Lucene search
K

144 matches found

Samba
Samba
added 2019/10/29 12:0 a.m.46 views

Samba AD DC check password script does not receive

Description Since Samba Version 4.5.0 a Samba AD DC can use a custom command to verify the password complexity. The command can be specified with the "check password script" smb.conf parameter. This command is called when Samba handles a user password change or a new user password is set. The...

5.4CVSS5.8AI score0.02084EPSS
Exploits0
ThreatPost
ThreatPost
added 2019/08/15 8:54 p.m.97 views

How to Guide Users to Better Passwords by Learning from Attackers

If you’re human, you’ve probably re-used a password or two. In fact, the majority of internet users between the ages of 18-65 have done so, and the younger you are, the more likely it is that you use just one password for all of your accounts. Article written by: Chris LaConte, Chief Strategy...

7.4AI score
Exploits0References11
CERT
CERT
added 2018/04/10 12:0 a.m.520 views

Microsoft Outlook retrieves remote OLE content without prompting

Overview When a Rich Text RTF email is previewed in Microsoft Outlook, remotely-hosted OLE content is retrieved without requiring any additional user interaction. This can leak private information including the user's password hash, which may be cracked by an attacker. Description Microsoft Outlo...

6.5CVSS6.7AI score0.09024EPSS
Exploits0References2
Kitploit
Kitploit
added 2018/03/16 8:40 p.m.17 views

DefenseMatrix - Full security solution for Linux Servers

Full security solution for Linux Servers. SCUTUM is to be added into DefenseMatrix Project After consideration, SCUTUM, as a nice firewall controller, is to be added into DefenseMatrix. It will soon replace the iptables controller and arptables controller in DefenseMatrix. Expect lots of...

7.2AI score
Exploits0References1
Hacker One
Hacker One
added 2017/10/19 6:15 a.m.30 views

Tor: Enforce minimum master password complexity

Hi Team, Actual results: There is no password complexity set for Master password in about:preferencessecurity , Because I was able to set my password like 123,123456,www, admin etc which is really common, apart from that we can use spaces as well in master password i was able to set space as my...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/10/10 11:19 a.m.53 views

Changes in Password Best Practices

NIST recently published its four-volume SP800-63b Digital Identity Guidelines. Among other things, it makes three important suggestions when it comes to passwords: 1. Stop it with the annoying password complexity rules. They make passwords harder to remember. They increase errors because...

7.2AI score
Exploits0
Hacker One
Hacker One
added 2017/09/11 4:6 p.m.25 views

Radancy: Weak password

It takes ash123456789123456789 as a password,which is not secure.It can be cracked using Dictionary,brute force etc attacks. Impact: If password complexity is not enforced people may tend to put easily guessable password which may be exploitable for a malicious user. Solution-To make it more...

7AI score
Exploits0
Hacker One
Hacker One
added 2016/05/26 2:34 a.m.17 views

drchrono: Bypass password complexity requirements on passsword reset page

Hi, the 'password reset' feature doesn't implement the password complexity requirements the site enforces when first signing up. Because of this issue, I was able to set my password to '1', bypassing the 8 character rule, and the rule which requires me to add a number and a special character to m...

6.8AI score
Exploits0
Hacker One
Hacker One
added 2016/04/07 6:41 a.m.48 views

Uber: User credentials are not strong on vault.uber.com

I was just trying to login vault.uber.com I entered email xx and password xx, I got loggedin to someones account. I entered email zz and password zz, I got loggedin to someones account. It means passowrd complexity and length of username/email is not enforced. This allowed my to access the someon...

2.7AI score
Exploits0
securityvulns
securityvulns
added 2015/07/05 12:0 a.m.133 views

CollabNet Subversion Edge weak password policy

Vuln Title: The CollabNet Subversion Edge Management Frontend does not implement a strong password policy Date: 28.06.2015 Author: otr Software Link: https://www.open.collab.net/downloads/svnedge Vendor: CollabNet Version: 4.0.11 Tested on: Fedora Linux Type: Lack of defensive measures Risk: Medi...

