Lucene search
K

534 matches found

OpenVAS
OpenVAS
added 2021/07/19 12:0 a.m.24 views

OpenSSL Multiple Vulnerabilities (20150108 - 2) - Windows

OpenSSL is prone to multiple vulnerabilities. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

5CVSS6AI score0.59319EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2021/07/19 12:0 a.m.28 views

OpenSSL Multiple Vulnerabilities (20150108 - 2) - Linux

OpenSSL is prone to multiple vulnerabilities. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

5CVSS6AI score0.59319EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2021/05/27 6:43 p.m.272 views

Authentication Bypass in hydra

Impact When using client authentication method "privatekeyjwt" 1, OpenId specification says the following about assertion jti: A unique identifier for the token, which can be used to prevent reuse of the token. These tokens MUST only be used once, unless conditions for reuse were negotiated betwe...

5.8CVSS5.8AI score0.01028EPSS
Exploits0References6Affected Software1
Veracode
Veracode
added 2021/05/25 5:21 a.m.19 views

Insecure Session Management

github.com/ory/fosite uses insecure session management. The vulnerability exists as it fails to validate the uniqueness of this jti value in privatekeyjwt client authentication method, allowing an attacker to send the same token request twice with the same jti assertion to get two access tokens...

8.1CVSS4.1AI score0.00867EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2021/05/24 4:57 p.m.17 views

GHSA-V3Q9-2P3M-7G43 Token reuse in Ory fosite

Impact When using client authentication method "privatekeyjwt" 1https://openid.net/specs/openid-connect-core-10.htmlClientAuthentication, OpenId specification says the following about assertion jti: A unique identifier for the token, which can be used to prevent reuse of the token. These tokens...

8.1CVSS8.1AI score0.00867EPSS
Exploits1References7
Github Security Blog
Github Security Blog
added 2021/05/24 4:57 p.m.158 views

Token reuse in Ory fosite

Impact When using client authentication method "privatekeyjwt" 1https://openid.net/specs/openid-connect-core-10.htmlClientAuthentication, OpenId specification says the following about assertion jti: A unique identifier for the token, which can be used to prevent reuse of the token. These tokens...

8.1CVSS7.9AI score0.00867EPSS
Exploits1References7Affected Software1
CNNVD
CNNVD
added 2020/12/22 12:0 a.m.11 views

ABB Symphony Plus Operations Access Control Error Vulnerability

ABB Symphony Plus Operations is a management device from ABB Switzerland for improving operational efficiency in industrial environments. The appliance provides an easy-to-use human-machine interface that seamlessly integrates all plant equipment and subsystems using industry-standard protocols a...

9.8CVSS7.3AI score0.01411EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2020/11/20 12:0 a.m.13 views

GaussDB Kernel: Setting the Timeout Period of Client Authentication

authenticationtimeout specifies the maximum time for client authentication. The default value is 1 min. This parameter prevents faulty clients from occupying the connection channel for a long time. Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a reference...

7.3AI score
Exploits0
CNNVD
CNNVD
added 2020/11/17 12:0 a.m.6 views

Red Hat Ceph Security Vulnerability

Red Hat Ceph is a Linux petabyte-level distributed file system from Red Hat. The main goal of the system is to be designed as a distributed file system without a single point of failure based on POSIX Portable Operating System Interface, enabling fault-tolerant and seamless replication of data. A...

8.8CVSS7.1AI score0.01022EPSS
Exploits0References19
OpenVAS
OpenVAS
added 2020/11/11 12:0 a.m.8 views

openGauss: Setting the Timeout Period of Client Authentication

authenticationtimeout specifies the maximum time for client authentication. The default value is 1 min. This parameter prevents faulty clients from occupying the connection channel for a long time. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenc...

7.3AI score
Exploits0References1
OSV
OSV
added 2020/10/29 4:15 p.m.3 views

CVE-2020-5936

On BIG-IP LTM 15.1.0-15.1.0.5, 14.1.0-14.1.2.7, 13.1.0-13.1.3.4, and 12.1.0-12.1.5.1, the Traffic Management Microkernel TMM process may consume excessive resources when processing SSL traffic and client authentication are enabled on the client SSL profile...

