Lucene search
K

497 matches found

Microsoft Secure
Microsoft Secure
added 2019/12/12 12:0 a.m.54 views

Go passwordless to strengthen security and reduce costs

We all know passwords are inherently unsecure. They’re also expensive to manage. Users struggle to remember them. It’s why we’re so passionate about eliminating passwords entirely. Passwordless solutions, such as Windows Hello, FIDO2 security keys, and the Microsoft Authenticator app, provide mor...

Exploits0
Microsoft Secure
Microsoft Secure
added 2019/10/29 4:0 p.m.12 views

Improve security with a Zero Trust access model

Zero Trust is a security model that I believe can begin to turn the tide in the cybersecurity battles. Traditional perimeter-based network security has proved insufficient because it assumes that if a user is inside the corporate perimeter, they can be trusted. We’ve learned that this isn't true...

0.3AI score
Exploits0
Positive Technologies
Positive Technologies
added 2019/09/20 12:0 a.m.4 views

PT-2019-6424 · Ruijie · Ruijie Eg-2000 Series Gateway

Name of the Vulnerable Software and Affected Versions: Ruijie EG-2000 series gateway versions EG-2000SE EG RGOS 11.11B1. Description: The issue is related to a buffer overflow in the client.so file of the Ruijie EG-2000 series gateway. This allows an attacker to login to any account without...

8.4CVSS8AI score0.00301EPSS
Exploits1References6
OSV
OSV
added 2019/09/06 5:15 p.m.6 views

CVE-2019-15102

An issue was discovered in Tyto Sahi Pro 6.x through 8.0.0. TestRunnerNondistributed and distributed end points does not have any authentication mechanism. This allow an attacker to execute an arbitrary script on the remote Sahi Pro server. There is also a password-protected web interface intende...

9.8CVSS8AI score0.03852EPSS
Exploits1References1
OSV
OSV
added 2019/09/05 5:15 p.m.3 views

CVE-2019-15949

Nagios XI before 5.6.6 allows remote command execution as root. The exploit requires access to the server as the nagios user, or access as the admin user via the web interface. The getprofile.sh script, invoked by downloading a system profile profile.php?cmd=download, is executed as root via a...

8.8CVSS7.5AI score0.77741EPSS
Exploits13References4
Prion
Prion
added 2019/09/05 5:15 p.m.22 views

Command injection

Nagios XI before 5.6.6 allows remote command execution as root. The exploit requires access to the server as the nagios user, or access as the admin user via the web interface. The getprofile.sh script, invoked by downloading a system profile profile.php?cmd=download, is executed as root via a...

9CVSS8.8AI score0.77741EPSS
Exploits13References3Affected Software1
Vulnrichment
Vulnrichment
added 2019/09/05 4:50 p.m.17 views

CVE-2019-15949

Nagios XI before 5.6.6 allows remote command execution as root. The exploit requires access to the server as the nagios user, or access as the admin user via the web interface. The getprofile.sh script, invoked by downloading a system profile profile.php?cmd=download, is executed as root via a...

8.9AI score0.77741EPSS
Exploits13References3
Positive Technologies
Positive Technologies
added 2019/07/29 12:0 a.m.4 views

PT-2019-6111 · Nagios · Nagios Xi

Name of the Vulnerable Software and Affected Versions: Nagios XI versions prior to 5.6.6 Description: The issue allows remote command execution as root. It requires access to the server as the nagios user or access as the admin user via the web interface. The getprofile.sh script is executed as...

9CVSS8.7AI score0.77741EPSS
Exploits13References12
Microsoft Secure
Microsoft Secure
added 2019/06/10 4:0 p.m.70 views

Advancing Windows 10 as a passwordless platform

Passwords can be frustrating, difficult to remember, and easily hacked or stolen. That’s why our vision for Windows is one of a passwordless platform—a world where users don’t have to deal with the pains of a password. With the release of Windows 10, version 1903, we’re bringing Windows 10 closer...

1.3AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2019/06/06 12:0 a.m.3 views

The vulnerability of the wpa_supplicant component of the EAP-PWD protocol in wireless communication devices certified by WPA allows attackers to compromise the integrity and confidentiality of data, as well as cause service failures. This vulnerability is related to incorrect authentication procedures.

