 - libkrad: implement support for Message-Authenticator CVE-2024-3596 Resolves: RHEL-50253 - Remove RSA protocol for PKINIT Resolves: RHEL-17616...
freeradius: forgery attack
A vulnerability in the RADIUS Remote Authentication Dial-In User Service protocol allows attackers to forge authentication responses when the Message-Authenticator attribute is not enforced. This issue arises from a cryptographically insecure integrity check using MD5, enabling attackers to spoof...
freeradius: forgery attack
A vulnerability in the RADIUS Remote Authentication Dial-In User Service protocol allows attackers to forge authentication responses when the Message-Authenticator attribute is not enforced. This issue arises from a cryptographically insecure integrity check using MD5, enabling attackers to spoof...
freeradius: forgery attack
A vulnerability in the RADIUS Remote Authentication Dial-In User Service protocol allows attackers to forge authentication responses when the Message-Authenticator attribute is not enforced. This issue arises from a cryptographically insecure integrity check using MD5, enabling attackers to spoof...
freeradius: forgery attack
A vulnerability in the RADIUS Remote Authentication Dial-In User Service protocol allows attackers to forge authentication responses when the Message-Authenticator attribute is not enforced. This issue arises from a cryptographically insecure integrity check using MD5, enabling attackers to spoof...
freeradius: forgery attack
A vulnerability in the RADIUS Remote Authentication Dial-In User Service protocol allows attackers to forge authentication responses when the Message-Authenticator attribute is not enforced. This issue arises from a cryptographically insecure integrity check using MD5, enabling attackers to spoof...
freeradius: forgery attack
A vulnerability in the RADIUS Remote Authentication Dial-In User Service protocol allows attackers to forge authentication responses when the Message-Authenticator attribute is not enforced. This issue arises from a cryptographically insecure integrity check using MD5, enabling attackers to spoof...
PT-2025-18318 · Xwiki · Xwiki
Name of the Vulnerable Software and Affected Versions: XWiki versions 15.3-rc-1 through 15.10.14 XWiki versions 16.0.0-rc-1 through 16.4.6 XWiki versions 16.5.0-rc-1 through 16.10.0-rc-1 Description: The issue allows a user with access to pages in the XWiki space to access the...
CVE-2024-4739
The lack of access restriction to a resource from unauthorized users makes MXsecurity software versions v1.1.0 and prior vulnerable. By acquiring a valid authenticator, an attacker can pose as an authorized user and successfully access the resource...
CVE-2024-4739
The lack of access restriction to a resource from unauthorized users makes MXsecurity software versions v1.1.0 and prior vulnerable. By acquiring a valid authenticator, an attacker can pose as an authorized user and successfully access the resource...
CVE-2024-4739
The issue pertains to MOXA MXsecurity, affecting versions v1.1.0 and prior. Root cause: lack of access restriction to resources, enabling an attacker who has a valid authenticator to impersonate an authorized user and access the resource. Impact: confidentiality could be exposed (as per CVE metri...
CVE-2024-4739 MXsecurity License Generation Function Disclosure
The lack of access restriction to a resource from unauthorized users makes MXsecurity software versions v1.1.0 and prior vulnerable. By acquiring a valid authenticator, an attacker can pose as an authorized user and successfully access the resource...
MOXA MXsecurity 安全漏洞
MOXA MXsecurity is a management platform from China-based MOXA. It provides centralized visibility and security management to easily monitor and identify network threats and prevent security misconfigurations to create a robust threat defense. A security vulnerability exists in MOXA MXsecurity...
USN-7055-1 freeradius vulnerability
Goldberg, Miro Haller, Nadia Heninger, Mike Milano, Dan Shumow, Marc Stevens, and Adam Suhl discovered that FreeRADIUS incorrectly authenticated certain responses. An attacker able to intercept communications between a RADIUS client and server could possibly use this issue to forge responses,...
CVE-2024-45394
Authenticator is a browser extension that generates two-step verification codes. In versions 7.0.0 and below, encryption keys for user data were stored encrypted at-rest using only AES-256 and the EVPBytesToKey KDF. Therefore, attackers with a copy of a user's data are able to brute-force the...
CVE-2024-45394 Secret encryption vulnerable to brute-force attacks
Authenticator is a browser extension that generates two-step verification codes. In versions 7.0.0 and below, encryption keys for user data were stored encrypted at-rest using only AES-256 and the EVPBytesToKey KDF. Therefore, attackers with a copy of a user's data are able to brute-force the...
CVE-2024-45394
The CVE-2024-45394 entry concerns the Authenticator browser extension. In versions 7.0.0 and earlier, user data encryption keys were stored at-rest with AES-256 using EVP_BytesToKey as the KDF, enabling brute-force attacks if an attacker obtains a copy of the user data. Versions 8.0.0 and above a...
CVE-2024-45394 Secret encryption vulnerable to brute-force attacks
Authenticator is a browser extension that generates two-step verification codes. In versions 7.0.0 and below, encryption keys for user data were stored encrypted at-rest using only AES-256 and the EVPBytesToKey KDF. Therefore, attackers with a copy of a user's data are able to brute-force the...
PT-2024-31598 · Unknown · Authenticator
Name of the Vulnerable Software and Affected Versions: Authenticator versions prior to 8.0.0 Description: The Authenticator browser extension generates two-step verification codes. In versions prior to 8.0.0, encryption keys for user data were stored encrypted at-rest using only AES-256 and the E...
Authenticator 加密问题漏洞
Authenticator is an open source authenticator from Authenticator Extension. An encryption issue vulnerability exists in Authenticator version 7.0.0 and prior versions, which stems from the fact that user data encryption keys are stored using only AES-256 and EVPBytesToKey KDF, which could lead to...