115 matches found
One Identity Safeguard for Privileged Passwords 安全漏洞
One Identity Safeguard for Privileged Passwords is a platform from US-based One Identity, Inc. stores and manages sensitive credentials such as passwords, keys and other keys in a centralized, hardened vault. A security vulnerability exists in One Identity Safeguard for Privileged Passwords that...
Malicious code in 1-as_identity_function (RubyGems)
--- -= Per source details. Do not edit below this line.=-...
Embracing the Cloud: Revolutionizing Privileged Access Management with One Identity Cloud PAM Essentials
As cyber threats loom around every corner and privileged accounts become prime targets, the significance of implementing a robust Privileged Access Management PAM solution can't be overstated. With organizations increasingly migrating to cloud environments, the PAM Solution Market is experiencing...
CVE-2023-48654
One Identity Password Manager before 5.13.1 allows Kiosk Escape. This product enables users to reset their Active Directory passwords on the login screen of a Windows client. It launches a Chromium based browser in Kiosk mode to provide the reset functionality. The escape sequence is: go to the...
CVE-2023-51772
One Identity Password Manager before 5.13.1 allows Kiosk Escape. This product enables users to reset their Active Directory passwords on the login screen of a Windows client. It launches a Chromium based browser in Kiosk mode to provide the reset functionality. The escape sequence is: wait for a...
Design/Logic Flaw
One Identity Password Manager before 5.13.1 allows Kiosk Escape. This product enables users to reset their Active Directory passwords on the login screen of a Windows client. It launches a Chromium based browser in Kiosk mode to provide the reset functionality. The escape sequence is: wait for a...
One Identity Password Manager Security Vulnerability
One Identity Password Manager is a web platform for providing authentication from One Identity, Inc. in the United States. A security vulnerability exists in One Identity Password Manager versions prior to 5.13.1. An attacker could use this vulnerability to reset the Active Directory password of ...
CVE-2023-48654
One Identity Password Manager before 5.13.1 allows Kiosk Escape. This product enables users to reset their Active Directory passwords on the login screen of a Windows client. It launches a Chromium based browser in Kiosk mode to provide the reset functionality. The escape sequence is: go to the...
CVE-2023-51772
One Identity Password Manager before 5.13.1 allows Kiosk Escape. This product enables users to reset their Active Directory passwords on the login screen of a Windows client. It launches a Chromium based browser in Kiosk mode to provide the reset functionality. The escape sequence is: wait for a...
CVE-2023-51772
CVE-2023-51772 affects One Identity Password Manager before 5.13.1. The vulnerability arises from the login screen’s Kiosk mode workflow, which launches a Chromium-based browser to reset Active Directory passwords. The root cause enables an attacker to escape the kiosk sandbox by navigating throu...
CVE-2023-48654
One Identity Password Manager before 5.13.1 is affected by a Kiosk Escape privilege escalation. The vulnerability allows an attacker to break out of the kiosk-embedded Chromium browser on the Windows login screen and launch cmd.exe as NT AUTHORITY\SYSTEM, enabling high-privilege access. The escap...
CVE-2023-51772
One Identity Password Manager before 5.13.1 allows Kiosk Escape. This product enables users to reset their Active Directory passwords on the login screen of a Windows client. It launches a Chromium based browser in Kiosk mode to provide the reset functionality. The escape sequence is: wait for a...
PT-2023-31890 · One Identity +2 · One Identity Password Manager +2
Name of the Vulnerable Software and Affected Versions: One Identity Password Manager versions prior to 5.13.1 Description: The issue allows Kiosk Escape, affecting the product's functionality to reset Active Directory passwords on the login screen of a Windows client. It launches a Chromium-based...
One Identity Password Manager Kiosk Escape Privilege Escalation
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Kiosk Escape Privilege Escalation product: One Identity Password Manager Secure Password Extension vulnerable version: 5.13.1 fixed version: 5.13.1 CVE number:...
CVE-2023-4003
One Identity Password Manager version 5.9.7.1 - An unauthenticated attacker with physical access to a workstation may upgrade privileges to SYSTEM through an unspecified method. CWE-250: Execution with Unnecessary Privileges...
Default credentials
One Identity Password Manager version 5.9.7.1 - An unauthenticated attacker with physical access to a workstation may upgrade privileges to SYSTEM through an unspecified method. CWE-250: Execution with Unnecessary Privileges...
CVE-2023-4003 One Identity Password Manager version 5.9.7.1 - Unauthenticated physical access privilege escalation
One Identity Password Manager version 5.9.7.1 - An unauthenticated attacker with physical access to a workstation may upgrade privileges to SYSTEM through an unspecified method. CWE-250: Execution with Unnecessary Privileges...
CVE-2023-4003 One Identity Password Manager version 5.9.7.1 - Unauthenticated physical access privilege escalation
One Identity Password Manager version 5.9.7.1 - An unauthenticated attacker with physical access to a workstation may upgrade privileges to SYSTEM through an unspecified method. CWE-250: Execution with Unnecessary Privileges...
CVE-2023-4003
CVE-2023-4003 affects One Identity Password Manager version 5.9.7.1. An unauthenticated attacker with physical access to a workstation may upgrade privileges to SYSTEM through an unspecified method (described as a privilege escalation due to execution with unnecessary privileges). The vulnerabili...
PT-2023-27224 · One Identity · One Identity Password Manager
Name of the Vulnerable Software and Affected Versions: One Identity Password Manager version 5.9.7.1 Description: An unauthenticated attacker with physical access to a workstation may upgrade privileges to SYSTEM through an unspecified method. This issue is related to execution with unnecessary...