811 matches found
[SECURITY] [DSA 1065-1] New hostapd packages fix denial of service
-------------------------------------------------------------------------- Debian Security Advisory DSA 1065-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff May 19th, 2006 http://www.debian.org/security/faq -...
DSA-1065-1 hostapd - missing input sanitising
Bulletin has no description...
OpenBSD wuth RADIUS authorization module unauthorized access
Response authenticator is not checked, it allows to spoof response from RADIUS server...
Enhance Seraph SSO support to create users automatically
Users of SSO systems generally also have some sort of external user management. As a simple first step, JIRA's SSO authenticator could create an OSUser account in JIRA if the SSO authentication succeeds...
Re: More problems with RADIUS (protocol and implementations)
I note that the original message didn't cite my short message to Bugtraq about security issues with RADIUS: http://cert.uni-stuttgart.de/archive/bugtraq/2000/12/msg00332.html Some points in that message were also covered by Joshua, he added a number of good points, and missed a few others...
More problems with RADIUS (protocol and implementations)
Hello bugtraq, There are more problems in RADIUS protocol and some of implementations: 1. There is no way RADIUS server can validate Access-Request packet really originated by NAS RADIUS client before and even after, if packet has no User-Password attribute decoding all attributes. It opens a...
Secure Computing e.iD Authenticator for Palm 2.0 - PIN Brute Force
source: https://www.securityfocus.com/bid/2105/info Summary: An attacker that obtains access to the "sceiddb.pdb" file, part of Secure Computing's e.iD Authenticator for Palm, can determine the user's PIN. Problem Description: Secure Computing's SafeWord is a system of authentication services tha...
Secure Computing e.iD Authenticator for Palm 2.0 - PIN Brute Force
Secure Computing e.iD Authenticator for Palm 2.0 - PIN Brute Force source: https://www.securityfocus.com/bid/2105/info Summary: An attacker that obtains access to the "sceiddb.pdb" file, part of Secure Computing's e.iD Authenticator for Palm, can determine the user's PIN. Problem Description:...
National Science Foundation Squid Web Proxy 1.01.12.1 - Authentication Failure
National Science Foundation Squid Web Proxy 1.01.12.1 - Authentication Failure source: https://www.securityfocus.com/bid/741/info There is a vulnerability present in certain versions of the Squid Web Proxy Cache developed by the National Science Foundation. This problem is only in effect when use...
National Science Foundation Squid Web Proxy 1.0/1.1/2.1 - Authentication Failure
source: https://www.securityfocus.com/bid/741/info There is a vulnerability present in certain versions of the Squid Web Proxy Cache developed by the National Science Foundation. This problem is only in effect when users of the cache are using an external authenticator. The following is quoted fr...
CVE-2026-45063: Identity Spoofing via Unanchored DN Regex in X509Authenticator
More info at https://symfony.com/cve-2026-45063...