59 matches found
CVE-2023-27481 Extract password hashes through export querying in directus
Directus is a real-time API and App dashboard for managing SQL database content. In versions prior to 9.16.0 users with read access to the password field in directususers can extract the argon2 password hashes by brute forcing the export functionality combined with a startswith filter. This allow...
SUSE CVE-2013-4885
The http-domino-enum-passwords.nse script in NMap before 6.40, when domino-enum-passwords.idpath is set, allows remote servers to upload "arbitrarily named" files via a crafted FullName parameter in a response, as demonstrated using directory traversal sequences...
Grafana 信息泄露漏洞
Grafana is Grafana open source set of open source monitoring tools that provide a visual monitoring interface. The tool is mainly used to monitor and analyze Graphite, InfluxDB and Prometheus, etc. Grafana has a security vulnerability that stems from the fact that an attacker can bypass access...
Information Disclosure
org.opencrx:opencrx-core is vulnerable to information disclosure. A remote attacker is able to determine if a username, email or an ID is valid through password enumeration due to the difference in error messages received during a password reset...
GHSA-J5V3-363P-G843 OpenCRX vulnerable to password enumeration via error messages in password reset
OpenCRX before v5.2.2 was discovered to be vulnerable to password enumeration due to the difference in error messages received during a password reset which could enable an attacker to determine if a username, email or ID is valid...
OpenCRX vulnerable to password enumeration via error messages in password reset
OpenCRX before v5.2.2 was discovered to be vulnerable to password enumeration due to the difference in error messages received during a password reset which could enable an attacker to determine if a username, email or ID is valid...
CVE-2022-40084
OpenCRX before v5.2.2 was discovered to be vulnerable to password enumeration due to the difference in error messages received during a password reset which could enable an attacker to determine if a username, email or ID is valid...
Design/Logic Flaw
OpenCRX before v5.2.2 was discovered to be vulnerable to password enumeration due to the difference in error messages received during a password reset which could enable an attacker to determine if a username, email or ID is valid...
CVE-2022-40084
OpenCRX prior to v5.2.2 is vulnerable to password enumeration due to differences in error messages during password reset, enabling an attacker to determine if a username, email, or ID is valid. Affected product: OpenCRX (versions before 5.2.2). Root cause: inconsistent/verbose error responses rev...
PT-2022-25192 · Opencrx · Opencrx
Name of the Vulnerable Software and Affected Versions: OpenCRX versions prior to 5.2.2 Description: The issue allows an attacker to determine if a username, email, or ID is valid due to the difference in error messages received during a password reset. This is a result of password enumeration...
CVE-2022-40084
OpenCRX before v5.2.2 was discovered to be vulnerable to password enumeration due to the difference in error messages received during a password reset which could enable an attacker to determine if a username, email or ID is valid...
CVE-2022-40084
OpenCRX before v5.2.2 was discovered to be vulnerable to password enumeration due to the difference in error messages received during a password reset which could enable an attacker to determine if a username, email or ID is valid...
CVE-2022-40084
OpenCRX before v5.2.2 was discovered to be vulnerable to password enumeration due to the difference in error messages received during a password reset which could enable an attacker to determine if a username, email or ID is valid...
CVE-2022-34772
Tabit - password enumeration. Description: Tabit - password enumeration. The passwords for the Tabit system is a 4 digit OTP. One can resend OTP and try logging in indefinitely. Once again, this is an example of OWASP: API4 - Rate limiting...
CVE-2022-34772
Tabit - password enumeration. Description: Tabit - password enumeration. The passwords for the Tabit system is a 4 digit OTP. One can resend OTP and try logging in indefinitely. Once again, this is an example of OWASP: API4 - Rate limiting...
CVE-2022-34772
CVE-2022-34772 affects Tabit (password verification) where the 4-digit OTP login flow allows unlimited resend attempts, enabling password enumeration due to lack of effective rate limiting. Documented evidence from PT-2022-22323 notes password enumeration and API rate-limiting weakness; no patch/...
CVE-2022-34772 Tabit - password enumeration
Tabit - password enumeration. Description: Tabit - password enumeration. The passwords for the Tabit system is a 4 digit OTP. One can resend OTP and try logging in indefinitely. Once again, this is an example of OWASP: API4 - Rate limiting...
PT-2022-22323 · Tabit · Tabit
Name of the Vulnerable Software and Affected Versions: Tabit affected versions not specified Description: The issue concerns password enumeration in the Tabit system, which uses a 4-digit One-Time Password OTP. An attacker can resend the OTP and attempt to log in indefinitely, highlighting a lack...
CVE-2022-34772
Tabit - password enumeration. Description: Tabit - password enumeration. The passwords for the Tabit system is a 4 digit OTP. One can resend OTP and try logging in indefinitely. Once again, this is an example of OWASP: API4 - Rate limiting...
CVE-2021-38462
InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 does not enforce an efficient password policy. This may allow an attacker with obtained user credentials to enumerate passwords and impersonate other application users and perform operations on their behalf...