Lucene search
+L

130 matches found

Positive Technologies
Positive Technologies
added 2022/08/22 12:0 a.m.7 views

PT-2022-21204 · Wwbn · Avideo

Name of the Vulnerable Software and Affected Versions: WWBN AVideo versions 11.6 WWBN AVideo dev master commit 3f7c0364 Description: An issue exists in the login functionality due to an improper password check. This allows an attacker with a user's password hash to directly log into the account,...

8.8CVSS7AI score0.01587EPSS
Exploits1References5
CNNVD
CNNVD
added 2022/08/16 12:0 a.m.5 views

WWBN AVideo 授权问题漏洞

WWBN AVideo is a video platform builder written in PHP by the WWBN team. A security vulnerability exists in WWBN AVideo version 11.6, which stems from an incorrect password check in the login function...

8.8CVSS7.3AI score0.01587EPSS
Exploits1References4
Prion
Prion
added 2022/08/03 2:15 p.m.20 views

Design/Logic Flaw

A unverified password change in Fortinet FortiADC version 6.2.0 through 6.2.3, 6.1.x, 6.0.x, 5.x.x allows an authenticated attacker to bypass the Old Password check in the password change form via a crafted HTTP request...

4CVSS4.6AI score0.00422EPSS
Exploits0References1Affected Software1
RedHat Linux
RedHat Linux
added 2022/07/07 2:19 p.m.4 views

Kafka: Timing Attack Vulnerability for Apache Kafka Connect and Clients

Some components in Apache Kafka use Arrays.equals to validate a password or key, which is vulnerable to timing attacks that make brute force attacks for such credentials more likely to be successful. Users should upgrade to 2.8.1 or higher, or 3.0.0 or higher where this vulnerability has been...

5.9CVSS7AI score0.06252EPSS
Exploits0References4
OSV
OSV
added 2022/06/24 8:15 a.m.4 views

CVE-2022-31802

In CODESYS Gateway Server V2 for versions prior to V2.3.9.38 only a part of the the specified password is been compared to the real CODESYS Gateway password. An attacker may perform authentication by specifying a small password that matches the corresponding part of the longer real CODESYS Gatewa...

9.8CVSS7.5AI score0.01184EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2022/05/12 11:58 a.m.5 views

Kafka: Timing Attack Vulnerability for Apache Kafka Connect and Clients

Some components in Apache Kafka use Arrays.equals to validate a password or key, which is vulnerable to timing attacks that make brute force attacks for such credentials more likely to be successful. Users should upgrade to 2.8.1 or higher, or 3.0.0 or higher where this vulnerability has been...

5.9CVSS7AI score0.06252EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2022/03/31 11:14 a.m.8 views

Kafka: Timing Attack Vulnerability for Apache Kafka Connect and Clients

Some components in Apache Kafka use Arrays.equals to validate a password or key, which is vulnerable to timing attacks that make brute force attacks for such credentials more likely to be successful. Users should upgrade to 2.8.1 or higher, or 3.0.0 or higher where this vulnerability has been...

5.9CVSS7AI score0.06252EPSS
Exploits0References4
OSV
OSV
added 2022/01/25 8:15 p.m.5 views

CVE-2021-43298

The code that performs password matching when using 'Basic' HTTP authentication does not use a constant-time memcmp and has no rate-limiting. This means that an unauthenticated network attacker can brute-force the HTTP basic password, byte-by-byte, by recording the webserver's response time until...

9.8CVSS7.2AI score0.02256EPSS
Exploits0References1
CNNVD
CNNVD
added 2021/10/11 12:0 a.m.3 views

Open Solutions For Education OpenSis-Classic SQL注入漏洞

openSIS is a free, open source student information system/school management software. A SQL injection vulnerability exists in openSIS version 8.0. The vulnerability stems from a lack of validation of input data for the $GET'usrid' and $GET'profid' parameters in PasswordCheck.php. An attacker can...

9.8CVSS8.7AI score0.0108EPSS
Exploits1References2
Citrix
Citrix
added 2021/07/29 12:0 a.m.16 views

Citrix ADC - Error: "Invalid private key, or PEM pass phrase required for this private key" on FIPS device

When trying to export a PFX file from a certificate that has already been uploaded to the ADC, we get the error "Invalid private key, or PEM pass phrase required for this private key" , even after making sure the correct certificate and private key is selected, as well as entering the correct...

