1245 matches found
Mattermost Desktop App Authorization Issue Vulnerability
Mattermost Desktop App is a messaging desktop application from Mattermost USA. An authorization issue vulnerability exists in Mattermost Desktop App versions prior to 4.4.0, which stems from the program failing to properly handle the popup of the HTTP Basic Authentication box and can be exploited...
CVE-2020-14455
An issue was discovered in Mattermost Desktop App before 4.4.0. Prompting for HTTP Basic Authentication is mishandled, allowing phishing, aka MMSA-2020-0007...
CVE-2020-14455
An issue was discovered in Mattermost Desktop App before 4.4.0. Prompting for HTTP Basic Authentication is mishandled, allowing phishing, aka MMSA-2020-0007...
Authentication flaw
An issue was discovered in Mattermost Desktop App before 4.4.0. Prompting for HTTP Basic Authentication is mishandled, allowing phishing, aka MMSA-2020-0007...
CVE-2020-14455
Technical details beyond the provided description are not publicly available in the supplied documents. Monitor for updates.
CVE-2020-14455
An issue was discovered in Mattermost Desktop App before 4.4.0. Prompting for HTTP Basic Authentication is mishandled, allowing phishing, aka MMSA-2020-0007...
Veeam Backup for Microsoft 365 Modern App-Only Authentication Limitations
Information Veeam Backup for Microsoft 365 v8 and higher Due to Microsoft's deprecation of Basic Authentication, the only option available when adding a new Microsoft 365 organization to Veeam Backup for Microsoft 365 v8 is Modern App-Only Authentication. Veeam Backup for Microsoft 365 v7 and v7a...
CVE-2019-12529
An issue was discovered in Squid 2.x through 2.7.STABLE9, 3.x through 3.5.28, and 4.x through 4.7. When Squid is configured to use Basic Authentication, the Proxy-Authorization header is parsed via uudecode. uudecode determines how many bytes will be decoded by iterating over the input and checki...
CVE-2019-12527
A flaw was discovered in Squid versions 4.0.23 through 4.7. When checking Basic Authentication with HttpHeader::getAuth, Squid uses a global buffer to store the decoded data but does not check that the decoded length is not greater than the buffer. This flaw leads to a heap-based buffer overflow...
CVE-2019-16067
NETSAS Enigma NMS 65.0.0 and prior utilises basic authentication over HTTP for enforcing access control to the web application. The use of weak authentication transmitted over cleartext protocols can allow an attacker to steal username and password combinations by intercepting authentication...
CVE-2019-13394
The Voo branded NETGEAR CG3700b custom firmware V2.02.03 uses HTTP Basic Authentication over cleartext HTTP...
CVE-2019-13394
The Voo branded NETGEAR CG3700b custom firmware V2.02.03 uses HTTP Basic Authentication over cleartext HTTP...
CVE-2019-13393
The Voo branded NETGEAR CG3700b custom firmware V2.02.03 uses the same default 8 character passphrase for the administrative console and the WPA2 pre-shared key. Either an attack against HTTP Basic Authentication or an attack against WPA2 could be used to determine this passphrase...
Design/Logic Flaw
The Voo branded NETGEAR CG3700b custom firmware V2.02.03 uses the same default 8 character passphrase for the administrative console and the WPA2 pre-shared key. Either an attack against HTTP Basic Authentication or an attack against WPA2 could be used to determine this passphrase...
Authentication flaw
The Voo branded NETGEAR CG3700b custom firmware V2.02.03 uses HTTP Basic Authentication over cleartext HTTP...
CVE-2019-13393
Affected product: Voo-branded NETGEAR CG3700b with custom firmware V2.02.03. Issue: same default 8-character passphrase used for both the administrative console and the WPA2 pre-shared key. Root cause: credential reuse enables exposure of management/admin access and wireless PSK. Exploitation pat...
CVE-2019-13393
The Voo branded NETGEAR CG3700b custom firmware V2.02.03 uses the same default 8 character passphrase for the administrative console and the WPA2 pre-shared key. Either an attack against HTTP Basic Authentication or an attack against WPA2 could be used to determine this passphrase...
CVE-2019-13394
The CVE-2019-13394 entry affects the Voo-branded NETGEAR CG3700b custom firmware (V2.02.03). The vulnerability is that HTTP Basic Authentication is used over cleartext HTTP, causing credentials to be transmitted unencrypted. This exposes confidentiality (and potentially integrity) of credentials ...
CVE-2019-13394
The Voo branded NETGEAR CG3700b custom firmware V2.02.03 uses HTTP Basic Authentication over cleartext HTTP...
Evil SSDP - Spoof SSDP Replies And Create Fake UPnP Devices To Phish For Credentials And NetNTLM Challenge/Response
This tool responds to SSDP multicast discover requests, posing as a generic UPNP device. Your spoofed device will magically appear in Windows Explorer on machines in your local network. Users who are tempted to open the device are shown a configurable phishing page. This page can load a hidden...