19 matches found
Malicious code in spinal-service-ticket (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware aae35c4e4ff6906cb7d4d11279ee76155e4fe161e95d96ecea1f4e61e9a67412 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Exploit for CVE-2021-42278
This is a Python script for exploiting CVE-2021-42278 and CVE-2021-42287 to impersonate a Domain Administrator DA from a standard domain user. The script uses the Impacket library to interact with the Active Directory. The script has several components: 1. samtheadmin.py: This is the main script...
VMware Enhanced Authentication Plug-in Security Vulnerability
The VMware Enhanced Authentication Plug-in is part of the VMware Horizon client from VMware, Inc. and is used to provide an additional authentication layer to enhance the security of access to VMware Horizon virtual desktops and applications. A security vulnerability exists in VMware Enhanced...
June 8, 2021 Public preview security update (KB5003645)
June 8, 2021 Public preview security update KB5003645 Improvements and fixes This public preview security update includes quality improvements. Key changes include: Addresses an issue in which a principal in a trusted MIT realm fails to obtain a Kerberos service ticket from Active Directory domai...
March 9, 2021—KB5000853 (Security-only update)
March 9, 2021—KB5000853 Security-only update Important: Windows 8.1 and Windows Server 2012 R2 have reached the end of mainstream support and are now in extended support. Starting in July 2020, there will no longer be optional, non-security releases known as "C" releases for this operating system...
March 9, 2021—KB5000851 (Security-only update)
March 9, 2021—KB5000851 Security-only update Important: Verify that you have installed the required updates listed in the How to get this update section before installing this update. Important: For information about the various types of Windows updates, such as critical, security, driver, servic...
CVE-2020-17049
A security feature bypass vulnerability exists in the way Key Distribution Center KDC determines if a service ticket can be used for delegation via Kerberos Constrained Delegation KCD. To exploit the vulnerability, a compromised service that is configured to use KCD could tamper with a service...
CVE-2020-17049
A security feature bypass vulnerability exists in the way Key Distribution Center KDC determines if a service ticket can be used for delegation via Kerberos Constrained Delegation KCD. To exploit the vulnerability, a compromised service that is configured to use KCD could tamper with a service...
Security feature bypass
A security feature bypass vulnerability exists in the way Key Distribution Center KDC determines if a service ticket can be used for delegation via Kerberos Constrained Delegation KCD. To exploit the vulnerability, a compromised service that is configured to use KCD could tamper with a service...
CVE-2020-17049
A security feature bypass vulnerability exists in the way Key Distribution Center KDC determines if a service ticket can be used for delegation via Kerberos Constrained Delegation KCD. To exploit the vulnerability, a compromised service that is configured to use KCD could tamper with a service...
Kerberos KDC Security Feature Bypass Vulnerability
A security feature bypass vulnerability exists in the way Key Distribution Center KDC determines if a service ticket can be used for delegation via Kerberos Constrained Delegation KCD. To exploit the vulnerability, a compromised service that is configured to use KCD could tamper with a service...
PT-2020-4776 · Microsoft +7 · Kerberos +9
Name of the Vulnerable Software and Affected Versions: Windows versions prior to the fixed version Description: A security feature bypass vulnerability exists in the way Key Distribution Center KDC determines if a service ticket can be used for delegation via Kerberos Constrained Delegation KCD. ...
CVE-2018-13257
The bb-auth-provider-cas authentication module within Blackboard Learn 2018-07-02 is susceptible to HTTP host header spoofing during Central Authentication Service CAS service ticket validation, enabling a phishing attack from the CAS server login page...
CVE-2018-13257
The bb-auth-provider-cas authentication module within Blackboard Learn 2018-07-02 is susceptible to HTTP host header spoofing during Central Authentication Service CAS service ticket validation, enabling a phishing attack from the CAS server login page...
MS14-068-domain privilege escalation vulnerability summary-vulnerability warning-the black bar safety net
0x01 vulnerability of origin Said to ms14-068,have to say the silver ticket, that is, the cheque in. Cheque is a piece of tgs, that is, a service Ticket. The service ticket is the client is sent directly to the server and request the service resource. If the server is not the domain controller dc...
Kerberos 4 4.0/5 5.0 KDC Spoofing Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/1616/info Kerberos is a cryptographic authentication protocol that allows users of a network to access services without transmitting cleartext passwords. A common implementation of the protocol includes a login service...
FreeBSD : krb5 -- client impersonation vulnerability (4ccbd40d-03f7-11e0-bf50-001a926c7637)
The MIT Kerberos team reports : MIT krb5 KDC may issue tickets not requested by a client, based on an attacker-chosen KrbFastArmoredReq. An authenticated remote attacker that controls a legitimate service principal could obtain a valid service ticket to itself containing valid KDC-generated...
Kerberos 4 4.05 5.0 - KDC Spoofing
Kerberos 4 4.05 5.0 - KDC Spoofing source: https://www.securityfocus.com/bid/1616/info Kerberos is a cryptographic authentication protocol that allows users of a network to access services without transmitting cleartext passwords. A common implementation of the protocol includes a login service...
CVE-2026-45074: Cas2Handler Derives CAS service URL from Client Host Header → Cross-Service Ticket Replay
More info at https://symfony.com/cve-2026-45074...