The vulnerability of the wpasupplicant component of the EAP-PWD protocol in wireless communication devices certified for WPA is related to the failure of the EAP-PWD authentication process without obtaining a password. Exploiting this vulnerability allows an attacker to compromise the integrity a...

8.1CVSS6.5AI score0.05372EPSS
Exploits0References13Affected Software6
Prion
Prion
added 2019/05/13 4:29 p.m.13 views

Authentication flaw

In MobaTek MobaXterm Personal Edition v11.1 Build 3860, the SSH private key and its password can be retrieved from process memory for the lifetime of the process, even after the user disconnects from the remote SSH server. This affects Passwordless Authentication that has a Password Protected SSH...

5CVSS9.6AI score0.03214EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2019/05/13 3:58 p.m.17 views

CVE-2019-7690

In MobaTek MobaXterm Personal Edition v11.1 Build 3860, the SSH private key and its password can be retrieved from process memory for the lifetime of the process, even after the user disconnects from the remote SSH server. This affects Passwordless Authentication that has a Password Protected SSH...

9.7AI score0.03214EPSS
Exploits1References1
CNVD
CNVD
added 2019/04/30 12:0 a.m.1 views

Logic Flaw Vulnerability in Juhaoyong CMS

JuhaoyongCMS is a set of cms developed by Juhaoyong Enterprise Website Management System. Juhaoyong CMS has a logic flaw vulnerability, an attacker can be forged through a cookie to log in to the backend without an account password...

6.9AI score
Exploits0
OSV
OSV
added 2019/04/25 4:29 p.m.4 views

CVE-2018-20052

An issue was discovered on Cerner Connectivity Engine CCE 4 devices. The user running the main CCE firmware has NOPASSWD sudo privileges to several utilities that could be used to escalate privileges to root. One example is the "sudo ln -s /tmp/script /etc/cron.hourly/script" command...

7.8CVSS5.8AI score0.00378EPSS
Exploits0References1
OSV
OSV
added 2019/04/17 2:29 p.m.1 views

DEBIAN-CVE-2019-9497

The implementations of EAP-PWD in hostapd EAP Server and wpasupplicant EAP Peer do not validate the scalar and element values in EAP-pwd-Commit. This vulnerability may allow an attacker to complete EAP-PWD authentication without knowing the password. However, unless the crypto library does not...

8.1CVSS9.3AI score0.05372EPSS
Exploits0References1
CVE
CVE
added 2019/03/30 4:43 p.m.52 views

CVE-2019-10661

CVE-2019-10661 affects Grandstream GXV3611IR_HD prior to version 1.0.3.23, where the root account has no password, enabling potential unauthorized access. Red Hat, CVE registries, and Nessus-related entries corroborate the vulerability: default/root password issue on affected GXV3611IR_HD devices...

10CVSS9.4AI score0.01774EPSS
Exploits0References2Affected Software1
The Hacker News
The Hacker News
added 2019/02/25 5:49 p.m.2 views

Android Gets FIDO2 Certification—Now Supports Secure Passwordless Logins

Great news. If you have already installed the latest update of Google Play Services released earlier today, and your Android device is running Android version 7.0 Nougat or above—Congratulations! Your device is now FIDO2 Certified. Are you thinking… what the heck that actually means? It means,...

6.6AI score
Exploits0
The Hacker News
The Hacker News
added 2019/02/25 5:49 p.m.105 views

Android Gets FIDO2 Certification—Now Supports Secure Passwordless Logins

Great news. If you have already installed the latest update of Google Play Services released earlier today, and your Android device is running Android version 7.0 Nougat or above—Congratulations! Your device is now FIDO2 Certified. Are you thinking… what the heck that actually means? It means,...

1.6AI score
Exploits0
ThreatPost
ThreatPost
added 2019/02/25 2:17 p.m.89 views

Google Ditches Passwords in Latest Android Devices

Half of all Android users can now log into apps and websites on their devices – without having to remember a cumbersome password. On Monday, Google and the Fast IDentity Online FIDO Alliance announced that devices running Android 7 or later are certified by the FIDO2 standard, meaning that users...

0.3AI score
Exploits0References7
Wired Threat Level
Wired Threat Level
added 2019/02/25 11:0 a.m.66 views

Android Is Helping Kill Passwords on a Billion Devices

By officially certifying the FIDO2 standard, the mobile OS will soon allow logins to sites and services without having to put in a password...

3.2AI score
Exploits0
Rows per page
Query Builder