534 matches found
CVE-2007-5810
Hitachi Web Server 01-00 through 03-00-01, as used by certain Cosminexus products, does not properly validate SSL client certificates, which might allow remote attackers to spoof authentication via a client certificate with a forged signature...
Design/Logic Flaw
The dynamic DNS update mechanism in the DNS Server service on Microsoft Windows does not properly authenticate clients in certain deployments or configurations, which allows remote attackers to change DNS records for a web proxy server and conduct man-in-the-middle MITM attacks on web traffic,...
StoneGate Client Authentication Detection
A StoneGate firewall login is displayed. SPDX-FileCopyrightText: 2005 it.sec/Holger Heimann Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Apache Httpd < 2.0.53 : mod_disk_cache stores sensitive headers
The experimental moddiskcache module stored client authentication credentials for cached objects such as proxy authentication credentials and Basic Authentication passwords on disk...
StoneGate Firewall Client Authentication Detection
A StoneGate firewall client login is detected. This service should not be available from the internet or a non-administrative internal network. %NASLMINLEVEL 70300 This script was written by Holger Heimann See the Nessus Scripts License for details Changes by Tenable: - Revised plugin title,...
CVE-2001-1105
RSA BSAFE SSL-J 3.0, 3.0.1 and 3.1, as used in Cisco iCND 2.0, caches session IDs from failed login attempts, which could allow remote attackers to bypass SSL client authentication and gain access to sensitive data by logging in after an initial failure...
CVE-2001-1105
The CVE-2001-1105 entry affects RSA BSAFE SSL-J 3.0, 3.0.1 and 3.1 as used in Cisco iCND 2.0. The vulnerability is that the product caches session IDs from failed login attempts, which could allow remote attackers to bypass SSL client authentication and access sensitive data after an initial fail...
Cisco Security Advisory: Vulnerable SSL implementation in iCDN
-----BEGIN PGP SIGNED MESSAGE----- Cisco Security Advisory: Vulnerable SSL implementation in iCDN Revision 1.0 For public release 2001 September 12 08:00 GMT -0800 Summary A security vulnerability has been discovered in version 3.x of the RSA BSAFE SSL-J Software Developer Kit made by RSA Securit...
CVE-2001-1105
RSA BSAFE SSL-J 3.0, 3.0.1 and 3.1, as used in Cisco iCND 2.0, caches session IDs from failed login attempts, which could allow remote attackers to bypass SSL client authentication and gain access to sensitive data by logging in after an initial failure...
Check Point FireWall-1 Telnet Client Authentication Detection
The Check Point FireWall-1 Client Authentication server is used to authenticate a user via telnet. Once authenticated, the user can get more privileges on the network ie, get access to hosts that were previously blocked by the firewall. C Tenable Network Security, Inc. include"compat.inc";...
Check Point FireWall-1 HTTP Client Authentication Detection
The Check Point FireWall-1 Client Authentication web server is used to authenticate a user via HTTP. Once authenticated, the user can get more privileges on the network ie: get access to hosts which were previously blocked by the firewall. C Tenable Network Security, Inc. include"compat.inc";...
CVE-2000-1032
The client authentication interface for Check Point Firewall-1 4.0 and earlier generates different error messages for invalid usernames versus invalid passwords, which allows remote attackers to identify valid usernames on the firewall...
CVE-2000-1032
The client authentication interface for Check Point Firewall-1 4.0 and earlier generates different error messages for invalid usernames versus invalid passwords, which allows remote attackers to identify valid usernames on the firewall...
SSH-1 allows client authentication to be forwarded by a malicious server to another server
Overview A design flaw in the SSH-1 protocol allows a malicious server to establish two concurrent sessions with the same session ID, allowing a man-in-the-middle attack. The client must accept unknown host keys from the malicious server to enable exploitation of this vulnerability. Description...