157 matches found
HashiCorp Vault 安全漏洞
HashiCorp Vault is a private key access management tool from HashiCorp Inc. in the United States. A security vulnerability exists in HashiCorp Vault versions prior to 1.14.1, 1.13.5 and 1.13.5, which stems from the fact that HashiCorp's Vault and Vault Enterprise are vulnerable to a user...
pki-core: When using the caServerKeygen_DirUserCert profile, user can get certificates for other UIDs by entering name in Subject field
A flaw was found in pki-core, which could allow a user to get a certificate for another user identity when directory-based authentication is enabled. This flaw allows an authenticated attacker on the adjacent network to impersonate another user within the scope of the domain, but they would not b...
SUSE CVE-2011-2054
A vulnerability in the Cisco ASA that could allow a remote attacker to successfully authenticate using the Cisco AnyConnect VPN client if the Secondary Authentication type is LDAP and the password is left blank, providing the primary credentials are correct. The vulnerabilities is due to improper...
JSA10413 - Pulse Connect Secure (PCS) and Pulse Policy Secure (PPS) products - Security Bundle - Authentication & Authorization Issue
Ivanti 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. Authentication & Authorization vulnerability found and fixed through a combination of internal and external proactive security testing: - When using NTLMv1 or NTLMv2 authentication...
The vulnerability of the implementation of the LDAP authentication process mechanism in the Zoho ManageEngine ServiceDesk Plus system allows a perpetrator to escalate their privileges.
The vulnerability of the LDAP authentication process implementation in Zoho ManageEngine ServiceDesk Plus is related to deficiencies in the authentication procedures. Exploiting this vulnerability can allow attackers to increase their privileges remotely...
sssd: libsss_certmap fails to sanitise certificate data used in LDAP filters
A vulnerability was found in SSSD, in the libssscertmap functionality. PKINIT enables a client to authenticate to the KDC using an X.509 certificate and the corresponding private key, rather than a passphrase or keytab. FreeIPA uses mapping rules to map a certificate presented during a PKINIT...
CVE-2023-22964
Zoho ManageEngine ServiceDesk Plus MSP before 10611, and 13x before 13004, is vulnerable to authentication bypass when LDAP authentication is enabled...
pki-core: When using the caServerKeygen_DirUserCert profile, user can get certificates for other UIDs by entering name in Subject field
A flaw was found in pki-core, which could allow a user to get a certificate for another user identity when directory-based authentication is enabled. This flaw allows an authenticated attacker on the adjacent network to impersonate another user within the scope of the domain, but they would not b...
CVE-2022-2393
A flaw was found in pki-core, which could allow a user to get a certificate for another user identity when directory-based authentication is enabled. This flaw allows an authenticated attacker on the adjacent network to impersonate another user within the scope of the domain, but they would not b...
DEBIAN-CVE-2022-2393
A flaw was found in pki-core, which could allow a user to get a certificate for another user identity when directory-based authentication is enabled. This flaw allows an authenticated attacker on the adjacent network to impersonate another user within the scope of the domain, but they would not b...
UBUNTU-CVE-2021-39890
It was possible to bypass 2FA for LDAP users and access some specific pages with Basic Authentication in GitLab 14.1.1 and above...
Thunderdome 注入漏洞
Thunderdome is an open source agile planning poker application with an interesting theme by Steven Weathers, an individual developer in the U.S. An injection vulnerability exists in Thunderdome, which stems from the LDAP authentication feature not properly escaping the provided username, and no...
PT-2021-23204 · Unknown · Thunderdome
Name of the Vulnerable Software and Affected Versions: Thunderdome versions prior to 1.16.3 Description: The issue is related to an LDAP injection vulnerability that affects instances with LDAP authentication enabled. The provided username is not properly escaped, allowing for potential...
Hotfix XS82E002 - For Citrix Hypervisor 8.2
Who Should Install This Hotfix? This is a hotfix for customers running Citrix Hypervisor 8.2. Information About this Hotfix Component| Details ---|--- Prerequisite| None Post-update tasks| Restart the XAPI Toolstack Content live patchable| No Baselines for Live Patch| N/A Revision History|...
parse-server encryption issue vulnerability
parse-server is an open source Backend-as-a-Service BaaS framework , it is mainly used for application back-end processing . A security vulnerability exists in Parse Server versions prior to 4.5.0 that stems from LDAP authentication involving user passwords stored in plaintext. No details of the...
activemq: LDAP authentication bypass with anonymous bind
A flaw was found in activemq. When anonymous binds are enabled on the LDAP provider zero length DN/password and the LDAP module is configured to make use of these, client credentials are not correctly verified and authentication is effectively bypassed. The highest threat from this vulnerability ...
Vulnerability of the Server component: Security: LDAP Auth of the MySQL Server database management system, which allows attackers to cause service interruptions.
The vulnerability of the Server component’s Security: LDAP Auth module of the MySQL Server database management system is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to cause service interruptions...
Vulnerability of the Server component: Security: LDAP Auth of the MySQL Server database management system, which allows attackers to gain unauthorized access to protected information.
The vulnerability of the Server component’s Security: LDAP Auth component of the MySQL Server database management system is related to insufficient validation of input data. Exploiting this vulnerability may allow an attacker, operating remotely, to gain unauthorized access to protected informati...
Vulnerability of the Server component: Security: LDAP Authentication of the MySQL Server database management system, allowing attackers to gain full control over the application
The vulnerability of the Server component’s Security: LDAP Auth component of the MySQL Server database management system is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain full control over the application using th...
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: LDAP Auth). Supported versions that are affected are 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
...