365 matches found
MySQL 3.23.x4.0.x - COM_CHANGE_USER Password Length Account
MySQL 3.23.x4.0.x - COMCHANGEUSER Password Length Account / source: https://www.securityfocus.com/bid/6373/info A flaw in the password authentication mechanism for MySQL may make it possible for an authenticated database user to compromise the accounts of other database users. The flaw lies in th...
MySQL 3.23.x4.0.x - COM_CHANGE_USER Password Memory Corruption
MySQL 3.23.x4.0.x - COMCHANGEUSER Password Memory Corruption source: https://www.securityfocus.com/bid/6375/info MySQL is prone to a memory corruption vulnerability in the COMCHANGEUSER command. Due to a lack of sufficient bounds checking for client responses to password authentication challenges...
MySQL 3.23.x/4.0.x - COM_CHANGE_USER Password Memory Corruption
source: https://www.securityfocus.com/bid/6375/info MySQL is prone to a memory corruption vulnerability in the COMCHANGEUSER command. Due to a lack of sufficient bounds checking for client responses to password authentication challenges, it may be possible to corrupt sensitive regions of memory. ...
Novell Netware RCONAG6 fails to validate user password when "Secure IP" is used to establish connection
Overview Novell Netware RCONAG6 allows users to gain access to the server without a password. Description Novell Netware RCONAG6 allows users to remotely administer a Novell host. A vulnerability in RCONAG6 makes it possible for a remote user to connect to the server without supplying a password...
DEBIAN-CVE-2002-0765
sshd in OpenSSH 3.2.2, when using YP with netgroups and under certain conditions, may allow users to successfully authenticate and log in with another user's password...
CVE-2001-0553
SSH Secure Shell 3.0.0 on Unix systems does not properly perform password authentication to the sshd2 daemon, which allows local users to gain access to accounts with short password fields, such as locked accounts that use "NP" in the password field...
CVE-2001-0553
CVE-2001-0553 affects SSH Secure Shell 3.0.0 on Unix systems using password authentication with the sshd2 daemon. The vulnerability occurs when accounts have two or fewer characters in their encrypted password field (e.g., passwords like NP/!!). sshd2 can incorrectly derive the salt and validate ...
SSH 3 AllowedAuthentications Remote Bypass
The remote host is running a version of SSH that is older than 3.1.2 and newer or equal to 3.0.0. There is a vulnerability in this release that may, under some circumstances, allow users to authenticate using a password whereas it is not explicitly listed as a valid authentication mechanism. An...
SSHD allows users to override "AllowedAuthentications" configuration thereby permitting users to provide any type of authentication
Overview A remotely exploitable authentication vulnerability exists in the SSH Communications Security SSH Secure Shell server, and possibly other SSH servers. Description SSH is a program used to provide secure communications between hosts. Versions 3.0.0 - 3.1.1 of SSH Secure Shell for Servers...
Проблемы с Secure Password Authentication в Outlook Express (weak encryption)
Авторизацию в Outlook Expres можно использовать для доступа к корпоративным ресурсам...
Outlook Express and SPA (Secure Password Authentication)
Topic: Outlook Express and SPA Secure Password Authentication Author: 3APA3A Affected Software: Internet Explorer 5.5, 6.0 Vendor: Microsoft Status: Informational 1. Background: Outlook Express doesn't support CRAM-MD5 or APOP and there is only one way to authenticate user on POP3/IMAP/SMTP serve...
Insecure Password Authentication in Yahoo! Messenger
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ++++++++++++++GOBBLES+SECURITY+RESEARCH+TEAM+INCORPORATED+++++++++++++++++ ALERT! ALERT! YAHOO MESSENGER REPLAY ATTACK! ALERT! ALERT! ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ "Overt...
Outlook Express and SPA (Secure Password Authentication)
Topic: Outlook Express and SPA Secure Password Authentication Author: 3APA3A [email protected] Affected Software: Internet Explorer 5.5, 6.0 Vendor: Microsoft Status: Informational 1. Background: Outlook Express doesn't support CRAM-MD5 or APOP and there is only one way to authenticate user...
CVE-2001-0553
SSH Secure Shell 3.0.0 on Unix systems does not properly perform password authentication to the sshd2 daemon, which allows local users to gain access to accounts with short password fields, such as locked accounts that use "NP" in the password field...
URGENT SECURITY ADVISORY FOR SSH SECURE SHELL 3.0.0
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Dear Secure Shell Community, A potential remote root exploit has been discovered in SSH Secure Shell 3.0.0, for Unix only, concerning accounts with password fields consisting of two or fewer characters. Unauthorized users could potentially log in to...
CVE-2001-1475
SSH before 2.0, when using RC4 and password authentication, allows remote attackers to replay messages until a new server key VK is generated...
SSH connections using RC4 and password authentication can be replayed
Overview This vulnerability may allow an attacker to replay a captured SSH1 session. Description Preconditions: Client requests RC4 and the server grants request Client uses password authentication When an SSH1 session using the RC4 cipher is established, the client and server agree upon a sessio...
CVE-2000-0688
CVE-2000-0688 concerns Subscribe Me LITE. The vulnerability is that it does not properly authenticate password-change attempts, allowing a remote attacker to gain privileges for the Account Manager by directly invoking subscribe.pl with the setpwd parameter. The available connected documents conf...
CVE-2000-0148
MySQL 3.22 allows remote attackers to bypass password authentication and access a database via a short check string...
CVE-2000-0148
CVE-2000-0148 : MySQL 3.22 allows remote attackers to bypass password authentication and read a database by exploiting a short check string. The vulnerability is triggered remotely over the network with low attack complexity and results in partial confidentiality and integrity impact (and partial...