30 matches found
CVE-2022-22496
While a user account for the IBM Spectrum Protect Server 8.1.0.000 through 8.1.14 is being established, it may be configured to use SESSIONSECURITY=TRANSITIONAL. While in this mode, it may be susceptible to an offline dictionary attack. IBM X-Force ID: 226942...
Code injection
While a user account for the IBM Spectrum Protect Server 8.1.0.000 through 8.1.14 is being established, it may be configured to use SESSIONSECURITY=TRANSITIONAL. While in this mode, it may be susceptible to an offline dictionary attack. IBM X-Force ID: 226942...
CVE-2022-22496
While a user account for the IBM Spectrum Protect Server 8.1.0.000 through 8.1.14 is being established, it may be configured to use SESSIONSECURITY=TRANSITIONAL. While in this mode, it may be susceptible to an offline dictionary attack. IBM X-Force ID: 226942...
CVE-2022-22496
CVE-2022-22496 affects IBM Spectrum Protect Server 8.1.0.000–8.1.14 when a user account is being established and the installation is configured with SESSIONSECURITY=TRANSITIONAL. In this mode, it is susceptible to an offline dictionary attack that could expose credentials. The issue is documented...
Security Bulletin: IBM Spectrum Protect Server vulnerable to offline dictionary and brute force attacks (CVE-2022-22496, CVE-2022-22487)
Summary The IBM Spectrum Protect Server is vulnerable to an offline dictionary attack when using SESSIONSECURITY=TRANSITIONAL. The IBM Spectrum Protect Storage agent is vulnerable to a brute force attack by allowing unlimited attempts to login to the storage agent without locking the administrati...
MGASA-2019-0229 Updated wpa_supplicant and hostapd packages fix security vulnerability
A number of potential side channel attacks were discovered in the SAE implementations used by both hostapd AP and wpasupplicant infrastructure BSS station/mesh station. SAE Simultaneous Authentication of Equals is also known as WPA3-Personal. The discovered side channel attacks may be able to lea...
Security Bulletin: Offline dictionary attack vulnerability in IBM Spectrum Protect (formerly Tivoli Storage Manager) (CVE-2016-8937)
Summary IBM Spectrum Protect formerly Tivoli Storage Manager is vulnerable to an offline dictionary attack due to information disclosed during authentication. An attacker can gain full access to the IBM Spectrum Protect system allowing them to perform operations they may not be authorized to...
CVE-2018-5389
The Internet Key Exchange v1 main mode is vulnerable to offline dictionary or brute force attacks. Reusing a key pair across different versions and modes of IKE could lead to cross-protocol authentication bypasses. It is well known, that the aggressive mode of IKEv1 PSK is vulnerable to offline...
UPC Ireland Cisco EPC 2425 Router / Horizon Box
No description provided by source. Exploit Title: UPC Ireland Cisco EPC 2425 Router / Horizon Box Google Dork: Date: 11/12/2013 Author: Matt O'Connor / Planit Computing Advisory Link: http://www.planitcomputing.ie/upc-wifi-attack.pdf Version: Category: Remote Tested on: Cisco EPC 2425 / Horizon B...
Release of Cisco Attack tool Asleap
In August 2003, I wrote a tool called asleap for Linux systems to exploit a weakness in the Cisco LEAP authentication protocol. Using this tool, an attacker can actively compromise Cisco LEAP networks by mounting an offline dictionary attack against weak user passwords. In my testing, I was able ...