CVE-2020-27178

CVE-2020-27178 affects Apereo CAS in multiple lines: 5.3.x before 5.3.16, 6.x before 6.1.7.2, 6.2.x before 6.2.4, and 6.3.x before 6.3.0-RC4. The root cause is mishandling of secret keys used for Google Authenticator-based multifactor authentication. This can lead to improper handling of MFA secr...

Bastillion - A Web-Based SSH Console That Centrally Manages Administrative Access To Systems

Bastillion is a web-based SSH console that centrally manages administrative access to systems. Web-based administration is combined with management and distribution of user's public SSH keys. Key management and administration is based on profiles assigned to defined users. Administrators can logi...

CVE-2020-8206

An improper authentication vulnerability exists in Pulse Connect Secure 9.1RB that allows an attacker with a users primary credentials to bypass the Google TOTP...

GHSA-V7M9-9497-P9GR Possible pod name collisions in jupyterhub-kubespawner

Impact What kind of vulnerability is it? Who is impacted? JupyterHub deployments using: - KubeSpawner = 0.11.1 e.g. zero-to-jupyterhub 0.9.0 and - enabled namedservers not default, and - an Authenticator that allows: - usernames with hyphens or other characters that require escape e.g. user-hyphe...

How Two-Factor Authentication Keeps Your Accounts Safe

Here are some of the best authenticator apps and options. It may take a moment to set up, but once you have 2FA enabled where it counts, you can rest easier...

Amazon Linux AMI : exim (ALAS-2020-1380)

The version of exim installed on the remote host is prior to 4.92-1.26. It is, therefore, affected by a vulnerability as referenced in the ALAS-2020-1380 advisory. Exim through 4.93 has an out-of-bounds read in the SPA authenticator that could result in SPA/NTLM authentication bypass in auths/spa...

Fedora 31 : exim (2020-93d7305d71)

This is an update fixing out-of-bounds read in the SPA authenticator. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing...

Exim buffer overflow vulnerability (CNVD-2020-34994)

Exim is an open source messaging agent MTA running on Unix systems that routes, forwards and delivers mail. A buffer overflow vulnerability exists in SPA authenticator in Exim 4.93 and earlier versions. An attacker could exploit this vulnerability to bypass authentication...

DEBIAN-CVE-2020-12783

Exim through 4.93 has an out-of-bounds read in the SPA authenticator that could result in SPA/NTLM authentication bypass in auths/spa.c and auths/auth-spa.c...

CVE-2020-12783

Exim through 4.93 has an out-of-bounds read in the SPA authenticator that could result in SPA/NTLM authentication bypass in auths/spa.c and auths/auth-spa.c...

CVE-2020-12783

Exim through 4.93 has an out-of-bounds read in the SPA authenticator that could result in SPA/NTLM authentication bypass in auths/spa.c and auths/auth-spa.c...

UBUNTU-CVE-2020-12783

Exim through 4.93 has an out-of-bounds read in the SPA authenticator that could result in SPA/NTLM authentication bypass in auths/spa.c and auths/auth-spa.c...

CVE-2020-12783

Exim through 4.93 has an out-of-bounds read in the SPA authenticator that could result in SPA/NTLM authentication bypass in auths/spa.c and auths/auth-spa.c...

Design/Logic Flaw

Exim through 4.93 has an out-of-bounds read in the SPA authenticator that could result in SPA/NTLM authentication bypass in auths/spa.c and auths/auth-spa.c...

CVE-2020-12783

Exim through 4.93 has an out-of-bounds read in the SPA authenticator that could result in SPA/NTLM authentication bypass in auths/spa.c and auths/auth-spa.c...

CVE-2020-12783

Exim through 4.93 has an out-of-bounds read in the SPA authenticator that could result in SPA/NTLM authentication bypass in auths/spa.c and auths/auth-spa.c...

CVE-2020-12783

CVE-2020-12783 affects Exim (up to version 4.93) via an out-of-bounds read in the SPA authenticator, potentially bypassing SPA/NTLM authentication in auths/spa.c and auths/auth-spa.c. Connected advisories confirm vendor-specific fixes: Debian DSA 4687-1 and DLA-2213-1 upgrade exim4; Fedora update...

CVE-2020-12783

Exim through 4.93 has an out-of-bounds read in the SPA authenticator that could result in SPA/NTLM authentication bypass in auths/spa.c and auths/auth-spa.c...

Quick wins—single sign-on (SSO) and Multi-Factor Authentication (MFA)

With Multi-Factor Authentication MFA and single sign-on SSO being a few of the most effective countermeasures against modern threats, organizations should consider a Cloud Identity as a Service IDaaS, and MFA solution, like Azure Active Directory AD. Here are seven benefits: 1. Azure AD is simple...

Changing the Monolith—Part 4: Quick tech wins for a cloud-first world

You may have heard that identity is the “new” perimeter. Indeed, with the proliferation of phishing attacks over the past few years, one of the best ways to secure data is to ensure that identity—the primary way we access data—can be trusted. How do we secure identity? Start by evaluating how use...