Minio MinIO 安全漏洞

Minio MinIO is an open source object storage server from MinIO USA. The product supports building infrastructure for machine learning, analytics, and application data workloads.MinIO has a security vulnerability that stems from the fact that MinIO is a native application for Kubernetes cloud...

CVE-2021-41268: Remember me cookie persistance after password changes

More info at https://symfony.com/cve-2021-41268...

CVE-2021-41268: Remember me cookie persistance after password changes

More info at https://symfony.com/cve-2021-41268...

CVE-2021-20120

The administration web interface for the Arris Surfboard SB8200 lacks any protections against cross-site request forgery attacks. This means that an attacker could make configuration changes such as changing the administrative password without the consent of the user...

AUVESY Versiondog 权限许可和访问控制问题漏洞

AUVESY Versiondog is an automated production data and change management software solution from the German company AUVESY. AUVESY Versiondog is vulnerable to permission and access control issues, which could be exploited by an attacker to change user passwords or delete databases...

PT-2021-5050 · Cisco · Cisco Business 220 Series Smart Switches

Name of the Vulnerable Software and Affected Versions: Cisco Business 220 Series Smart Switches affected versions not specified Description: The issue is related to multiple vulnerabilities in the firmware of Cisco Business 220 Series Smart Switches. These vulnerabilities could allow an attacker...

Design/Logic Flaw

A vulnerability has been identified in Industrial Edge Management All versions V1.3. An unauthenticated attacker could change the the password of any user in the system under certain circumstances. With this an attacker could impersonate any valid user on an affected system...

CVE-2020-25754

An issue was discovered on Enphase Envoy R3.x and D4.x devices. There is a custom PAM module for user authentication that circumvents traditional user authentication. This module uses a password derived from the MD5 hash of the username and serial number. The serial number can be retrieved by an...

CVE-2021-32612

The VeryFitPro com.veryfit2hr.second application 3.2.8 for Android does all communication with the backend API over cleartext HTTP. This includes logins, registrations, and password change requests. This allows information theft and account takeover via network sniffing...

CVE-2021-32612

The VeryFitPro com.veryfit2hr.second application 3.2.8 for Android does all communication with the backend API over cleartext HTTP. This includes logins, registrations, and password change requests. This allows information theft and account takeover via network sniffing...

Authentication Bypass Vulnerability in CENTUM VP DCS System

The CENTUM VP DCS system is a Shun Control configuration application. An authentication bypass vulnerability exists in the CENTUM VP DCS system. An attacker can exploit the vulnerability to cause password disclosure or arbitrary password changes...

Schneider Electric 授权问题漏洞

Schneider Electric has a security vulnerability that originates from a Weak Password Recovery Mechanism for Forgotten Password vulnerability in Modicon Managed Switch MCSESM and MCSESP V8.21 and earlier. The vulnerability stems from a Weak Password Recovery Mechanism for Forgotten Password...

A Simple 1-Click Compromised Password Reset Feature Coming to Chrome Browser

Google on Tuesday announced a new feature to its password manager that could be used to change a stolen password automatically with a single tap. Automated password changes build on the tool's ability to check the safety of saved passwords. Thus when Chrome finds a password that may have been...

Is it still a good idea to require users to change their passwords?

For as long as corporate IT has been in existence, users have been required to change their passwords periodically. In fact, the need for scheduled password changes may be one of the most long-standing of all IT best practices. Recently, however, things have started to change. Microsoft has...

CVE-2021-31152

Multilaser Router AC1200 V02.03.01.45pt contains a cross-site request forgery CSRF vulnerability. An attacker can enable remote access, change passwords, and perform other actions through misconfigured requests, entries, and headers...

CVE-2021-31152

Multilaser Router AC1200 V02.03.01.45pt contains a cross-site request forgery CSRF vulnerability. An attacker can enable remote access, change passwords, and perform other actions through misconfigured requests, entries, and headers...

PT-2021-19192 · Multilaser · Multilaser Router Ac1200

Name of the Vulnerable Software and Affected Versions: Multilaser Router AC1200 version V02.03.01.45 pt Description: The issue concerns a cross-site request forgery CSRF vulnerability, which allows an attacker to perform unauthorized actions. These actions include enabling remote access, changing...

How to Audit Password Changes in Active Directory

Today's admins certainly have plenty on their plates, and boosting ecosystem security remains a top priority. On-premises, and especially remote, accounts are gateways for accessing critical information. Password management makes this possible. After all, authentication should ensure that a user ...

CVE-2021-21495

MK-AUTH through 19.01 K4.9 allows CSRF for password changes via the central/executarcentral.php?acao=altsenhaprinc URI...

Cross site request forgery (csrf)

MK-AUTH through 19.01 K4.9 allows CSRF for password changes via the central/executarcentral.php?acao=altsenhaprinc URI...