Lucene search
K

280 matches found

FreeBSD
FreeBSD
added 2017/07/12 12:0 a.m.31 views

FreeBSD -- heimdal KDC-REP service name validation vulnerability

Problem Description: There is a programming error in the Heimdal implementation that used an unauthenticated, plain-text version of the KDC-REP service name found in a ticket. Impact: An attacker who has control of the network between a client and the service it talks to will be able to impersona...

6.5CVSS6.7AI score0.00992EPSS
Exploits0
FreeBSD
FreeBSD
added 2017/07/12 12:0 a.m.56 views

samba -- Orpheus Lyre mutual authentication validation bypass

The samba project reports: A MITM attacker may impersonate a trusted server and thus gain elevated access to the domain by returning malicious replication or authorization data...

8.1CVSS8.1AI score0.05118EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2016/07/05 12:0 a.m.6 views

The vulnerability of the Internet Explorer browser allows attackers to gain unauthorized access to transmitted data.

The Internet Explorer browser contains a vulnerability related to improper certificate reconciliation during a TLS session. Exploiting this vulnerability allows a malicious actor to gain unauthorized access to data by intercepting the TLS connection that involves mutual authentication between the...

6.8CVSS5.6AI score0.07556EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2015/01/13 10:59 p.m.23 views

Security feature bypass

The Network Location Awareness NLA service in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 does not perform mutual authentication to determine a domain connection, which allows...

6.1CVSS7AI score0.11613EPSS
Exploits0References6Affected Software4
Tenable Nessus
Tenable Nessus
added 2014/11/19 12:0 a.m.19 views

Fedora 19 : python-requests-kerberos-0.6-1.fc19 (2014-14498)

Security fix for CVE-2014-8650: requests-kerberos does not perform mutual authentication Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible...

9.8CVSS8.2AI score0.03615EPSS
Exploits0References2
Fedora
Fedora
added 2014/11/18 12:21 p.m.21 views

[SECURITY] Fedora 19 Update: python-requests-kerberos-0.6-1.fc19

Requests is an HTTP library, written in Python, for human beings. This libr ary adds optional Kerberos/GSSAPI authentication support and supports mutual authentication...

9.8CVSS0.5AI score0.03615EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2014/11/14 12:0 a.m.24 views

Fedora 21 : python-requests-kerberos-0.6-1.fc21 (2014-14461)

Security fix for CVE-2014-8650: requests-kerberos does not perform mutual authentication Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible...

9.8CVSS8.2AI score0.03615EPSS
Exploits0References2
Fedora
Fedora
added 2014/11/13 6:6 p.m.40 views

[SECURITY] Fedora 21 Update: python-requests-kerberos-0.6-1.fc21

Requests is an HTTP library, written in Python, for human beings. This libr ary adds optional Kerberos/GSSAPI authentication support and supports mutual authentication...

9.8CVSS0.5AI score0.03615EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2011/01/27 12:0 a.m.29 views

Fedora 13 : myproxy-5.3-1.fc13 (2011-0512)

Release 5.3 fixes a myproxy-logon security bug in MyProxy versions 5.0-5.2 that disabled server identity verification : The myproxy-logon program in MyProxy versions 5.0 through 5.2 does not enforce the check that the myproxy-server's certificate contains the expected hostname or identity. The...

4.3CVSS5.5AI score0.01585EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2011/01/27 12:0 a.m.18 views

Fedora 14 : myproxy-5.3-1.fc14 (2011-0514)

Release 5.3 fixes a myproxy-logon security bug in MyProxy versions 5.0-5.2 that disabled server identity verification : The myproxy-logon program in MyProxy versions 5.0 through 5.2 does not enforce the check that the myproxy-server's certificate contains the expected hostname or identity. The...

4.3CVSS5.5AI score0.01585EPSS
Exploits0References7
ThreatPost
ThreatPost
added 2011/01/20 4:28 p.m.8 views

Mobile Attacks Reign at Black Hat DC

ARLINGTON, VA–A number of researchers showed off interesting new attack techniques at the Black Hat DC conference this week, including one that enables an attacker to execute malicious code on handsets over the air. Perhaps the most interesting technique discussed at the show was a novel attack...

