Lucene search
K

144 matches found

UbuntuCve
UbuntuCve
added 2022/08/26 4:15 p.m.28 views

CVE-2021-3563

A flaw was found in openstack-keystone. Only the first 72 characters of an application secret are verified allowing attackers bypass some password complexity which administrators may be counting on. The highest threat from this vulnerability is to data confidentiality and integrity...

7.4CVSS6.7AI score0.01319EPSS
Exploits1References2
OSV
OSV
added 2022/08/26 4:15 p.m.2 views

UBUNTU-CVE-2021-3563

A flaw was found in openstack-keystone. Only the first 72 characters of an application secret are verified allowing attackers bypass some password complexity which administrators may be counting on. The highest threat from this vulnerability is to data confidentiality and integrity...

7.4CVSS6.6AI score0.01319EPSS
Exploits1References3
Cvelist
Cvelist
added 2022/08/26 3:25 p.m.37 views

CVE-2021-3563

A flaw was found in openstack-keystone. Only the first 72 characters of an application secret are verified allowing attackers bypass some password complexity which administrators may be counting on. The highest threat from this vulnerability is to data confidentiality and integrity...

7.6AI score0.01319EPSS
Exploits1References5
CVE
CVE
added 2022/08/26 3:25 p.m.113 views

CVE-2021-3563

CVE-2021-3563 affects OpenStack Keystone. The issue stems from keystone only validating the first 72 characters of an application secret, enabling bypass of some password complexity checks and affecting confidentiality and integrity. The vulnerability is listed across multiple advisories (e.g., D...

7.4CVSS7.2AI score0.01319EPSS
Exploits1References5Affected Software1
Debian CVE
Debian CVE
added 2022/08/26 3:25 p.m.39 views

CVE-2021-3563

A flaw was found in openstack-keystone. Only the first 72 characters of an application secret are verified allowing attackers bypass some password complexity which administrators may be counting on. The highest threat from this vulnerability is to data confidentiality and integrity...

7.4CVSS7.4AI score0.01319EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2022/08/26 12:0 a.m.3 views

PT-2022-10472

Name of the Vulnerable Software and Affected Versions openstack-keystone affected versions not specified Description A flaw was found in openstack-keystone, where only the first 72 characters of an application secret are verified. This allows attackers to bypass some password complexity that...

7.4CVSS6.3AI score0.01319EPSS
Exploits1References27
CNNVD
CNNVD
added 2022/08/26 12:0 a.m.4 views

Red Hat OpenStack Platform 安全漏洞

Red Hat OpenStack Platform is a cloud computing management platform from the US-based Red Hat, Inc. Red Hat OpenStack Platform suffers from a security vulnerability that stems from the fact that it only validates the first 72 characters of an application key allowing an attacker to bypass some of...

7.4CVSS6.9AI score0.01319EPSS
Exploits1References5
OSV
OSV
added 2022/08/05 12:0 a.m.14 views

GHSA-7942-2FX8-QHPF Raneto v0.17.0 employs weak password complexity requirements

Raneto v0.17.0 employs weak password complexity requirements, allowing attackers to crack user passwords via brute-force attacks. Version 0.17.1 contains security mitigations for this and other vulnerabilities...

9.8CVSS6.6AI score0.01293EPSS
Exploits3References9
ATTACKERKB
ATTACKERKB
added 2022/08/04 8:15 p.m.2 views

CVE-2022-35143

Renato v0.17.0 employs weak password complexity requirements, allowing attackers to crack user passwords via brute-force attacks...

9.8CVSS5.9AI score0.01293EPSS
Exploits3References5
Positive Technologies
Positive Technologies
added 2022/08/04 12:0 a.m.3 views

PT-2022-22597 · Raneto · Raneto

Name of the Vulnerable Software and Affected Versions: Raneto version 0.17.0 Description: The issue is related to weak password complexity requirements, allowing attackers to crack user passwords via brute-force attacks. Recommendations: For version 0.17.0, update to version 0.17.1, which contain...

9.8CVSS6.1AI score0.01293EPSS
Exploits3References12
OpenVAS
OpenVAS
added 2022/07/31 12:0 a.m.12 views

Fedora: Security Advisory for golang-github-nbutton23-zxcvbn (FEDORA-2022-37aef44d1e)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5AI score
Exploits0References2
Fedora
Fedora
added 2022/07/30 2:0 a.m.16 views

[SECURITY] Fedora 36 Update: golang-github-nbutton23-zxcvbn-0.1-9.20210110gite56b841.fc36

Zxcvbn password complexity algorithm in golang...

2AI score
Exploits0
OpenVAS
OpenVAS
added 2022/07/18 12:0 a.m.10 views

Fedora: Security Advisory for golang-github-nbutton23-zxcvbn (FEDORA-2022-3969b64d4b)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

9.3CVSS8.9AI score0.05994EPSS
Exploits4References2
Fedora
Fedora
added 2022/07/17 1:15 a.m.20 views

[SECURITY] Fedora 35 Update: golang-github-nbutton23-zxcvbn-0.1-8.20210110gite56b841.fc35

Zxcvbn password complexity algorithm in golang...

9.3CVSS2AI score0.05994EPSS
Exploits4
Fedora
Fedora
added 2022/07/04 1:35 a.m.20 views

[SECURITY] Fedora 36 Update: golang-github-nbutton23-zxcvbn-0.1-8.20210110gite56b841.fc36

Zxcvbn password complexity algorithm in golang...

9.3CVSS8.3AI score0.05994EPSS
Exploits4
Malwarebytes
Malwarebytes
added 2021/11/24 11:25 a.m.47 views

Password usage analysis of brute force attacks on honeypot servers

As Microsoft’s Head of Deception, Ross Bevington is responsible for setting up and maintaining honeypots that look like legitimate systems and servers. Honeypot systems are designed to pose as an attractive target for attackers. Sometimes they are left vulnerable to create a controllable and safe...

7AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2021/11/23 12:0 a.m.16 views

The vulnerability of the microprogrammed logic controller ioLogik software, related to insufficient requirements for password complexity, allows a hacker to obtain user passwords by brute-force methods.

The vulnerability of the microprogrammed logic controller ioLogik software is related to insufficient requirements for the complexity of passwords. Exploiting this vulnerability allows a malicious actor to manually select user passwords using brute-force methods...

10CVSS5.3AI score
Exploits0References1Affected Software1
Microsoft Secure
Microsoft Secure
added 2021/09/15 1:0 p.m.31 views

The passwordless future is here for your Microsoft account

Nobody likes passwords. They’re inconvenient. They’re a prime target for attacks. Yet for years they’ve been the most important layer of security for everything in our digital lives—from email to bank accounts, shopping carts to video games. We are expected to create complex and unique passwords,...

0.4AI score
Exploits0
Huntr
Huntr
added 2021/09/02 8:38 a.m.12 views

in apolloconfig/apollo

✍️ Description The Application does not have control set in password complexity. It is possible to add a user with a single character password in the application. 🕵️‍♂️ Proof of Concept Adding the user. POST /users HTTP/1.1 Host: xxx.xxx.xxx.xxx Content-Length: 63 Accept: application/json,...

7.1AI score
Exploits0References1
OSV
OSV
added 2021/08/31 10:15 p.m.29 views

CVE-2021-22003

VMware Workspace ONE Access and Identity Manager, unintentionally provide a login interface on port 7443. A malicious actor with network access to port 7443 may attempt user enumeration or brute force the login endpoint, which may or may not be practical based on lockout policy configuration and...

7.5CVSS7AI score0.00994EPSS
Exploits0References1
Rows per page
Query Builder