24 matches found
OESA-2026-1849 dovecot security update
Dovecot is an IMAP server for Linux/UNIX-like systemsa wrapper package that will just handle common things for all versioned dovecot packages. Security Fixes: Dovecot has provided a script to use for attachment to text conversion. This script unsafely handles zip-style attachments. Attacker can u...
CVE-2026-0394
When dovecot has been configured to use per-domain passwd files, and they are placed one path component above /etc, or slash has been added to allowed characters, path traversal can happen if the domain component is directory partial. This allows inadvertently reading /etc/passwd or some other pa...
Silent Domain Hijack: Detecting DCSync with Trellix NDR
Silent Domain Hijack: Uncovering the DCSync Attack and Detecting with Trellix NDR By Maulik Maheta and Chao Sun · December 10, 2025 Executive summary DCSync is one of the most powerful and stealthy techniques an attacker can use once they have gained access to an Active Directory AD environment...
CVE-2025-10285
The web interface of the Silicon Labs Simplicity Device Manager is exposed publicly and can be used to extract the NTLMv2 hash which an attacker could use to crack the user's domain password...
CVE-2025-10285 Simplcity Device Manager exposes NTLMv2 hash
The web interface of the Silicon Labs Simplicity Device Manager is exposed publicly and can be used to extract the NTLMv2 hash which an attacker could use to crack the user's domain password...
CVE-2025-10285
CVE-2025-10285 affects Silicon Labs Simplicity Device Manager. The exposed web interface enables an attacker to extract NTLMv2 hashes, which could be used to crack users’ domain passwords. Affected software is Silicon Labs Simplicity Device Manager; the root cause is publicly accessible web UI ex...
EUVD-2019-13346
Malware in sbrugna...
CVE-2025-22956
OPSI before 4.3 allows any client to retrieve any ProductPropertyState, including those of other clients. This can lead to privilege escalation if any ProductPropertyState contains a secret only intended to be accessible by a subset of clients. One example of this is a domain join account passwor...
How to build a password cracking rig during a worldwide chip shortage
… and keep a domain password auditing service online. Making money on GPUs, the hard way… At PTP we had a fairly decent GPU password cracking box called Titan. It used 4×1080 GPUs and had an NTLM hash rate of around 180GH/s. Several years ago I realised that the box was sitting idle much of the...
CVE-2020-9903
A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.6 and iPadOS 13.6, Safari 13.1.2. A malicious attacker may cause Safari to suggest a password for the wrong domain...
CVE-2019-3711 DSA-2019-038: RSA® Authentication Manager Insecure Credential Management Vulnerability
RSA Authentication Manager versions prior to 8.4 P1 contain an Insecure Credential Management Vulnerability. A malicious Operations Console administrator may be able to obtain the value of a domain password that another Operations Console administrator had set previously and use it for attacks...
CVE-2019-3711
RSA Authentication Manager versions prior to 8.4 P1 have an insecure credential management vulnerability in the Operations Console that may allow an authenticated administrator to obtain the value of a domain password previously set by another administrator and use it for attacks. Root cause: ins...
CVE-2019-3711
RSA Authentication Manager versions prior to 8.4 P1 contain an Insecure Credential Management Vulnerability. A malicious Operations Console administrator may be able to obtain the value of a domain password that another Operations Console administrator had set previously and use it for attacks...
CVE-2019-3711
RSA Authentication Manager versions prior to 8.4 P1 contain an Insecure Credential Management Vulnerability. A malicious Operations Console administrator may be able to obtain the value of a domain password that another Operations Console administrator had set previously and use it for attacks...
EMC RSA Authentication Manager < 8.4 P1 Insecure Credential Management (DSA-2019-038)
The version of EMC RSA Authentication Manager running on the remote host is prior to 8.4 Patch 1. It is, therefore, affected by an insecure credential management vulnerability in the operations console components. An authenticated, remote attacker with administrator privileges can exploit this, t...
Configure "Authentication Verification Order" Different to the Order Prompted on Logon Page Using NetScaler nFactor
This article describes how to configure "authentication verification order" different to the order prompted on logon page Using NetScaler nFactor. Background The following is the authentication field prompt order of the NetScaler Gateway logon page: 1. Login 2. Domain password 3. One-time passwor...
Secure Hub Continuously Prompts for Citrix PIN and Active Directory Password
Secure Hub continuously prompts for domain password on Android devices. Even though we have a Citrix PIN configured for all devices, we are required to put in our full domain password to authenticate...
May 2016 update rollup for Windows RT 8.1, Windows 8.1, and Windows Server 2012 R2
May 2016 update rollup for Windows RT 8.1, Windows 8.1, and Windows Server 2012 R2 This update rollup is superseded by July 2016 update rollup for Windows RT 8.1, Windows 8.1, and Windows Server 2012 R2 KB3172614 that was released on July 21, 2016. The May 2016 update rollup for Windows RT 8.1,...
"No computer account for trust" error when you change domain account password in Windows
"No computer account for trust" error when you change domain account password in Windows This article describes a problem that occurs when you change the domain account password in Windows 8.1, Windows RT 8.1, Windows Server 2012 R2, Windows Server 2012, Windows 7 Service Pack 1 SP1, Windows Serv...
Domain Password Audit Tool: DPAT
Domain Password Audit Tool This is a python script that will generate password use statistics from password hashes dumped from a domain controller and a password crack file such as oclHashcat.pot generated from the oclHashcat tool during password cracking. The report is an HTML report with...