The vulnerability of the “Basic HTTP Authentication” method used by the CmtViewer application for controlling programmable panels arises from the lack of protection for the transmitted data. This allows a hacker to gain access to the system.

The vulnerability of the “Basic HTTP Authentication” method used by the CmtViewer application for controlling programmable panels is related to the lack of protection for the transmitted data. Exploiting this vulnerability could allow a remote attacker to gain access to the system...

Insecure Access Control

squid3 is insecure access control. The vulnerability exists because of decoding the string which allows an attacker to retrieve the decoded data via the display of usernames on error pages...

squid: Out of bounds read in Proxy-Authorization header causes DoS

An issue was discovered in Squid 2.x through 2.7.STABLE9, 3.x through 3.5.28, and 4.x through 4.7. When Squid is configured to use Basic Authentication, the Proxy-Authorization header is parsed via uudecode. uudecode determines how many bytes will be decoded by iterating over the input and checki...

CVE-2020-5922

In BIG-IP versions 15.0.0-15.1.0.4, 14.1.0-14.1.2.6, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.2, iControl REST does not implement Cross Site Request Forgery protections for users which make use of Basic Authentication in a web browser...

Cross site scripting

In BIG-IP versions 15.0.0-15.1.0.4, 14.1.0-14.1.2.6, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.2, iControl REST does not implement Cross Site Request Forgery protections for users which make use of Basic Authentication in a web browser...

CVE-2020-5922

In BIG-IP versions 15.0.0-15.1.0.4, 14.1.0-14.1.2.6, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.2, iControl REST does not implement Cross Site Request Forgery protections for users which make use of Basic Authentication in a web browser...

SUSE-SU-2020:14460-1 Security update for squid3

This update for squid3 fixes the following issues: - Fixed a Cache Poisoning and Request Smuggling attack CVE-2020-15049, bsc1173455 - Fixed incorrect buffer handling that can result in cache poisoning, remote execution, and denial of service attacks when processing ESI responses CVE-2019-12519,...

chromium-browser: Incorrect security UI in basic auth

Incorrect security UI in basic auth in Google Chrome on iOS prior to 84.0.4147.89 allowed a remote attacker to spoof the contents of the Omnibox URL bar via a crafted HTML page...

GHSA-W542-CPP9-R3G7 Field Test CSRF vulnerability

The Field Test dashboard is vulnerable to cross-site request forgery CSRF with non-session based authentication methods in versions v0.2.0 through v0.3.2. Impact The Field Test dashboard is vulnerable to CSRF with non-session based authentication methods, like basic authentication. Session-based...

DEBIAN-CVE-2020-6528

Incorrect security UI in basic auth in Google Chrome on iOS prior to 84.0.4147.89 allowed a remote attacker to spoof the contents of the Omnibox URL bar via a crafted HTML page...

CVE-2020-6528

Incorrect security UI in basic auth in Google Chrome on iOS prior to 84.0.4147.89 allowed a remote attacker to spoof the contents of the Omnibox URL bar via a crafted HTML page...

UBUNTU-CVE-2020-6528

Incorrect security UI in basic auth in Google Chrome on iOS prior to 84.0.4147.89 allowed a remote attacker to spoof the contents of the Omnibox URL bar via a crafted HTML page...

CVE-2020-6528

Incorrect security UI in basic auth in Google Chrome on iOS prior to 84.0.4147.89 allowed a remote attacker to spoof the contents of the Omnibox URL bar via a crafted HTML page...

Unspecified Vulnerability in Google Chrome Basic Auth

Chrome is a simple and efficiently designed web browsing tool developed by Google that is characterized by its simplicity and speed. A security vulnerability exists in Basic Auth in versions prior to Google Chrome 84.0.4147.89, which stems from an incorrect security user interface and can be...

CVE-2020-4071

In django-basic-auth-ip-whitelist before 0.3.4, a potential timing attack exists on websites where the basic authentication is used or configured, i.e. BASICAUTHLOGIN and BASICAUTHPASSWORD is set. Currently the string comparison between configured credentials and the ones provided by users is...

PYSEC-2020-37

In django-basic-auth-ip-whitelist before 0.3.4, a potential timing attack exists on websites where the basic authentication is used or configured, i.e. BASICAUTHLOGIN and BASICAUTHPASSWORD is set. Currently the string comparison between configured credentials and the ones provided by users is...

CVE-2020-4071 Timing attack on django-basic-auth-ip-whitelist

In django-basic-auth-ip-whitelist before 0.3.4, a potential timing attack exists on websites where the basic authentication is used or configured, i.e. BASICAUTHLOGIN and BASICAUTHPASSWORD is set. Currently the string comparison between configured credentials and the ones provided by users is...

Information Disclosure

djangobasicauthipwhitelist is vulnerable to information disclosure. The vulnerability exists through a timing attack through the applied string comparison function when basic authentication is used...

GHSA-M38J-PMG3-V5X5 Timing attack on django-basic-auth-ip-whitelist

Impact Potential timing attack exists on websites where the basic authentication is used or configured, i.e. BASICAUTHLOGIN and BASICAUTHPASSWORD is set. Currently the string comparison between configured credentials and the ones provided by users is performed through a character-by-character...

Timing attack on django-basic-auth-ip-whitelist

Impact Potential timing attack exists on websites where the basic authentication is used or configured, i.e. BASICAUTHLOGIN and BASICAUTHPASSWORD is set. Currently the string comparison between configured credentials and the ones provided by users is performed through a character-by-character...