Lucene search
K

365 matches found

exploitpack
exploitpack
added 2002/12/16 12:0 a.m.15 views

MySQL 3.23.x4.0.x - COM_CHANGE_USER Password Length Account

MySQL 3.23.x4.0.x - COMCHANGEUSER Password Length Account / source: https://www.securityfocus.com/bid/6373/info A flaw in the password authentication mechanism for MySQL may make it possible for an authenticated database user to compromise the accounts of other database users. The flaw lies in th...

0.2AI score
Exploits0
exploitpack
exploitpack
added 2002/12/12 12:0 a.m.9 views

MySQL 3.23.x4.0.x - COM_CHANGE_USER Password Memory Corruption

MySQL 3.23.x4.0.x - COMCHANGEUSER Password Memory Corruption source: https://www.securityfocus.com/bid/6375/info MySQL is prone to a memory corruption vulnerability in the COMCHANGEUSER command. Due to a lack of sufficient bounds checking for client responses to password authentication challenges...

0.3AI score
Exploits0
Exploit DB
Exploit DB
added 2002/12/12 12:0 a.m.27 views

MySQL 3.23.x/4.0.x - COM_CHANGE_USER Password Memory Corruption

source: https://www.securityfocus.com/bid/6375/info MySQL is prone to a memory corruption vulnerability in the COMCHANGEUSER command. Due to a lack of sufficient bounds checking for client responses to password authentication challenges, it may be possible to corrupt sensitive regions of memory. ...

7.4AI score
Exploits0
CERT
CERT
added 2002/08/22 12:0 a.m.36 views

Novell Netware RCONAG6 fails to validate user password when "Secure IP" is used to establish connection

Overview Novell Netware RCONAG6 allows users to gain access to the server without a password. Description Novell Netware RCONAG6 allows users to remotely administer a Novell host. A vulnerability in RCONAG6 makes it possible for a remote user to connect to the server without supplying a password...

7.5CVSS6.6AI score0.03317EPSS
Exploits0References1
OSV
OSV
added 2002/08/12 4:0 a.m.3 views

DEBIAN-CVE-2002-0765

sshd in OpenSSH 3.2.2, when using YP with netgroups and under certain conditions, may allow users to successfully authenticate and log in with another user's password...

7.5CVSS9.3AI score0.01277EPSS
Exploits0References1
Cvelist
Cvelist
added 2002/06/25 4:0 a.m.26 views

CVE-2001-0553

SSH Secure Shell 3.0.0 on Unix systems does not properly perform password authentication to the sshd2 daemon, which allows local users to gain access to accounts with short password fields, such as locked accounts that use "NP" in the password field...

6.8AI score0.01335EPSS
Exploits1References7
CVE
CVE
added 2002/06/25 4:0 a.m.53 views

CVE-2001-0553

CVE-2001-0553 affects SSH Secure Shell 3.0.0 on Unix systems using password authentication with the sshd2 daemon. The vulnerability occurs when accounts have two or fewer characters in their encrypted password field (e.g., passwords like NP/!!). sshd2 can incorrectly derive the salt and validate ...

7.2CVSS6.8AI score0.01335EPSS
Exploits1References7Affected Software1
Tenable Nessus
Tenable Nessus
added 2002/05/24 12:0 a.m.29 views

SSH 3 AllowedAuthentications Remote Bypass

The remote host is running a version of SSH that is older than 3.1.2 and newer or equal to 3.0.0. There is a vulnerability in this release that may, under some circumstances, allow users to authenticate using a password whereas it is not explicitly listed as a valid authentication mechanism. An...

7.5CVSS5.5AI score0.03643EPSS
Exploits0References1
CERT
CERT
added 2002/05/21 12:0 a.m.24 views

SSHD allows users to override "AllowedAuthentications" configuration thereby permitting users to provide any type of authentication

Overview A remotely exploitable authentication vulnerability exists in the SSH Communications Security SSH Secure Shell server, and possibly other SSH servers. Description SSH is a program used to provide secure communications between hosts. Versions 3.0.0 - 3.1.1 of SSH Secure Shell for Servers...

