Plaintext Password Storage

Synapse is vulnerable to Plaintext Password Storage. The vulnerability is due to the brief storage of updated credentials in the server database, which could result in passwords being inadvertently captured in database backups for a longer duration then anticipated...

DEBIAN-CVE-2023-41335

Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. When users update their passwords, the new credentials may be briefly held in the server database. While this doesn't grant the server any added capabilities—it already learns the users' passwords as...

PYSEC-2023-185

Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. When users update their passwords, the new credentials may be briefly held in the server database. While this doesn't grant the server any added capabilities—it already learns the users' passwords as...

UBUNTU-CVE-2023-41335

Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. When users update their passwords, the new credentials may be briefly held in the server database. While this doesn't grant the server any added capabilities—it already learns the users' passwords as...

PYSEC-2023-185

Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. When users update their passwords, the new credentials may be briefly held in the server database. While this doesn't grant the server any added capabilities—it already learns the users' passwords as...

matrix-synapse vulnerable to temporary storage of plaintext passwords during password changes

Impact When users update their passwords, the new credentials may be briefly held in the server database. While this doesn't grant the server any added capabilities—it already learns the users' passwords as part of the authentication process—it does disrupt the expectation that passwords won't be...

PT-2023-27911 · Synapse +2 · Synapse +2

Name of the Vulnerable Software and Affected Versions: Synapse versions prior to 1.93.0 Description: The issue concerns the temporary storage of user passwords in the server database when users update their credentials. Although this does not grant the server any additional capabilities, it...

Moderate: Red Hat Security Advisory: OpenShift API for Data Protection (OADP) 1.1.6 security and bug fix update

OpenShift API for Data Protection OADP 1.1.6 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...

CVE-2023-43478

fakeupload.cgi on the Telstra Smart Modem Gen 2 Arcadyan LH1000, firmware versions 0.18.15r, allows unauthenticated attackers to upload firmware images and configuration backups, which could allow them to alter the firmware or the configuration on the device, ultimately leading to code execution ...

#StopRansomware: Snatch Ransomware

Actions to take today to mitigate malicious cyber activity: 1. Secure and closely monitor Remote Desktop Protocol RDP. 2. Maintain offline backups of data. 3. Enable and enforce phishing-resistant multifactor authentication MFA...

mariadb: compress_write() fails to release mutex on failure

In MariaDB before 10.9.2, compresswrite in extra/mariabackup/dscompress.cc does not release datamutex upon a stream write failure, which allows local users to trigger a deadlock...

PT-2023-7763 · Nagios · Nagios Xi

Name of the Vulnerable Software and Affected Versions: Nagios XI affected versions not specified Description: The issue is related to the Scheduled Backups function in Nagios XI, which is associated with synchronization errors when using a shared resource during port scanning. Exploitation of thi...

Exchange Backups failing with "Failed to access mailbox" starting September 13th, 2023

This issue is related to EX675238 listed in the Microsoft Health Dashboard, which caused some M365 environments to have issues with RESTAPI calls used to access the mailboxes externally...

The main causes of ransomware reinfection

A few months ago, we wrote about a ransomware reinfection incident. Ransomware reinfection arguably could be even worse than being a first time victim. Unfortunately it happens more often than you may think. Research shows that in 2022, more than a third 38% of surveyed organizations fell victim ...

CVE-2023-4587

An IDOR vulnerability has been found in ZKTeco ZEM800 product affecting version 6.60. This vulnerability allows a local attacker to obtain registered user backup files or device configuration files over a local network or through a VPN server...

ZKTeco ZEM800 Security Vulnerability

The ZKTeco ZEM800 is a biometric device from ZKTeco that is primarily used for access control and time and attendance management systems. A security vulnerability exists in the ZKTeco ZEM800 version 6.60, which originated from a vulnerability that allows local attackers to obtain enrolled user...

VulnCheck KEV: CVE-2019-6693

Fortinet FortiOS contains a use of hard-coded credentials vulnerability that could allow an attacker to cipher sensitive data in FortiOS configuration backup file via knowledge of the hard-coded key...

CVE-2023-22957

An issue was discovered in libacdes3.so on AudioCodes VoIP desk phones through 3.4.4.1000. Due to the use of hard-coded cryptographic key, an attacker with access to backup or configuration files is able to decrypt encrypted values and retrieve sensitive information, e.g., the device root passwor...

Important: Red Hat Security Advisory: OpenShift API for Data Protection (OADP) 1.0.11 security and bug fix update

OpenShift API for Data Protection OADP 1.0.11 is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...

Vulnerability fixed in Veritas NetBackup Snapshot Manager

Veritas has fixed a vulnerability in NetBackup Snapshot Manager. Due to a flaw in the way client certificates are processed, it is possible for a malicious party to access backups and restores for which the malicious party is not authorized. This allows the malicious party to gain access to...