280 matches found
FreeBSD -- heimdal KDC-REP service name validation vulnerability
Problem Description: There is a programming error in the Heimdal implementation that used an unauthenticated, plain-text version of the KDC-REP service name found in a ticket. Impact: An attacker who has control of the network between a client and the service it talks to will be able to impersona...
samba -- Orpheus Lyre mutual authentication validation bypass
The samba project reports: A MITM attacker may impersonate a trusted server and thus gain elevated access to the domain by returning malicious replication or authorization data...
The vulnerability of the Internet Explorer browser allows attackers to gain unauthorized access to transmitted data.
The Internet Explorer browser contains a vulnerability related to improper certificate reconciliation during a TLS session. Exploiting this vulnerability allows a malicious actor to gain unauthorized access to data by intercepting the TLS connection that involves mutual authentication between the...
Security feature bypass
The Network Location Awareness NLA service in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 does not perform mutual authentication to determine a domain connection, which allows...
Fedora 19 : python-requests-kerberos-0.6-1.fc19 (2014-14498)
Security fix for CVE-2014-8650: requests-kerberos does not perform mutual authentication Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible...
[SECURITY] Fedora 19 Update: python-requests-kerberos-0.6-1.fc19
Requests is an HTTP library, written in Python, for human beings. This libr ary adds optional Kerberos/GSSAPI authentication support and supports mutual authentication...
Fedora 21 : python-requests-kerberos-0.6-1.fc21 (2014-14461)
Security fix for CVE-2014-8650: requests-kerberos does not perform mutual authentication Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible...
[SECURITY] Fedora 21 Update: python-requests-kerberos-0.6-1.fc21
Requests is an HTTP library, written in Python, for human beings. This libr ary adds optional Kerberos/GSSAPI authentication support and supports mutual authentication...
Fedora 13 : myproxy-5.3-1.fc13 (2011-0512)
Release 5.3 fixes a myproxy-logon security bug in MyProxy versions 5.0-5.2 that disabled server identity verification : The myproxy-logon program in MyProxy versions 5.0 through 5.2 does not enforce the check that the myproxy-server's certificate contains the expected hostname or identity. The...
Fedora 14 : myproxy-5.3-1.fc14 (2011-0514)
Release 5.3 fixes a myproxy-logon security bug in MyProxy versions 5.0-5.2 that disabled server identity verification : The myproxy-logon program in MyProxy versions 5.0 through 5.2 does not enforce the check that the myproxy-server's certificate contains the expected hostname or identity. The...
Mobile Attacks Reign at Black Hat DC
ARLINGTON, VA–A number of researchers showed off interesting new attack techniques at the Black Hat DC conference this week, including one that enables an attacker to execute malicious code on handsets over the air. Perhaps the most interesting technique discussed at the show was a novel attack...
Microsoft Windows RPC相互认证服务欺骗漏洞(MS06-031)
Microsoft Windows是微软发布的非常流行的操作系统。 Microsoft Windows在通过SSL进行相互认证时没有正确的验证RPC服务器,允许攻击者欺骗RPC服务器,诱骗用户连接到看起来好像有效的恶意RPC服务器。 Microsoft Windows 2000SP4 MS06-031:Vulnerability in RPC Mutual Authentication Could Allow Spoofing 917736 链接:http://www.microsoft.com/technet/security/Bulletin/MS06-031.mspx 补丁下载:...
Microsoft Windows 2000 RPC spoofed server attack
Mutual authentication is not actually performed...
CVE-2006-2380
Microsoft Windows 2000 SP4 does not properly validate an RPC server during mutual authentication over SSL, which allows remote attackers to spoof an RPC server, aka the "RPC Mutual Authentication Vulnerability."...
CVE-2006-2380
CVE-2006-2380 corresponds to a spoofing vulnerability in RPC mutual authentication on Microsoft Windows 2000 SP4. The issue arises from the RPC service not correctly validating the identity of the RPC server during mutual authentication over SSL, potentially allowing an attacker to impersonate a ...
Microsoft Windows RPC Mutual Authentication Service Spoofing Vulnerability
Description Microsoft Windows is susceptible to a vulnerability in the RPC component, specifically when using the mutual authentication mechanism with the SSL Secure Socket Layer protocol. This issue is due to a flaw in the mutual authentication mechanism that can occur when it attempts to valida...
MS06-031: Vulnerability in RPC Mutual Authentication Could Allow Spoofing (917736)
The remote version of Windows contains a version of SMB Server Message Block protocol that is vulnerable to a spoofing attack. An attacker may exploit these flaws to enduce a user to connect to a malicious RPC server. Tenable Network Security, Inc. include"compat.inc"; if description scriptid2169...
[SA14010] iChain Mutual Authentication Unauthorised Resource Access
TITLE: iChain Mutual Authentication Unauthorised Resource Access SECUNIA ADVISORY ID: SA14010 VERIFY ADVISORY: http://secunia.com/advisories/14010/ CRITICAL: Less critical IMPACT: Security Bypass WHERE: From local network SOFTWARE: Novell iChain 2.x http://secunia.com/product/1423/ DESCRIPTION: A...
Altiris Deployment Server server spoofing
Mutual authentication absence and multicast based server detection allow to spoof server and obtain full control under managed network...
UPDATE: Cisco Security Notice: Dictionary Attack on Cisco LEAP Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Notice: Dictionary Attack on Cisco LEAP Vulnerability Revision 2.0 Last Updated 2004 April 12 1600 UTC GMT For Public Release 2003 August 03 1600 UTC GMT ---------------------------------------------------------------------- Contents...