7.4AI score
Exploits0References3
securityvulns
securityvulns
added 2001/11/23 12:0 a.m.43 views

Проблемы с Secure Password Authentication в Outlook Express (weak encryption)

Авторизацию в Outlook Expres можно использовать для доступа к корпоративным ресурсам...

1.2AI score
Exploits0Affected Software1
security_vulns
security_vulns
added 2001/11/22 12:0 a.m.27 views

Outlook Express and SPA (Secure Password Authentication)

Topic: Outlook Express and SPA Secure Password Authentication Author: 3APA3A Affected Software: Internet Explorer 5.5, 6.0 Vendor: Microsoft Status: Informational 1. Background: Outlook Express doesn't support CRAM-MD5 or APOP and there is only one way to authenticate user on POP3/IMAP/SMTP serve...

7.4AI score
Exploits0
securityvulns
securityvulns
added 2001/11/22 12:0 a.m.48 views

Insecure Password Authentication in Yahoo! Messenger

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ++++++++++++++GOBBLES+SECURITY+RESEARCH+TEAM+INCORPORATED+++++++++++++++++ ALERT! ALERT! YAHOO MESSENGER REPLAY ATTACK! ALERT! ALERT! ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ "Overt...

7.5AI score
Exploits0
securityvulns
securityvulns
added 2001/10/20 12:0 a.m.121 views

Outlook Express and SPA (Secure Password Authentication)

Topic: Outlook Express and SPA Secure Password Authentication Author: 3APA3A [email protected] Affected Software: Internet Explorer 5.5, 6.0 Vendor: Microsoft Status: Informational 1. Background: Outlook Express doesn't support CRAM-MD5 or APOP and there is only one way to authenticate user...

7.3AI score
Exploits0
NVD
NVD
added 2001/08/14 4:0 a.m.31 views

CVE-2001-0553

SSH Secure Shell 3.0.0 on Unix systems does not properly perform password authentication to the sshd2 daemon, which allows local users to gain access to accounts with short password fields, such as locked accounts that use "NP" in the password field...

7.2CVSS6.8AI score0.01335EPSS
Exploits1References7
securityvulns
securityvulns
added 2001/07/21 12:0 a.m.48 views

URGENT SECURITY ADVISORY FOR SSH SECURE SHELL 3.0.0

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Dear Secure Shell Community, A potential remote root exploit has been discovered in SSH Secure Shell 3.0.0, for Unix only, concerning accounts with password fields consisting of two or fewer characters. Unauthorized users could potentially log in to...

7.3AI score
Exploits0
NVD
NVD
added 2001/01/18 5:0 a.m.17 views

CVE-2001-1475

SSH before 2.0, when using RC4 and password authentication, allows remote attackers to replay messages until a new server key VK is generated...

7.5CVSS6.9AI score0.01538EPSS
Exploits0References2
CERT
CERT
added 2000/10/05 12:0 a.m.18 views

SSH connections using RC4 and password authentication can be replayed

Overview This vulnerability may allow an attacker to replay a captured SSH1 session. Description Preconditions: Client requests RC4 and the server grants request Client uses password authentication When an SSH1 session using the RC4 cipher is established, the client and server agree upon a sessio...

7.1AI score
Exploits0References1
CVE
CVE
added 2000/09/21 4:0 a.m.47 views

CVE-2000-0688

CVE-2000-0688 concerns Subscribe Me LITE. The vulnerability is that it does not properly authenticate password-change attempts, allowing a remote attacker to gain privileges for the Account Manager by directly invoking subscribe.pl with the setpwd parameter. The available connected documents conf...

7.5CVSS7.3AI score0.0781EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2000/03/22 5:0 a.m.25 views

CVE-2000-0148

MySQL 3.22 allows remote attackers to bypass password authentication and access a database via a short check string...

7AI score0.04735EPSS
Exploits0References2
CVE
CVE
added 2000/03/22 5:0 a.m.77 views

CVE-2000-0148

CVE-2000-0148 : MySQL 3.22 allows remote attackers to bypass password authentication and read a database by exploiting a short check string. The vulnerability is triggered remotely over the network with low attack complexity and results in partial confidentiality and integrity impact (and partial...

7.5CVSS7.1AI score0.04735EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder