144 matches found
Samba AD DC check password script does not receive
Description Since Samba Version 4.5.0 a Samba AD DC can use a custom command to verify the password complexity. The command can be specified with the "check password script" smb.conf parameter. This command is called when Samba handles a user password change or a new user password is set. The...
How to Guide Users to Better Passwords by Learning from Attackers
If you’re human, you’ve probably re-used a password or two. In fact, the majority of internet users between the ages of 18-65 have done so, and the younger you are, the more likely it is that you use just one password for all of your accounts. Article written by: Chris LaConte, Chief Strategy...
Microsoft Outlook retrieves remote OLE content without prompting
Overview When a Rich Text RTF email is previewed in Microsoft Outlook, remotely-hosted OLE content is retrieved without requiring any additional user interaction. This can leak private information including the user's password hash, which may be cracked by an attacker. Description Microsoft Outlo...
DefenseMatrix - Full security solution for Linux Servers
Full security solution for Linux Servers. SCUTUM is to be added into DefenseMatrix Project After consideration, SCUTUM, as a nice firewall controller, is to be added into DefenseMatrix. It will soon replace the iptables controller and arptables controller in DefenseMatrix. Expect lots of...
Tor: Enforce minimum master password complexity
Hi Team, Actual results: There is no password complexity set for Master password in about:preferencessecurity , Because I was able to set my password like 123,123456,www, admin etc which is really common, apart from that we can use spaces as well in master password i was able to set space as my...
Changes in Password Best Practices
NIST recently published its four-volume SP800-63b Digital Identity Guidelines. Among other things, it makes three important suggestions when it comes to passwords: 1. Stop it with the annoying password complexity rules. They make passwords harder to remember. They increase errors because...
Radancy: Weak password
It takes ash123456789123456789 as a password,which is not secure.It can be cracked using Dictionary,brute force etc attacks. Impact: If password complexity is not enforced people may tend to put easily guessable password which may be exploitable for a malicious user. Solution-To make it more...
drchrono: Bypass password complexity requirements on passsword reset page
Hi, the 'password reset' feature doesn't implement the password complexity requirements the site enforces when first signing up. Because of this issue, I was able to set my password to '1', bypassing the 8 character rule, and the rule which requires me to add a number and a special character to m...
Uber: User credentials are not strong on vault.uber.com
I was just trying to login vault.uber.com I entered email xx and password xx, I got loggedin to someones account. I entered email zz and password zz, I got loggedin to someones account. It means passowrd complexity and length of username/email is not enforced. This allowed my to access the someon...
CollabNet Subversion Edge weak password policy
Vuln Title: The CollabNet Subversion Edge Management Frontend does not implement a strong password policy Date: 28.06.2015 Author: otr Software Link: https://www.open.collab.net/downloads/svnedge Vendor: CollabNet Version: 4.0.11 Tested on: Fedora Linux Type: Lack of defensive measures Risk: Medi...
PXE Boot Exploit Server
This module provides a PXE server, running a DHCP and TFTP server. The default configuration loads a linux kernel and initrd into memory that reads the hard drive; placing a payload to install metsvc, disable the firewall, and add a new user metasploit on any Windows partition seen, and add a uid...
Cisco Ironport Appliances - Privilege Escalation
Cisco Ironport Appliances - Privilege Escalation / Cisco Ironport Appliances Privilege Escalation Vulnerability Vendor: Cisco Product webpage: http://www.cisco.com Affected versions: Cisco Ironport ESA - AsyncOS 8.5.5-280 Cisco Ironport WSA - AsyncOS 8.0.5-075 Cisco Ironport SMA - AsyncOS 8.3.6-0...
Cross site scripting
Zenoss Core through 5 Beta 3 does not require complex passwords, which makes it easier for remote attackers to obtain access via a brute-force attack, aka ZEN-15406...
CVE-2014-9248
Zenoss Core through 5 Beta 3 does not require complex passwords, which makes it easier for remote attackers to obtain access via a brute-force attack, aka ZEN-15406...
zAnti - Android Penetration Testing Toolkit (Free!)
zANTI is a comprehensive network diagnostics toolkit that enables complex audits and penetration tests at the push of a button. It provides cloud-based reporting that walks you through simple guidelines to ensure network safety. zANTI offers a comprehensive range of fully customizable scans to...
Vulnerability science: you of weak passwords seriously?-vulnerability warning-the black bar safety net
In today's many places in the user name and password as the authentication of the world, the password of importance you can think and Cicada for. The password is equivalent to entering the house of keys, when the others have one can enter your house keys, think about your safety, your belongings,...
Factlink: Password Complexity very low.
There is only one rule which you have set that minimum characters should be 6. But you need to set robust rule for password quality. Because I was able to set my password 123456 which is really common and anyone can hack it. Recommendation - Provide robust rules including upper lower letters,...
SA-CONTRIB-2013-069 - Password Policy - XSS
This module enables you to specify a certain level of password complexity aka. "password hardening" for user passwords in Drupal by defining a password policy. When viewing and editing a password policy, the module doesn't sufficiently filter the form text field input and display for the "Passwor...
GAO: Flaws in IRS Network Could Put Taxpayer Information in Jeopardy
The United States Government Accountability Office GAO believes that “serious weaknesses remain” in the ways that the Internal Revenue Service handles its internal network, problems that could directly implicate taxpayer data according to a report the regulatory group released on Friday. The...
Hacker attack techniques of brute force method-vulnerability warning-the black bar safety net
Principle:now the lottery is very hot, a person spend two dollars to buy a lottery ticket that might, 5 0 0 million, but this probability is very low;you landed a system, The system ask you a password, you just wrote one, actually Simon's right, this probability and buy the 2 bucks, 5 0 0 million...