Lucene search
K

141 matches found

Github Security Blog
Github Security Blog
added 2022/05/17 3:53 a.m.30 views

Jenkins allows attackers to determine whether a user exists

The loadUserByUsername function in hudson/security/HudsonPrivateSecurityRealm.java in Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to determine whether a user exists via vectors related to failed login attempts...

5CVSS7AI score0.02952EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2022/05/17 3:53 a.m.4 views

GHSA-9VG9-X38G-9HFX Jenkins allows attackers to determine whether a user exists

The loadUserByUsername function in hudson/security/HudsonPrivateSecurityRealm.java in Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to determine whether a user exists via vectors related to failed login attempts...

5CVSS5.9AI score0.02952EPSS
Exploits0References5
CNVD
CNVD
added 2022/03/04 12:0 a.m.15 views

CyberArk Identity Security Feature Issue Vulnerability

CyberArk Identity, a CyberArk company, provides the most complete identity security platform to secure all identities from end-to-end.CyberArk Identity is vulnerable to a security signature issue that stems from the fact that the StartAuthentication resource exposes the response header X-CFY-TX-T...

5.3CVSS2.1AI score0.01098EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2022/03/03 7:15 p.m.8 views

CVE-2022-22700

CyberArk Identity versions up to and including 22.1 in the 'StartAuthentication' resource, exposes the response header 'X-CFY-TX-TM'. In certain configurations, that response header contains different, predictable value ranges which can be used to determine whether a user exists in the tenant...

5.3CVSS6AI score0.01098EPSS
Exploits1References3
OSV
OSV
added 2022/03/03 7:15 p.m.3 views

CVE-2022-22700

CyberArk Identity versions up to and including 22.1 in the 'StartAuthentication' resource, exposes the response header 'X-CFY-TX-TM'. In certain configurations, that response header contains different, predictable value ranges which can be used to determine whether a user exists in the tenant...

5.3CVSS5.7AI score0.01098EPSS
Exploits1References2
NVD
NVD
added 2022/03/03 7:15 p.m.26 views

CVE-2022-22700

CyberArk Identity versions up to and including 22.1 in the 'StartAuthentication' resource, exposes the response header 'X-CFY-TX-TM'. In certain configurations, that response header contains different, predictable value ranges which can be used to determine whether a user exists in the tenant...

5.3CVSS0.01098EPSS
Exploits1References2
CNNVD
CNNVD
added 2022/03/03 12:0 a.m.5 views

CyberArk Identity 安全特征问题漏洞

CyberArk Identity, a CyberArk company, provides the most complete identity security platform to secure all identities from end-to-end.CyberArk Identity is vulnerable to a security signature issue that stems from the fact that the StartAuthentication resource exposes the response header X-CFY-TX-T...

5.3CVSS5.6AI score0.01098EPSS
Exploits1References4
Prion
Prion
added 2022/01/03 10:15 p.m.21 views

Design/Logic Flaw

ManageEngine ADSelfService Plus below build 6116 contains an observable response discrepancy in the UMCP operation of the ChangePasswordAPI. This allows an unauthenticated remote attacker to determine whether a Windows domain user exists...

5CVSS5.3AI score0.069EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2022/01/03 9:7 p.m.61 views

CVE-2021-20147

Affected product: ManageEngine ADSelfService Plus (below build 6116). Vulnerability: observable response discrepancy in the UMCP operation of the ChangePasswordAPI that can be exploited by an unauthenticated remote attacker to determine whether a Windows domain user exists. Root cause / vulnerabi...

5.3CVSS5.3AI score0.069EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2021/09/15 7:32 p.m.6 views

CVE-2016-20012

OpenSSH through 8.7 allows remote attackers, who have a suspicion that a certain combination of username and public key is known to an SSH server, to test whether this suspicion is correct. This occurs because a challenge is sent only when that combination could be valid for a login session. NOTE...