7.1AI score
Exploits0
Positive Technologies
Positive Technologies
added 2021/06/25 12:0 a.m.6 views

PT-2021-20357 · Etinet · Etinet Backbox E4.09

Name of the Vulnerable Software and Affected Versions: ETINET BACKBOX E4.09 version 22SEP2020 ETINET BACKBOX H4.09 version T0954V04^AAO Description: The issue arises from the mismanagement of password access control in ETINET BACKBOX. When a user logs in to the Backbox UI application using the Us...

8.1CVSS8AI score0.00905EPSS
Exploits0References3
OSV
OSV
added 2021/04/30 4:14 p.m.11 views

GHSA-73XV-W5GP-FRXH Logic error in Legion of the Bouncy Castle BC Java

An issue was discovered in Legion of the Bouncy Castle BC Java 1.65 and 1.66. The OpenBSDBCrypt.checkPassword utility method compared incorrect data when checking the password, allowing incorrect passwords to indicate they were matching with previously hashed ones that were different...

8.1CVSS6.9AI score0.0714EPSS
Exploits1References29
NVD
NVD
added 2021/01/27 7:15 p.m.27 views

CVE-2021-26117

The optional ActiveMQ LDAP login module can be configured to use anonymous access to the LDAP server. In this case, for Apache ActiveMQ Artemis prior to version 2.16.0 and Apache ActiveMQ prior to versions 5.16.1 and 5.15.14, the anonymous context is used to verify a valid users password in error...

7.5CVSS7.6AI score0.11239EPSS
Exploits0References21
Debian CVE
Debian CVE
added 2021/01/27 12:0 a.m.31 views

CVE-2021-26117

The optional ActiveMQ LDAP login module can be configured to use anonymous access to the LDAP server. In this case, for Apache ActiveMQ Artemis prior to version 2.16.0 and Apache ActiveMQ prior to versions 5.16.1 and 5.15.14, the anonymous context is used to verify a valid users password in error...

7.5CVSS7.6AI score0.11239EPSS
Exploits0
OSV
OSV
added 2020/12/18 1:15 a.m.1 views

DEBIAN-CVE-2020-28052

An issue was discovered in Legion of the Bouncy Castle BC Java 1.65 and 1.66. The OpenBSDBCrypt.checkPassword utility method compared incorrect data when checking the password, allowing incorrect passwords to indicate they were matching with previously hashed ones that were different...

8.1CVSS6.8AI score0.0714EPSS
Exploits1References1
Prion
Prion
added 2020/12/18 1:15 a.m.34 views

Design/Logic Flaw

An issue was discovered in Legion of the Bouncy Castle BC Java 1.65 and 1.66. The OpenBSDBCrypt.checkPassword utility method compared incorrect data when checking the password, allowing incorrect passwords to indicate they were matching with previously hashed ones that were different...

6.8CVSS8.1AI score0.0714EPSS
Exploits1References26Affected Software20
OSV
OSV
added 2020/12/18 1:15 a.m.6 views

UBUNTU-CVE-2020-28052

An issue was discovered in Legion of the Bouncy Castle BC Java 1.65 and 1.66. The OpenBSDBCrypt.checkPassword utility method compared incorrect data when checking the password, allowing incorrect passwords to indicate they were matching with previously hashed ones that were different...

8.1CVSS6.9AI score0.0714EPSS
Exploits1References4
CNNVD
CNNVD
added 2020/12/18 12:0 a.m.9 views

Bouncy Castle BC Security Breach

Bouncy Castle BC is a cryptographic library for C and Java applications from the Bouncy Castle organization. A security vulnerability exists in Bouncy Castle BC. The vulnerability stems from comparing incorrect data when checking passwords...

8.1CVSS6.9AI score0.0714EPSS
Exploits1References55
OSV
OSV
added 2020/11/29 1:15 a.m.7 views

CVE-2020-29377

An issue was discovered on V-SOL V1600D V2.03.69 OLT devices. The string K0LTdi@gnos312$ is compared to the password provided by the the remote attacker. If it matches, access is provided...

9.8CVSS7.3AI score0.01302EPSS
Exploits1References1
OSV
OSV
added 2020/05/07 6:4 p.m.13 views

GHSA-JJJR-3JCW-F8V6 Potential Observable Timing Discrepancy in Wagtail

Impact A potential timing attack exists on pages or documents that have been protected with a shared password through Wagtail's "Privacy" controls. This password check is performed through a character-by-character string comparison, and so an attacker who is able to measure the time taken by this...

6.1CVSS6AI score0.0025EPSS
Exploits0References8
Rows per page
Query Builder