54 matches found
CVE-2026-6312
Insufficient policy enforcement in Passwords in Google Chrome prior to 147.0.7727.101 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. Chromium security severity: High...
EUVD-2018-8649
Malware in sbrugna...
EUVD-2022-32059
Malicious code in bioql PyPI...
EUVD-2021-7836
Malicious code in bioql PyPI...
Devolutions Remote Desktop Manager 安全漏洞
Devolutions Remote Desktop Manager is an application from Devolutions Canada Inc. It provides remote desktop management functionality. A security vulnerability exists in Devolutions Remote Desktop Manager versions 2025.1.24 through 2025.1.25 and 2024.3.29 and earlier, which stems from improper...
Linux Distros Unpatched Vulnerability : CVE-2020-15115
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - etcd before versions 3.3.23 and 3.4.10 does not perform any password length validation, which allows for very short passwords, such as those with a length of on...
Watch where you point that cred! Part 1
TL;DR Poorly protected authentication requests from privileged automated tasks e.g. vulnerability scanners, health checks could be intercepted by rogue authentication servers planted in the internal network. Weak authentication methods, overly broad privileges and scopes, as well as poor network...
Don't Overlook These 6 Critical Okta Security Configurations
Given Okta's role as a critical part of identity infrastructure, strengthening Okta security is essential. This article covers six key Okta security settings that provide a strong starting point, along with recommendations for implementing continuous monitoring of your Okta security posture. With...
Good Essay on the History of Bad Password Policies
Stuart Schechter makes some good points on the history of bad password policies: Morris and Thompson's work brought much-needed data to highlight a problem that lots of people suspected was bad, but that had not been studied scientifically. Their work was a big step forward, if not for two mistak...
CVE-2024-9683
A vulnerability was found in Quay, which allows successful authentication even when a truncated password version is provided. This flaw affects the authentication mechanism, reducing the overall security of password enforcement. While the risk is relatively low due to the typical length of the...
PT-2024-39760 · Quay · Quay
Name of the Vulnerable Software and Affected Versions: Quay affected versions not specified Description: A vulnerability was found in Quay, which allows successful authentication even when a truncated password version is provided. This flaw affects the authentication mechanism, reducing the overa...
How Hybrid Password Attacks Work and How to Defend Against Them
Threat actors constantly change tactics to bypass cybersecurity measures, developing innovative methods to steal user credentials. Hybrid password attacks merge multiple cracking techniques to amplify their effectiveness. These combined approaches exploit the strengths of various methods,...
CVE-2024-41686
This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due to improper implementation of password policies. A local attacker could exploit this by creating password that do not adhere to the defined security standards/policy on the vulnerable system. Successful exploitation of this...
CVE-2024-2257
This vulnerability exists in Digisol Router DG-GR1321: Hardware version 3.7L; Firmware version : v3.2.02 due to improper implementation of password policies. An attacker with physical access could exploit this by creating password that do not adhere to the defined security standards/policy on the...
CVE-2024-3263 Improper authentication in YMS VIS Pro
YMS VIS Pro is an information system for veterinary and food administration, veterinarians and farm. Due to a combination of improper method for system credentials generation and weak password policy, passwords can be easily guessed and enumerated through brute force attacks. Successful attacks c...
CVE-2024-3263 Improper authentication in YMS VIS Pro
YMS VIS Pro is an information system for veterinary and food administration, veterinarians and farm. Due to a combination of improper method for system credentials generation and weak password policy, passwords can be easily guessed and enumerated through brute force attacks. Successful attacks c...
CVE-2024-3263
CVE-2024-3263 affects YMS VIS Pro due to improper system-credentials generation and weak password policy, enabling brute-force login attempts. Public details identify affected versions as VIS Pro 3.3.0.7). There is no explicit exploitation details or public in-the-wild exploit information provide...
CVE-2024-2257
Summary of CVE-2024-2257 (Digisol Router DG-GR1321) : The vulnerability affects Digisol Router DG-GR1321 (hardware version 3.7L; firmware v3.2.02). It arises from improper implementation of password policies, enabling an attacker with physical access to craft passwords that do not conform to the ...
passhash: Potential DoS due to PasswordPoliciesNotMet in errors.go
Summary: Possible DoS depending on amount of PasswordPolicyError instances that can be created in a short time type PasswordPoliciesNotMet struct UnMetPasswordPolicies PasswordPolicyError func e PasswordPoliciesNotMet Error string errorStrs := makestring, 0, lene.UnMetPasswordPolicies for , ppe :...
Stopping Credential Stuffing Attacks: We Need to Do Better
Do you know what 23andMe, Jason's Deli, North Face, and Hot Topic have in common? They've all been breached by successful credential stuffing attacks in the last year! An attack type that has gained prominence in recent years is credential stuffing. In this blog, we will explore what credential...