284 matches found
Authentication flaw
A vulnerability in the authentication functionality of Cisco Wireless LAN Controller WLC Software could allow an unauthenticated, remote attacker to bypass authentication controls and log in to the device through the management interface This vulnerability is due to the improper implementation of...
CVE-2022-20695 Cisco Wireless LAN Controller Management Interface Authentication Bypass Vulnerability
A vulnerability in the authentication functionality of Cisco Wireless LAN Controller WLC Software could allow an unauthenticated, remote attacker to bypass authentication controls and log in to the device through the management interface This vulnerability is due to the improper implementation of...
PT-2022-2222 · Cisco · Cisco Wireless Lan Controller +1
Name of the Vulnerable Software and Affected Versions: Cisco Wireless LAN Controller WLC Software versions 8.10.151.0 through 8.10.162.0 Description: A vulnerability in the authentication functionality of Cisco Wireless LAN Controller WLC Software could allow an unauthenticated, remote attacker t...
Kafka: Timing Attack Vulnerability for Apache Kafka Connect and Clients
Some components in Apache Kafka use Arrays.equals to validate a password or key, which is vulnerable to timing attacks that make brute force attacks for such credentials more likely to be successful. Users should upgrade to 2.8.1 or higher, or 3.0.0 or higher where this vulnerability has been...
CVE-2021-43394
Unisys OS 2200 Messaging Integration Services NTSI 7R3B IC3 and IC4, 7R3C, and 7R3D has an Incorrect Implementation of an Authentication Algorithm. An LDAP password is not properly validated...
Authentication flaw
Unisys OS 2200 Messaging Integration Services NTSI 7R3B IC3 and IC4, 7R3C, and 7R3D has an Incorrect Implementation of an Authentication Algorithm. An LDAP password is not properly validated...
Kafka: Timing Attack Vulnerability for Apache Kafka Connect and Clients
Some components in Apache Kafka use Arrays.equals to validate a password or key, which is vulnerable to timing attacks that make brute force attacks for such credentials more likely to be successful. Users should upgrade to 2.8.1 or higher, or 3.0.0 or higher where this vulnerability has been...
Kafka: Timing Attack Vulnerability for Apache Kafka Connect and Clients
Some components in Apache Kafka use Arrays.equals to validate a password or key, which is vulnerable to timing attacks that make brute force attacks for such credentials more likely to be successful. Users should upgrade to 2.8.1 or higher, or 3.0.0 or higher where this vulnerability has been...
PT-2022-1406 · Django +6 · Django +6
Name of the Vulnerable Software and Affected Versions: Django versions 2.2 through 2.2.25 Django versions 3.2 through 3.2.10 Django versions 4.0 through 4.0.0 Description: The issue is related to the UserAttributeSimilarityValidator component in the Django framework, which can cause significant...
CLSA-2021-1637673193 Fix of CVE: CVE-2021-21704, CVE-2021-21703, CVE-2021-21705
CVE-2021-21704: fix integer overflow and subsequent incorrect buffer allocation - CVE-2021-21705: fix incorrect url password validation - CVE-2021-21703: fix incorrect shared memory management, which led to priv escalation...
Fix of CVE: CVE-2021-21704, CVE-2021-21703, CVE-2021-21705
CVE-2021-21704: fix integer overflow and subsequent incorrect buffer allocation - CVE-2021-21705: fix incorrect url password validation - CVE-2021-21703: fix incorrect shared memory management, which led to priv escalation...
Fix of CVE: CVE-2021-21705, CVE-2021-21704, CVE-2021-21703
CVE-2021-21704: fix integer overflow and subsequent incorrect buffer allocation - CVE-2021-21705: fix incorrect url password validation - CVE-2021-21703: fix incorrect shared memory management, which led to priv escalation...
Observable Discrepancy in Apache Kafka
Some components in Apache Kafka use Arrays.equals to validate a password or key, which is vulnerable to timing attacks that make brute force attacks for such credentials more likely to be successful. Users should upgrade to 2.8.1 or higher, or 3.0.0 or higher where this vulnerability has been...
CVE-2021-38153
Some components in Apache Kafka use Arrays.equals to validate a password or key, which is vulnerable to timing attacks that make brute force attacks for such credentials more likely to be successful. Users should upgrade to 2.8.1 or higher, or 3.0.0 or higher where this vulnerability has been...
CVE-2021-38153
Some components in Apache Kafka use Arrays.equals to validate a password or key, which is vulnerable to timing attacks that make brute force attacks for such credentials more likely to be successful. Users should upgrade to 2.8.1 or higher, or 3.0.0 or higher where this vulnerability has been...
CVE-2021-38153
CVE-2021-38153 : Apache Kafka components validate passwords/keys with Arrays.equals, enabling timing attacks that can aid brute-force attempts. Affected releases include Kafka 2.0.0–2.8.0. The issue is fixed in 2.8.1+ and in 3.0.0+. Remediation: upgrade to 2.8.1+ or 3.0.0+ where the vulnerability...
CVE-2021-38153
Some components in Apache Kafka use Arrays.equals to validate a password or key, which is vulnerable to timing attacks that make brute force attacks for such credentials more likely to be successful. Users should upgrade to 2.8.1 or higher, or 3.0.0 or higher where this vulnerability has been...
in weseek/growi
✍️ Description You should check and validate the password when users registering, any user able to use a weak password like aaaaaa also you don't have any rate limit for incorrect passwords that cause to easily perform Bruteforce attacks against your users that have weak passwords. 💥 Impact This...
Important: Red Hat Bug Fix Advisory: Red Hat Ansible Tower 3.8.4-1 - Container
Red Hat Ansible Tower 3.8.4-1 - Container Running inventories of 60k hosts no longer takes a very long time for events to show up Removed artifactdata from data sent to analytics as part of playbookonstats, since artifactdata can contain PII or sensitive data Regular users are no longer...
Timing Attack
Overview Affected versions of this package are vulnerable to Timing Attack. Some components in Apache Kafka use Arrays.equals to validate a password or key, which is vulnerable to brute force attacks by malicious users. Remediation Upgrade org.apache.kafka:connect-runtime to version 2.8.1, 2.7.2 ...