69 matches found
CVE-2017-1197
IBM BigFix Compliance TEMA SUAv1 SCA SCM uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 123672...
Proposed NIST Password Guidelines Soften Length, Complexity Focus
A comment period has closed on NIST’s new password guidelines for federal agencies that challenge the effectiveness of traditional behaviors around authentication such as an insistence on complex passwords and scheduled resets. As more tech companies move away from passwords and toward multistep...
TeamViewer 11.0.65452 (x64) - Local Credentials Disclosure
Exploit for windows platform in category local exploits TeamViewer 11.0.65452 64 bit Local Credentials Disclosure Tested on Windows 7 64bit, English Vendor Homepage @ https://www.teamviewer.com/ Date 07/09/2016 Bug Discovered by Alexander Korznikov https://www.linkedin.com/in/nopernik...
99 Problems but Two-Factor Ain’t One
Two-factor authentication is a best practice for securing remote access, but it is also a Holy Grail for a motivated red team. Hiding under the guise of a legitimate user authenticated through multiple credentials is one of the best ways to remain undetected in an environment. Many companies rega...
JIRA HTTP Dump Recorded Credential information As Text
Example steps to reproduce: Example 1: enable HTTP Access Logging and the HTTP dump log Change Password in the atlassian-jira-http-dump.log , the user's credential will be in the log as text Example 2: enable HTTP Access Logging and the HTTP dump log exit Administrations menu/logout go to any...
Microsoft Giving .NET Users The Option to Shed RC4
Microsoft didn’t beat around the bush when it warned customers to stay away from the deprecated RC4 algorithm last fall. Now it’s giving those who use its .NET software framework an option to disable the cipher in Transport Layer Security TLS as well. In a security advisory issued on its Security...
CVE-2012-0959
CVE-2012-0959 affects the Ubuntu remote-login-service (RLS) 1.0.0, where account information is not properly cleared when switching users. This could allow physically proximate users to obtain login credentials. The vulnerability is detailed in the Ubuntu security advisory USN-1624-1 and related ...
Researcher: Fix for UPEK Fingerprint Reader Encryption Woes Falls Short
A researcher said a fix released by Authentec on Sept. 18 falls short of repairing a serious vulnerability in the company’s UPEK Protector Suite fingerprint reader software used as an authenticator on many new consumer and business laptops. Researchers Adam Caudill and Brandon Wilson this week...
CREDANT Mobile Guardian Shield fails to remove credentials from memory
Overview CREDANT Mobile Guardian Shield fails to properly remove credentials from memory, which may allow an attacker to obtain access to the Windows domain and encrypted drive contents. Description CREDANT Mobile Guardian CMG Shield is a component of Mobile Guardian Enterprise Edition. CMG Shiel...