117 matches found
pgjdbc Client Allows Fallback to Insecure Authentication Despite channelBinding=require Configuration
Impact When the PostgreSQL JDBC driver is configured with channel binding set to required default value is prefer, the driver would incorrectly allow connections to proceed with authentication methods that do not support channel binding such as password, MD5, GSS, or SSPI authentication. This cou...
CVE-2025-49146 pgjdbc Client Allows Fallback to Insecure Authentication Despite channelBinding=require Configuration
pgjdbc is an open source postgresql JDBC Driver. From 42.7.4 and until 42.7.7, when the PostgreSQL JDBC driver is configured with channel binding set to required default value is prefer, the driver would incorrectly allow connections to proceed with authentication methods that do not support...
CVE-2025-49146 pgjdbc Client Allows Fallback to Insecure Authentication Despite channelBinding=require Configuration
pgjdbc is an open source postgresql JDBC Driver. From 42.7.4 and until 42.7.7, when the PostgreSQL JDBC driver is configured with channel binding set to required default value is prefer, the driver would incorrectly allow connections to proceed with authentication methods that do not support...
CVE-2025-49146
CVE-2025-49146 affects the PostgreSQL JDBC driver (pgjdbc). From 42.7.4 through 42.7.7, when channel binding is set to required, connections could proceed using non-SASL authentication methods (e.g., password, MD5, GSS, SSPI), enabling MITM interception. The issue is fixed in 42.7.7. Affected con...
CVE-2019-8149
Insecure authentication and session management vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An unauthenticated user can append arbitrary session id that will not be invalidated by subsequent authentication...
CVE-2019-8108
Insecure authentication and session management vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can manipulate session validation setting for a storefront that leads to insecure authentication and session management...
CVE-2019-15653
Comba AP2600-I devices through A02,0202N00PD2 are prone to password disclosure via an insecure authentication mechanism. The HTML source code of the login page contains values that allow obtaining the username and password. The username are password values are a double md5 of the plaintext real...
CVE-2025-0020
...
The vulnerability of Remote Desktop Services (RDS) for Windows operating systems allows a hacker to execute arbitrary code.
The vulnerability of Remote Desktop Services RDS for Windows operating systems lies in the use of insecure mechanisms for processing authentication data in the operating system’s memory. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...
CVE-2025-1717 Login Me Now <= 1.7.2 - Authentication Bypass
The Login Me Now plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.7.2. This is due to insecure authentication based on an arbitrary transient name in the 'AutoLogin::listen' function. This makes it possible for unauthenticated attackers to log in an...
PT-2025-8922 · WordPress · Login Me Now
Name of the Vulnerable Software and Affected Versions: Login Me Now plugin for WordPress versions up to, and including, 1.7.2 Description: The issue is related to insecure authentication based on an arbitrary transient name in the AutoLogin::listen function, allowing unauthenticated attackers to...
PT-2025-1269 · Microsoft · Windows
Name of the Vulnerable Software and Affected Versions: Windows affected versions not specified Description: The issue is related to the Microsoft Digest authentication mechanism in Windows operating systems, which uses insecure methods for handling authentication data in the operating system's...
The vulnerability of Remote Desktop Services (RDS) for Windows operating systems allows a hacker to execute arbitrary code.
The vulnerability of Remote Desktop Services RDS for Windows operating systems lies in the use of insecure mechanisms for processing authentication data in the operating system’s memory. Exploiting this vulnerability allows an attacker to execute arbitrary code remotely...
CVE-2024-45494
The CVE affects MSA FieldServer Gateway versions 5.0.0–6.5.2 (fixed in 7.0.0). A shared administrative user on all devices uses an unsafe, static secret for authentication, enabling potential unauthorized admin access. The issue is described with high impact across confidentiality, integrity, and...
PT-2024-9493 · Microsoft · Windows Remote Desktop Services +1
Name of the Vulnerable Software and Affected Versions: Windows Remote Desktop Services affected versions not specified Description: The issue is related to the use of insecure mechanisms for handling authentication data in the operating system's memory. It allows a remote attacker to execute...
CVE-2024-39707
Insyde IHISI function 0x49 can restore factory defaults for certain UEFI variables without further authentication by default, which could lead to a possible roll-back attack in certain platforms. This is fixed in: kernel 5.2, version 05.29.19; kernel 5.3, version 05.38.19; kernel 5.4, version...
PT-2024-6757 · Microsoft · Windows Remote Desktop Licensing Service +1
Name of the Vulnerable Software and Affected Versions: Windows Remote Desktop Licensing Service affected versions not specified Description: The issue is related to the use of insecure mechanisms for handling authentication data in the operating system's memory. It allows remote attackers to...
CVE-2024-47652 Insecure Authentication Vulnerability
This vulnerability exists in Shilpi Client Dashboard due to implementation of inadequate authentication mechanism in the login module wherein access to any users account is granted with just their corresponding mobile number. A remote attacker could exploit this vulnerability by providing mobile...
CVE-2024-41290
FlatPress CMS v1.3.1 1.3 was discovered to use insecure methods to store authentication data via the cookie's component...
FlatPress 安全漏洞
FlatPress is a Php-based blog builder without database support from the FlatPress community. A security vulnerability exists in FlatPress version v1.3.1, which stems from the use of an insecure method to store authentication data via the cookie component...