Lucene search
+L

69 matches found

OSV
OSV
added 2017/06/15 1:29 p.m.2 views

CVE-2017-1197

IBM BigFix Compliance TEMA SUAv1 SCA SCM uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 123672...

9.8CVSS5.8AI score0.01603EPSS
Exploits0References2
ThreatPost
ThreatPost
added 2017/05/03 1:55 p.m.13 views

Proposed NIST Password Guidelines Soften Length, Complexity Focus

A comment period has closed on NIST’s new password guidelines for federal agencies that challenge the effectiveness of traditional behaviors around authentication such as an insistence on complex passwords and scheduled resets. As more tech companies move away from passwords and toward multistep...

0.9AI score
Exploits0References4
0day.today
0day.today
added 2016/09/07 12:0 a.m.69 views

TeamViewer 11.0.65452 (x64) - Local Credentials Disclosure

Exploit for windows platform in category local exploits TeamViewer 11.0.65452 64 bit Local Credentials Disclosure Tested on Windows 7 64bit, English Vendor Homepage @ https://www.teamviewer.com/ Date 07/09/2016 Bug Discovered by Alexander Korznikov https://www.linkedin.com/in/nopernik...

6.8AI score
Exploits0
FireEye
FireEye
added 2016/03/23 8:0 a.m.167 views

99 Problems but Two-Factor Ain’t One

Two-factor authentication is a best practice for securing remote access, but it is also a Holy Grail for a motivated red team. Hiding under the guise of a legitimate user authenticated through multiple credentials is one of the best ways to remain undetected in an environment. Many companies rega...

4.3CVSS0.1AI score0.01995EPSS
Exploits0
Atlassian
Atlassian
added 2015/05/25 10:28 a.m.27 views

JIRA HTTP Dump Recorded Credential information As Text

Example steps to reproduce: Example 1: enable HTTP Access Logging and the HTTP dump log Change Password in the atlassian-jira-http-dump.log , the user's credential will be in the log as text Example 2: enable HTTP Access Logging and the HTTP dump log exit Administrations menu/logout go to any...

0.1AI score
Exploits0Affected Software1
ThreatPost
ThreatPost
added 2014/05/14 1:21 p.m.74 views

Microsoft Giving .NET Users The Option to Shed RC4

Microsoft didn’t beat around the bush when it warned customers to stay away from the deprecated RC4 algorithm last fall. Now it’s giving those who use its .NET software framework an option to disable the cipher in Transport Layer Security TLS as well. In a security advisory issued on its Security...

9.3CVSS1.1AI score0.99945EPSS
Exploits33References7
CVE
CVE
added 2012/11/24 8:0 p.m.53 views

CVE-2012-0959

CVE-2012-0959 affects the Ubuntu remote-login-service (RLS) 1.0.0, where account information is not properly cleared when switching users. This could allow physically proximate users to obtain login credentials. The vulnerability is detailed in the Ubuntu security advisory USN-1624-1 and related ...

2.1CVSS6.2AI score0.00395EPSS
Exploits0References3Affected Software1
ThreatPost
ThreatPost
added 2012/10/11 6:4 p.m.11 views

Researcher: Fix for UPEK Fingerprint Reader Encryption Woes Falls Short

A researcher said a fix released by Authentec on Sept. 18 falls short of repairing a serious vulnerability in the company’s UPEK Protector Suite fingerprint reader software used as an authenticator on many new consumer and business laptops. Researchers Adam Caudill and Brandon Wilson this week...

0.1AI score
Exploits0References4
CERT
CERT
added 2007/06/01 12:0 a.m.64 views

CREDANT Mobile Guardian Shield fails to remove credentials from memory

Overview CREDANT Mobile Guardian Shield fails to properly remove credentials from memory, which may allow an attacker to obtain access to the Windows domain and encrypted drive contents. Description CREDANT Mobile Guardian CMG Shield is a component of Mobile Guardian Enterprise Edition. CMG Shiel...

4.6CVSS6.7AI score0.00334EPSS
Exploits0References2
Rows per page
Query Builder