1.5AI score
Exploits0
seebug.org
seebug.org
added 2006/10/27 12:0 a.m.33 views

Microsoft Windows RPC相互认证服务欺骗漏洞(MS06-031)

Microsoft Windows是微软发布的非常流行的操作系统。 Microsoft Windows在通过SSL进行相互认证时没有正确的验证RPC服务器,允许攻击者欺骗RPC服务器,诱骗用户连接到看起来好像有效的恶意RPC服务器。 Microsoft Windows 2000SP4 MS06-031:Vulnerability in RPC Mutual Authentication Could Allow Spoofing 917736 链接:http://www.microsoft.com/technet/security/Bulletin/MS06-031.mspx 补丁下载:...

7AI score
Exploits0
securityvulns
securityvulns
added 2006/06/14 12:0 a.m.48 views

Microsoft Windows 2000 RPC spoofed server attack

Mutual authentication is not actually performed...

3.2AI score
Exploits0References1
Cvelist
Cvelist
added 2006/06/13 7:0 p.m.25 views

CVE-2006-2380

Microsoft Windows 2000 SP4 does not properly validate an RPC server during mutual authentication over SSL, which allows remote attackers to spoof an RPC server, aka the "RPC Mutual Authentication Vulnerability."...

6.8AI score0.17751EPSS
Exploits0References8
CVE
CVE
added 2006/06/13 7:0 p.m.60 views

CVE-2006-2380

CVE-2006-2380 corresponds to a spoofing vulnerability in RPC mutual authentication on Microsoft Windows 2000 SP4. The issue arises from the RPC service not correctly validating the identity of the RPC server during mutual authentication over SSL, potentially allowing an attacker to impersonate a ...

4.3CVSS6.8AI score0.17751EPSS
Exploits0References8Affected Software1
Symantec
Symantec
added 2006/06/13 12:0 a.m.42 views

Microsoft Windows RPC Mutual Authentication Service Spoofing Vulnerability

Description Microsoft Windows is susceptible to a vulnerability in the RPC component, specifically when using the mutual authentication mechanism with the SSL Secure Socket Layer protocol. This issue is due to a flaw in the mutual authentication mechanism that can occur when it attempts to valida...

0.8AI score
Exploits0References2Affected Software1
Tenable Nessus
Tenable Nessus
added 2006/06/13 12:0 a.m.23 views

MS06-031: Vulnerability in RPC Mutual Authentication Could Allow Spoofing (917736)

The remote version of Windows contains a version of SMB Server Message Block protocol that is vulnerable to a spoofing attack. An attacker may exploit these flaws to enduce a user to connect to a malicious RPC server. Tenable Network Security, Inc. include"compat.inc"; if description scriptid2169...

4.3CVSS5.6AI score0.17751EPSS
Exploits0References2
securityvulns
securityvulns
added 2005/01/27 12:0 a.m.28 views

[SA14010] iChain Mutual Authentication Unauthorised Resource Access

TITLE: iChain Mutual Authentication Unauthorised Resource Access SECUNIA ADVISORY ID: SA14010 VERIFY ADVISORY: http://secunia.com/advisories/14010/ CRITICAL: Less critical IMPACT: Security Bypass WHERE: From local network SOFTWARE: Novell iChain 2.x http://secunia.com/product/1423/ DESCRIPTION: A...

0.6AI score
Exploits0
securityvulns
securityvulns
added 2004/10/23 12:0 a.m.29 views

Altiris Deployment Server server spoofing

Mutual authentication absence and multicast based server detection allow to spoof server and obtain full control under managed network...

2.7AI score
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2004/04/13 12:0 a.m.25 views

UPDATE: Cisco Security Notice: Dictionary Attack on Cisco LEAP Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Notice: Dictionary Attack on Cisco LEAP Vulnerability Revision 2.0 Last Updated 2004 April 12 1600 UTC GMT For Public Release 2003 August 03 1600 UTC GMT ---------------------------------------------------------------------- Contents...

0.2AI score
Exploits0
Rows per page
Query Builder