46 matches found
CVE-2023-3243
UNSUPPORTED WHEN ASSIGNED An attacker can capture an authenticating hash and utilize it to create new sessions. The hash is also a poorly salted MD5 hash, which could result in a successful brute force password attack. Impacted product is BCM-WEB version 3.3.X. Recommended fix: Upgrade to a...
CVE-2023-33921
A vulnerability has been identified in CP-8031 MASTER MODULE All versions CPCI85 V05, CP-8050 MASTER MODULE All versions CPCI85 V05. The affected devices contain an exposed UART console login interface. An attacker with direct physical access could try to bruteforce or crack the root password to...
No password brute-force protection on login page
Description The login page doesn't have any protection against a brute-force password attack, which allows an attacker to try every possible combination without any restriction. Proof of Concept 1. 1 - Send a login request of the target user POST /api/auth/token HTTP/1.1 Host: localhost:9091...
CVE-2021-39899
CVE-2021-39899 affects GitLab CE/EE (all versions). An attacker with physical access to a user’s machine can brute-force the user’s password via the change password function. There is a rate limit, but the attack may succeed by stealing the session_id from the compromised account and distributing...
showdoc 安全特征问题漏洞
showdoc is an open source tool ideal for IT teams to share documents online. showdoc in the security features problematic vulnerability , the vulnerability stems from the lack of a limit on the number of client logins and thus vulnerable to password weak pseudo-random number generator PRNG attack...
showdoc 数据伪造问题漏洞
showdoc is open source a great tool for IT teams to share documents online. A data forgery issue vulnerability exists in showdoc, which stems from the vulnerability of showdoc to a lost password step attack...
CVE-2021-32753
EdgeX Foundry is an open source project for building a common open framework for internet-of-things edge computing. A vulnerability exists in the Edinburgh, Fuji, Geneva, and Hanoi versions of the software. When the EdgeX API gateway is configured for OAuth2 authentication and a proxy user is...
CVE-2019-18235
Affected: Advantech Spectre RT ERT351 firmware versions 5.1.3 and prior. Issue: CVE-2019-18235 is caused by insufficient login authentication parameters in the web application, potentially allowing a brute-force password attack to gain full access. Impact: high risk with CVSS v3.1 base score 9.8 ...
CVE-2019-18235
Advantech Spectre RT ERT351 Versions 5.1.3 and prior has insufficient login authentication parameters required for the web application may allow an attacker to gain full access using a brute-force password attack...
CVE-2020-28873
Fluxbb 1.5.11 is affected by a denial of service DoS vulnerability by sending an extremely long password via the user login form. When a long password is sent, the password hashing process will result in CPU and memory exhaustion on the server...
CVE-2020-28873
Fluxbb 1.5.11 is affected by a denial of service DoS vulnerability by sending an extremely long password via the user login form. When a long password is sent, the password hashing process will result in CPU and memory exhaustion on the server...
Unspecified Vulnerability in SAP NetWeaver Master Data Management
SAP NetWeaver Master Data Management SAP MDM is a software from SAP Germany for managing inter-enterprise collaboration. A security vulnerability exists in SAP Software Provisioning Manager that stems from the failure to set a password option during installation, which can be exploited by an...
HackingTool - ALL IN ONE Hacking Tool For Hackers
This project still in BETA so you may face problems, Please open an issue so i'll fix them..!! Hackingtool Menu AnonSurf Information Gathering Password Attack Wireless Attack SQL Injection Tools Phishing Attack Web Attack Tool Post exploitation Forensic Tools Payload Creator Router Exploit Wifi...
ALPINE-CVE-2019-9495
The implementations of EAP-PWD in hostapd and wpasupplicant are vulnerable to side-channel attacks as a result of cache access patterns. All versions of hostapd and wpasupplicant with EAP-PWD support are vulnerable. The ability to install and execute applications is necessary for a successful...
BSA-2019-777
Security Advisory ID : BSA-2019-777 Component : WPA3 Revision : 1.0: Final Multiple vulnerabilities have been identified in WPA3 protocol design and implementations ofhostapdandwpasupplicant, which can allow a remote attacker to acquire a weak password, conduct a denial of service, or gain comple...
krb5: issues in OTP and PKINIT kdcpreauth modules leading to requires_preauth bypass
A flaw was found in the OTP kdcpreauth module of MIT Kerberos. A remote attacker could use this flaw to bypass the requirespreauth flag on a client principal and obtain a ciphertext encrypted in the principal's long-term key. This ciphertext could be used to conduct an off-line dictionary attack...
crypt(): DES encrypted password weakness
The cryptdes aka DES-based crypt function in FreeBSD before 9.0-RELEASE-p2, as used in PHP, PostgreSQL, and other products, does not process the complete cleartext password if this password contains a 0x80 character, which makes it easier for context-dependent attackers to obtain access via an...
brute force password attack protection by default
We have added an upgrade task to set jira.maximum.authentication.attempts.allowed=5 on all instances even if they previous had set it to something else. This is to ensure that systems are more safe by default...
brute force password attack protection by default
We have added an upgrade task to set jira.maximum.authentication.attempts.allowed=5 on all instances even if they previous had set it to something else. This is to ensure that systems are more safe by default...
PT-2008-5562 · Microsoft · Internet Information Services
Name of the Vulnerable Software and Affected Versions: Microsoft Internet Information Services IIS affected versions not specified Description: A certain ActiveX control in iisext.dll allows remote attackers to set a password via a string argument to the SetPassword method. However, this issue...