6.8AI score0.05039EPSS
Exploits1References8
RedhatCVE
RedhatCVE
added 2021/04/12 4:46 p.m.28 views

CVE-2021-30156

In mediawiki package, the "Special:Contributions" functionality can leak information that a "hidden" user exists...

5.4CVSS2.4AI score0.01175EPSS
Exploits1References3
Cvelist
Cvelist
added 2021/04/09 6:10 a.m.28 views

CVE-2021-30156

An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. Special:Contributions can leak that a "hidden" user exists...

5AI score0.01175EPSS
Exploits1References3
Mageia
Mageia
added 2020/09/30 10:1 a.m.60 views

Updated mediawiki packages fix security vulnerability

Multiple security issues were discovered in MediaWiki: SpecialUserRights could leak whether a user existed or not, multiple code paths lacked HTML sanitisation allowing for cross-site scripting and TOTP validation applied insufficient rate limiting against brute force attempts CVE-2020-25812,...

7.5CVSS0.9AI score0.01752EPSS
Exploits1References4
OSV
OSV
added 2020/06/11 2:15 a.m.4 views

CVE-2020-13998

Citrix XenApp 6.5, when 2FA is enabled, allows a remote unauthenticated attacker to ascertain whether a user exists on the server, because the 2FA error page only occurs after a valid username is entered. NOTE: This vulnerability only affects products that are no longer supported by the maintaine...

5.3CVSS5.8AI score0.01389EPSS
Exploits0References1
NVD
NVD
added 2020/06/11 2:15 a.m.24 views

CVE-2020-13998

Citrix XenApp 6.5, when 2FA is enabled, allows a remote unauthenticated attacker to ascertain whether a user exists on the server, because the 2FA error page only occurs after a valid username is entered. NOTE: This vulnerability only affects products that are no longer supported by the maintaine...

7.5CVSS0.01389EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2020/06/11 1:59 a.m.14 views

CVE-2020-13998

Citrix XenApp 6.5, when 2FA is enabled, allows a remote unauthenticated attacker to ascertain whether a user exists on the server, because the 2FA error page only occurs after a valid username is entered. NOTE: This vulnerability only affects products that are no longer supported by the maintaine...

5.3AI score0.01389EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2020/06/11 12:0 a.m.7 views

PT-2020-13827 · Citrix · Citrix Xenapp

Name of the Vulnerable Software and Affected Versions: Citrix XenApp version 6.5 Description: The issue allows a remote unauthenticated attacker to determine whether a user exists on the server when two-factor authentication 2FA is enabled. This is because the 2FA error page is only displayed aft...

7.5CVSS7.2AI score0.01389EPSS
Exploits0References5
Kitploit
Kitploit
added 2020/04/07 9:30 p.m.84 views

MSOLSpray - A Password Spraying Tool For Microsoft Online Accounts (Azure/O365)

A password spraying tool for Microsoft Online accounts Azure/O365. The script logs if a user cred is valid, if MFA is enabled on the account, if a tenant doesn't exist, if a user doesn't exist, if the account is locked, or if the account is disabled. BE VERY CAREFUL NOT TO LOCKOUT ACCOUNTS! Why...

7.4AI score
Exploits0References2
OSV
OSV
added 2019/04/29 6:9 a.m.12 views

SUSE-SU-2018:3776-2 Security update for openssh

This update for openssh fixes the following issues: Following security issues have been fixed: - CVE-2018-15919: Remotely observable behaviour in auth-gss2.c in OpenSSH could be used by remote attackers to detect existence of users on a target system when GSS2 is in use. OpenSSH developers do not...

5.9CVSS6AI score0.98631EPSS
Exploits23References7
Cvelist
Cvelist
added 2019/02/12 8:0 p.m.18 views

CVE-2019-7550

In JForum 2.1.8, an unauthenticated, remote attacker can enumerate whether a user exists by using the "create user" function. If a register/check/username?username= request corresponds to a username that exists, then an "is already in use" error is produced. NOTE: this product is discontinued...

5.4AI score0.01842EPSS
Exploits1References1
Rows per page
Query Builder