103 matches found
keycloak: Internationalized domain name (IDN) homograph attack to impersonate users
A flaw was found in keycloak, where IDN homograph attacks are possible. This flaw allows a malicious user to register a name that already exists and then tricking an admin to grant extra privileges. The highest threat from this vulnerability is to integrity...
RHEL 7 : Red Hat Single Sign-On 7.4.7 security update on RHEL 7 (Moderate) (RHSA-2021:2064)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:2064 advisory. Red Hat Single Sign-On 7.4 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single...
CVE-2020-25779
Trend Micro Antivirus for Mac 2020 Consumer has a vulnerability in which a Internationalized Domain Name homograph attack Puny-code could be used to add a malicious website to the approved websites list of Trend Micro Antivirus for Mac to bypass the web threat protection feature...
CVE-2020-25779
Trend Micro Antivirus for Mac 2020 Consumer has a vulnerability in which a Internationalized Domain Name homograph attack Puny-code could be used to add a malicious website to the approved websites list of Trend Micro Antivirus for Mac to bypass the web threat protection feature. Recent...
Evasive Credit Card Skimmers Using Homograph Domains and Infected Favicon
Cybersecurity researchers today highlighted an evasive phishing technique that attackers are exploiting in the wild to target visitors of several sites with a quirk in domain names, and leverage modified favicons to inject e-skimmers and steal payment card information covertly. "The idea is simpl...
Evasive Credit Card Skimmers Using Homograph Domains and Infected Favicon
Cybersecurity researchers today highlighted an evasive phishing technique that attackers are exploiting in the wild to target visitors of several sites with a quirk in domain names, and leverage modified favicons to inject e-skimmers and steal payment card information covertly. "The idea is simpl...
Watch Your Step: The Prevalence of IDN Homograph Attacks
The internationalized domain name IDN homograph attack is used to form domain names that visually resemble legitimate domain names, albeit, using a different set of characters 1. For example, the IDN...
UBUNTU-CVE-2020-12474
Telegram Desktop through 2.0.1, Telegram through 6.0.1 for Android, and Telegram through 6.0.1 for iOS allow an IDN Homograph attack via Punycode in a public URL or a group chat invitation URL...
CVE-2020-12474
Telegram Desktop through 2.0.1, Telegram through 6.0.1 for Android, and Telegram through 6.0.1 for iOS allow an IDN Homograph attack via Punycode in a public URL or a group chat invitation URL...
Semrush: OAuth `redirect_uri` bypass using IDN homograph attack resulting in user's access token leakage
Issue Summary: It was found that SEMrush OAuth implementation fails to properly validate the value of redirecturi parameter which was bypassed using IDN homograph attack which results in leaking the user's access token to an attacker-controlled domain name. IDN homography attack exploits the fact...
CVE-2019-15237
Roundcube Webmail through 1.3.9 mishandles Punycode xn-- domain names, leading to homograph attacks...
UBUNTU-CVE-2019-15237
Roundcube Webmail through 1.3.9 mishandles Punycode xn-- domain names, leading to homograph attacks...
CVE-2019-15237
Roundcube Webmail through 1.3.9 mishandles Punycode xn-- domain names, leading to homograph attacks...
CVE-2019-15237
CVE-2019-15237 affects Roundcube Webmail up to version 1.3.9, where Punycode xn-- domain names are mishandled, enabling homograph-like domain name confusion. Public sources in the connected documents corroborate a fix beyond 1.3.9: Fedora advisory FEDORA-2019-d9c2f1ec70 and Gentoo GLSA-202507-10 ...
CVE-2018-12270
In Valve Steam 1528829181 BETA, it is possible to perform a homograph / homoglyph attack to create fake URLs in the client, which may trick users into visiting unintended web sites...
Design/Logic Flaw
In Valve Steam 1528829181 BETA, it is possible to perform a homograph / homoglyph attack to create fake URLs in the client, which may trick users into visiting unintended web sites...
CVE-2018-12270
In Valve Steam 1528829181 BETA, it is possible to perform a homograph / homoglyph attack to create fake URLs in the client, which may trick users into visiting unintended web sites...
CVE-2018-12270
In Valve Steam 1528829181 BETA, it is possible to perform a homograph / homoglyph attack to create fake URLs in the client, which may trick users into visiting unintended web sites...
CVE-2018-12270
Affected product: Valve Steam (1528829181 BETA). The vulnerability is a homograph/homoglyph attack that allows creating fake URLs in the Steam client, potentially fooling users into visiting unintended websites. Root cause details are not provided in the documents. Impact is described as user con...
UBUNTU-CVE-2019-10044
Telegram Desktop before 1.5.12 on Windows, and the Telegram applications for Android, iOS, and Linux, is vulnerable to an IDN homograph attack when displaying messages containing URLs. This occurs because the application produces a clickable link even if for example Latin and Cyrillic characters...