7.5CVSS7.1AI score0.0109EPSS
Exploits0References1
Cvelist
Cvelist
added 2020/10/29 3:21 p.m.23 views

CVE-2020-5936

On BIG-IP LTM 15.1.0-15.1.0.5, 14.1.0-14.1.2.7, 13.1.0-13.1.3.4, and 12.1.0-12.1.5.1, the Traffic Management Microkernel TMM process may consume excessive resources when processing SSL traffic and client authentication are enabled on the client SSL profile...

7.7AI score0.0109EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2020/10/29 12:0 a.m.47 views

F5 Networks BIG-IP : BIG-IP Client SSL Security Advisory (K44020030)

The Traffic Management Microkernel TMM process may consume excessive resources when processing SSL traffic and client authentication are enabled on the client SSL profile. Impact TMM memory may eventually become exhausted and may result in the system producing a core file. The BIG-IP system may...

7.5CVSS7.3AI score0.0109EPSS
Exploits0References2
OSV
OSV
added 2020/09/24 5:15 p.m.19 views

CVE-2020-15222

In ORY Fosite the security first OAuth2 & OpenID Connect framework for Go before version 0.31.0, when using "privatekeyjwt" authentication the uniqueness of the jti value is not checked. When using client authentication method "privatekeyjwt", OpenId specification says the following about asserti...

8.1CVSS6.9AI score
Exploits0References3
Microsoft Secure
Microsoft Secure
added 2020/08/20 5:0 p.m.35 views

Taking Transport Layer Security (TLS) to the next level with TLS 1.3

Transport Layer Security TLS 1.3 is now enabled by default on Windows 10 Insider Preview builds, starting with Build 20170, the first step in a broader rollout to Windows 10 systems. TLS 1.3 is the latest version of the internet’s most deployed security protocol, which encrypts data to provide a...

1AI score
Exploits0
CNVD
CNVD
added 2020/06/16 12:0 a.m.8 views

Caddy Authorization Issues Vulnerability

Caddy is an open source , cross-platform HTTP/Web server . A security vulnerability exists in Caddy versions prior to 0.10.13 that stems from the program not properly handling TLS client authentication. An attacker can exploit the vulnerability to bypass authentication...

9.8CVSS6.6AI score0.02723EPSS
Exploits0References1
OSV
OSV
added 2020/06/15 5:15 p.m.16 views

CVE-2018-21246

Caddy before 0.10.13 mishandles TLS client authentication, as demonstrated by an authentication bypass caused by the lack of the StrictHostMatching mode...

9.8CVSS7.1AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2020/06/15 12:0 a.m.5 views

PT-2020-8890 · Caddy · Caddy

Name of the Vulnerable Software and Affected Versions: Caddy versions prior to 0.10.13 Description: The issue is related to the mishandling of TLS client authentication. This is caused by the lack of the StrictHostMatching mode, allowing an attacker to bypass TLS client authentication. An attacke...

9.8CVSS9.4AI score0.02723EPSS
Exploits0References13
Veracode
Veracode
added 2020/04/07 8:14 a.m.16 views

Replay Attack

github.com/ory/hydra is vulnerable to replay attack. During the client authentication using the method privatekeyjwt, Hydra does not check the uniqueness of jti token a unique identifier for the token to prevent the reuse of the token more than one time unless there are conditions for reuse betwe...

5.8CVSS3AI score0.01028EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2020/04/06 5:15 p.m.14 views

CVE-2020-5300

In Hydra an OAuth2 Server and OpenID Certified™ OpenID Connect Provider written in Go, before version 1.4.0+oryOS.17, when using client authentication method 'privatekeyjwt' 1, OpenId specification says the following about assertion jti: "A unique identifier for the token, which can be used to...

5.3CVSS6.9AI score
Exploits0References3
Rows per page
Query Builder