0.3AI score
Exploits0
Metasploit
Metasploit
added 2015/02/11 6:38 p.m.35 views

PXE Boot Exploit Server

This module provides a PXE server, running a DHCP and TFTP server. The default configuration loads a linux kernel and initrd into memory that reads the hard drive; placing a payload to install metsvc, disable the firewall, and add a new user metasploit on any Windows partition seen, and add a uid...

7AI score
Exploits0
exploitpack
exploitpack
added 2015/01/22 12:0 a.m.29 views

Cisco Ironport Appliances - Privilege Escalation

Cisco Ironport Appliances - Privilege Escalation / Cisco Ironport Appliances Privilege Escalation Vulnerability Vendor: Cisco Product webpage: http://www.cisco.com Affected versions: Cisco Ironport ESA - AsyncOS 8.5.5-280 Cisco Ironport WSA - AsyncOS 8.0.5-075 Cisco Ironport SMA - AsyncOS 8.3.6-0...

0.9AI score
Exploits0
Prion
Prion
added 2014/12/15 6:59 p.m.14 views

Cross site scripting

Zenoss Core through 5 Beta 3 does not require complex passwords, which makes it easier for remote attackers to obtain access via a brute-force attack, aka ZEN-15406...

5CVSS7AI score0.0124EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2014/12/15 5:27 p.m.27 views

CVE-2014-9248

Zenoss Core through 5 Beta 3 does not require complex passwords, which makes it easier for remote attackers to obtain access via a brute-force attack, aka ZEN-15406...

7.4AI score0.0124EPSS
Exploits0References2
Kitploit
Kitploit
added 2014/09/04 5:16 a.m.95 views

zAnti - Android Penetration Testing Toolkit (Free!)

zANTI is a comprehensive network diagnostics toolkit that enables complex audits and penetration tests at the push of a button. It provides cloud-based reporting that walks you through simple guidelines to ensure network safety. zANTI offers a comprehensive range of fully customizable scans to...

7.6AI score
Exploits0
myhack58
myhack58
added 2014/09/01 12:0 a.m.26 views

Vulnerability science: you of weak passwords seriously?-vulnerability warning-the black bar safety net

In today's many places in the user name and password as the authentication of the world, the password of importance you can think and Cicada for. The password is equivalent to entering the house of keys, when the others have one can enter your house keys, think about your safety, your belongings,...

0.2AI score
Exploits0
Hacker One
Hacker One
added 2014/05/27 8:43 a.m.20 views

Factlink: Password Complexity very low.

There is only one rule which you have set that minimum characters should be 6. But you need to set robust rule for password quality. Because I was able to set my password 123456 which is really common and anyone can hack it. Recommendation - Provide robust rules including upper lower letters,...

2.8AI score
Exploits0
Drupal
Drupal
added 2013/08/14 12:0 a.m.19 views

SA-CONTRIB-2013-069 - Password Policy - XSS

This module enables you to specify a certain level of password complexity aka. "password hardening" for user passwords in Drupal by defining a password policy. When viewing and editing a password policy, the module doesn't sufficiently filter the form text field input and display for the "Passwor...

2.1CVSS6.5AI score0.00973EPSS
Exploits1References9
ThreatPost
ThreatPost
added 2013/03/18 6:35 p.m.9 views

GAO: Flaws in IRS Network Could Put Taxpayer Information in Jeopardy

The United States Government Accountability Office GAO believes that “serious weaknesses remain” in the ways that the Internal Revenue Service handles its internal network, problems that could directly implicate taxpayer data according to a report the regulatory group released on Friday. The...

7.1AI score
Exploits0References6
myhack58
myhack58
added 2009/06/15 12:0 a.m.17 views

Hacker attack techniques of brute force method-vulnerability warning-the black bar safety net

Principle:now the lottery is very hot, a person spend two dollars to buy a lottery ticket that might, 5 0 0 million, but this probability is very low;you landed a system, The system ask you a password, you just wrote one, actually Simon's right, this probability and buy the 2 bucks, 5 0 0 million...

7.3AI score
Exploits0
Rows per page
Query Builder