PT-2025-38261

Name of the Vulnerable Software and Affected Versions Dragonfly versions prior to 2.1.0 Description The access control mechanism for the Proxy feature uses simple string comparisons and is vulnerable to timing attacks. An attacker may attempt to guess the password character by character by sendin...

K000153161: Ansible Tower vulnerability CVE-2019-19340

Security Advisory Description A flaw was found in Ansible Tower, versions 3.6.x before 3.6.2 and 3.5.x before 3.5.3, where enabling RabbitMQ manager by setting it with '-e rabbitmqenablemanager=true' exposes the RabbitMQ management interface publicly, as expected. If the default admin user is sti...

GHSA-HMX6-R76C-85G9 Gradio apps vulnerable to timing attacks to guess password

Impact This security policy is with regards to a timing attack that allows users of Gradio apps to potentially guess the password of password-protected Gradio apps. This relies on the fact that string comparisons in Python terminate early, as soon as there is a string mismatch. Because Gradio app...

Loki RAT (Relapse) SQL Injection

Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/aabb54951546132e70a8e9f02bf8b5baB.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Loki RAT Relapse Vulnerability: SQL Injection Description: The LokiRAT WebUI panel for...

CVE-2021-37934

Due to insufficient server-side login-attempt limit enforcement, a vulnerability in /account/login in Huntflow Enterprise before 3.10.14 could allow an unauthenticated, remote user to perform multiple login attempts for brute-force password guessing...

cloud-init: Use of random.choice when generating random password

A flaw was found in cloud-init, where it uses the random.choice function when creating sensitive random strings used for generating a random password in new instances. Depending on the instance configuration, a remote or local attacker may abuse this vulnerability to guess the password of the...

CVE-2020-15770

An issue was discovered in Gradle Enterprise 2018.5. An attacker can potentially make repeated attempts to guess a local user's password, due to lack of lock-out after excessive failed logins...

xguest weak password vulnerability

xguest is an account creation component for Linux systems. A weak password vulnerability exists in xguest that stems from the program using an insecure password. An attacker could exploit this vulnerability to guess the password...

Update to Bitcoin Client Fixes DoS Bug, Password Strength

The developers behind Bitcoin-QT, a software wallet used to protect and back up Bitcoin currency, have pushed out a new version of the client, fixing a critical denial-of-service bug, three security issues and fortifying password security. Version 0.8.4 of the original Bitcoin client was posted t...