The Snowflake Connector for Python stores sensitive data in logs

Issue Snowflake recently learned about and remediated a set of vulnerabilities in the Snowflake Connector for Python. Under specific conditions, certain users credentials or portions of those credentials were logged locally by the Connector to the users own systems. The credentials were not logge...

Insertion of Sensitive Information into Log File

Overview snowflake-connector-python is a Snowflake Connector for Python Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File due to the logging of sensitive information when the logging level is set to DEBUG. An attacker can access sensitive data su...

CVE-2024-49750

The Snowflake Connector for Python provides an interface for developing Python applications that can connect to Snowflake and perform all standard operations. Prior to version 3.12.3, when the logging level was set by the user to DEBUG, the Connector could have logged Duo passcodes when specified...

PYSEC-2024-191

The Snowflake Connector for Python provides an interface for developing Python applications that can connect to Snowflake and perform all standard operations. Prior to version 3.12.3, when the logging level was set by the user to DEBUG, the Connector could have logged Duo passcodes when specified...

PYSEC-2024-191

The Snowflake Connector for Python provides an interface for developing Python applications that can connect to Snowflake and perform all standard operations. Prior to version 3.12.3, when the logging level was set by the user to DEBUG, the Connector could have logged Duo passcodes when specified...

PT-2024-33662 · Snowflake · Snowflake Connector For Python

Name of the Vulnerable Software and Affected Versions: Snowflake Connector for Python versions prior to 3.12.3 Description: The issue concerns the logging of sensitive information by the Snowflake Connector for Python. When the logging level is set to DEBUG, the Connector may log Duo passcodes,...

GHSA-XMMM-JW76-Q7VG Keycloaks's One Time Passcode (OTP) is valid longer than expiration timeSeverity

A vulnerability was found in Keycloak. Expired OTP codes are still usable when using FreeOTP when the OTP token period is set to 30 seconds default. Instead of expiring and deemed unusable around 30 seconds in, the tokens are valid for an additional 30 seconds totaling 1 minute. A one time passco...

Owners of 1-Time Passcode Theft Service Plead Guilty

Three men in the United Kingdom have pleaded guilty to operating otp.agency , a once popular online service that helped attackers intercept the one-time passcodes OTPs that many websites require as a second authentication factor in addition to passwords. Launched in November 2019, OTP Agency was ...

CVE-2022-36560

Seiko SkyBridge MB-A200 v01.00.04 and below was discovered to contain multiple hard-coded passcodes for root. Attackers are able to access the passcodes at /etc/srapi/config/system.conf and /usr/sbin/ssol-sshd.sh...

CVE-2022-36560

Seiko SkyBridge MB-A200 v01.00.04 and below was discovered to contain multiple hard-coded passcodes for root. Attackers are able to access the passcodes at /etc/srapi/config/system.conf and /usr/sbin/ssol-sshd.sh...

CVE-2022-36560

Seiko SkyBridge MB-A200 v01.00.04 and below was discovered to contain multiple hard-coded passcodes for root. Attackers are able to access the passcodes at /etc/srapi/config/system.conf and /usr/sbin/ssol-sshd.sh...

CVE-2022-36560

CVE-2022-36560 affects Seiko SkyBridge MB-A200 family (versions v01.00.04 and earlier) and is due to multiple hard-coded root passcodes stored in the device. Attackers can retrieve the credentials from /etc/srapi/config/system.conf and /usr/sbin/ssol-sshd.sh, enabling privileged access. Remediati...

Securing mobile devices. A timely reminder

While home working might now be the norm for some, more and more people are going back to their place of work on a more regular basis. If you’re commuting again or if you’re responsible for securing your people’s devices it’s a good idea to revisit and review your security admin for mobile device...

Secret Chat in Telegram Left Self-Destructing Media Files On Devices

Popular messaging app Telegram fixed a privacy-defeating bug in its macOS app that made it possible to access self-destructing audio and video messages long after they disappeared from secret chats. The vulnerability was discovered by security researcher Dhiraj Mishra in version 7.3 of the app, w...

Zoom Flaw Could Have Allowed Hackers To Crack Meeting Passcodes

A security issue in popular video conferencing platform Zoom was disclosed this week, which could have allowed attackers to crack private meeting passcodes and snoop in on video conferences. The problem, which has already been fixed, stems from Zoom not having any check against repeated incorrect...

FBI Taps Apple to Unlock Pensacola Shooter's iPhone

The Federal Bureau of Investigation is once again asking Apple to help unlock the iPhone of a potential terrorist. The FBI is looking to crack two iPhones that they believe were owned by Mohammed Saeed Alshamrani, the Saudi-born suspect in the shooting attack that killed three people in December ...

CVE-2019-11523

Anviz Global M3 Outdoor RFID Access Control executes any command received from any source. No authentication/encryption is done. Attackers can fully interact with the device: for example, send the "open door" command, download the users list which includes RFID codes and passcodes in cleartext, o...

A week in security (May 27 – June 2)

Last week on Malwarebytes Labs, we took readers through a deep dive—way down the rabbit hole—into the novel malware called “Hidden Bee.” We also looked at the potential impact of a government agency’s privacy framework, and delivered to readers everything they needed to know about ATM attacks and...

gitea -- TOTP passcode reuse

The Gitea project reports: TOTP passcodes can be reused...

The vulnerability of the Trustlet component of Samsung’s microsoftware and Exynos chips allows a hacker to execute arbitrary code within the Trusted Execution Environment (TEE) and gain access to protected information.

The vulnerability of the Trustlet microprogramming system in Samsung Mobile devices and Exynos chips is related to buffer overflow attacks on the stack. Exploiting this vulnerability allows a remote attacker to execute arbitrary code in the TEE Trusted Execution Environment and gain access to...