497 matches found
Go passwordless to strengthen security and reduce costs
We all know passwords are inherently unsecure. They’re also expensive to manage. Users struggle to remember them. It’s why we’re so passionate about eliminating passwords entirely. Passwordless solutions, such as Windows Hello, FIDO2 security keys, and the Microsoft Authenticator app, provide mor...
Improve security with a Zero Trust access model
Zero Trust is a security model that I believe can begin to turn the tide in the cybersecurity battles. Traditional perimeter-based network security has proved insufficient because it assumes that if a user is inside the corporate perimeter, they can be trusted. We’ve learned that this isn't true...
PT-2019-6424 · Ruijie · Ruijie Eg-2000 Series Gateway
Name of the Vulnerable Software and Affected Versions: Ruijie EG-2000 series gateway versions EG-2000SE EG RGOS 11.11B1. Description: The issue is related to a buffer overflow in the client.so file of the Ruijie EG-2000 series gateway. This allows an attacker to login to any account without...
CVE-2019-15102
An issue was discovered in Tyto Sahi Pro 6.x through 8.0.0. TestRunnerNondistributed and distributed end points does not have any authentication mechanism. This allow an attacker to execute an arbitrary script on the remote Sahi Pro server. There is also a password-protected web interface intende...
CVE-2019-15949
Nagios XI before 5.6.6 allows remote command execution as root. The exploit requires access to the server as the nagios user, or access as the admin user via the web interface. The getprofile.sh script, invoked by downloading a system profile profile.php?cmd=download, is executed as root via a...
Command injection
Nagios XI before 5.6.6 allows remote command execution as root. The exploit requires access to the server as the nagios user, or access as the admin user via the web interface. The getprofile.sh script, invoked by downloading a system profile profile.php?cmd=download, is executed as root via a...
CVE-2019-15949
Nagios XI before 5.6.6 allows remote command execution as root. The exploit requires access to the server as the nagios user, or access as the admin user via the web interface. The getprofile.sh script, invoked by downloading a system profile profile.php?cmd=download, is executed as root via a...
PT-2019-6111 · Nagios · Nagios Xi
Name of the Vulnerable Software and Affected Versions: Nagios XI versions prior to 5.6.6 Description: The issue allows remote command execution as root. It requires access to the server as the nagios user or access as the admin user via the web interface. The getprofile.sh script is executed as...
Advancing Windows 10 as a passwordless platform
Passwords can be frustrating, difficult to remember, and easily hacked or stolen. That’s why our vision for Windows is one of a passwordless platform—a world where users don’t have to deal with the pains of a password. With the release of Windows 10, version 1903, we’re bringing Windows 10 closer...
The vulnerability of the wpa_supplicant component of the EAP-PWD protocol in wireless communication devices certified by WPA allows attackers to compromise the integrity and confidentiality of data, as well as cause service failures. This vulnerability is related to incorrect authentication procedures.
The vulnerability of the wpasupplicant component of the EAP-PWD protocol in wireless communication devices certified for WPA is related to the failure of the EAP-PWD authentication process without obtaining a password. Exploiting this vulnerability allows an attacker to compromise the integrity a...
Authentication flaw
In MobaTek MobaXterm Personal Edition v11.1 Build 3860, the SSH private key and its password can be retrieved from process memory for the lifetime of the process, even after the user disconnects from the remote SSH server. This affects Passwordless Authentication that has a Password Protected SSH...
CVE-2019-7690
In MobaTek MobaXterm Personal Edition v11.1 Build 3860, the SSH private key and its password can be retrieved from process memory for the lifetime of the process, even after the user disconnects from the remote SSH server. This affects Passwordless Authentication that has a Password Protected SSH...
Logic Flaw Vulnerability in Juhaoyong CMS
JuhaoyongCMS is a set of cms developed by Juhaoyong Enterprise Website Management System. Juhaoyong CMS has a logic flaw vulnerability, an attacker can be forged through a cookie to log in to the backend without an account password...
CVE-2018-20052
An issue was discovered on Cerner Connectivity Engine CCE 4 devices. The user running the main CCE firmware has NOPASSWD sudo privileges to several utilities that could be used to escalate privileges to root. One example is the "sudo ln -s /tmp/script /etc/cron.hourly/script" command...
DEBIAN-CVE-2019-9497
The implementations of EAP-PWD in hostapd EAP Server and wpasupplicant EAP Peer do not validate the scalar and element values in EAP-pwd-Commit. This vulnerability may allow an attacker to complete EAP-PWD authentication without knowing the password. However, unless the crypto library does not...
CVE-2019-10661
CVE-2019-10661 affects Grandstream GXV3611IR_HD prior to version 1.0.3.23, where the root account has no password, enabling potential unauthorized access. Red Hat, CVE registries, and Nessus-related entries corroborate the vulerability: default/root password issue on affected GXV3611IR_HD devices...
Android Gets FIDO2 Certification—Now Supports Secure Passwordless Logins
Great news. If you have already installed the latest update of Google Play Services released earlier today, and your Android device is running Android version 7.0 Nougat or above—Congratulations! Your device is now FIDO2 Certified. Are you thinking… what the heck that actually means? It means,...
Android Gets FIDO2 Certification—Now Supports Secure Passwordless Logins
Great news. If you have already installed the latest update of Google Play Services released earlier today, and your Android device is running Android version 7.0 Nougat or above—Congratulations! Your device is now FIDO2 Certified. Are you thinking… what the heck that actually means? It means,...
Google Ditches Passwords in Latest Android Devices
Half of all Android users can now log into apps and websites on their devices – without having to remember a cumbersome password. On Monday, Google and the Fast IDentity Online FIDO Alliance announced that devices running Android 7 or later are certified by the FIDO2 standard, meaning that users...
Android Is Helping Kill Passwords on a Billion Devices
By officially certifying the FIDO2 standard, the mobile OS will soon allow logins to sites and services without having to put in a password...