472 matches found
Vulnerability of the web authentication function of the SolarWinds Serv-U File Server, which allows a hacker to increase their privileges
The vulnerability of the web authentication function of the SolarWinds Serv-U File Server exists due to insufficient validation of input data. Exploiting this vulnerability can allow a malicious actor to increase their privileges remotely...
Important: Red Hat Security Advisory: Red Hat Single Sign-On 7.5.1 security update on RHEL 7
New Red Hat Single Sign-On 7.5.1 packages are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
Siemens SICAM MMU, SICAM T, and SICAM SGU Missing Authentication For Critical Function (CVE-2020-10044)
A vulnerability has been identified in SICAM MMU All versions V2.05, SICAM SGU All versions, SICAM T All versions V2.18. An attacker with access to the network could be able to install specially crafted firmware to the device. This plugin only works with Tenable.ot. Please visit...
CVE-2021-41598
GitHub Enterprise Server vulnerability CVE-2021-41598 is a UI misrepresentation flaw in the GitHub App authorization flow. It can cause more permissions to be granted than the user sees during approval, specifically if the user later updates the repositories an app is installed on after additiona...
DEBIAN-CVE-2021-38022
Inappropriate implementation in WebAuthentication in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to leak cross-origin data via a crafted HTML page...
UBUNTU-CVE-2021-38022
Inappropriate implementation in WebAuthentication in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to leak cross-origin data via a crafted HTML page...
Lantronix PremierWave 2050 操作系统命令注入漏洞
The Lantronix PremierWave 2050 is an embedded enterprise Wi-Fi module from Lantronix, Inc. The Lantronix PremierWave 2050 version 8.9.0.0R4 is vulnerable to an OS command injection vulnerability caused by a problem with system authentication for HTTP requests. An attacker could exploit the...
keycloak: Anyone can register a new device when there is no device registered for passwordless login
A flaw was found in Keycloak. This vulnerability allows anyone to register a new security device or key when there is not a device already registered for any user by using the WebAuthn password-less login flow...
Nextcloud 日志信息泄露漏洞
An information disclosure vulnerability exists in Nextcloud Server, an open source, powerful cloud storage network drive project. An attacker could use this vulnerability to bypass the dual authentication in Nextcloud, and an attacker who knows the password or has access to the WebAuthN trusted...
Raider - Web Authentication Testing Framework
This is a framework designed to test authentication for web applications. While web proxies like ZAProxy and Burpsuite allow authenticated tests, they don't provide features to test the authentication process itself, i.e. manipulating the relevant input fields to identify broken authentication...
CVE-2021-3047
A cryptographically weak pseudo-random number generator PRNG is used during authentication to the Palo Alto Networks PAN-OS web interface. This enables an authenticated attacker, with the capability to observe their own authentication secrets over a long duration on the PAN-OS appliance, to...
The vulnerability of the Keycloak identity and access management software lies in its authentication mechanism, which has flaws. This allows attackers to gain unauthorized access to protected information.
The vulnerability of the Keycloak identity and access management software is related to shortcomings in the WebAuthn authentication mechanism. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected information...
Improper Authentication
Overview The Utils.readChallengeTx function used in SEP-10 Stellar Web Authentication states in its function documentation that it reads and validates the challenge transaction including verifying that the serverAccountID has signed the transaction. The function does not verify that the server ha...
GHSA-6CGH-HJPW-Q3GQ Utils.readChallengeTx does not verify the server account signature
The Utils.readChallengeTx function used in SEP-10 Stellar Web Authentication states in its function documentation that it reads and validates the challenge transaction including verifying that the serverAccountID has signed the transaction. The function does not verify that the server has signed...
Utils.readChallengeTx does not verify the server account signature
The Utils.readChallengeTx function used in SEP-10 Stellar Web Authentication states in its function documentation that it reads and validates the challenge transaction including verifying that the serverAccountID has signed the transaction. The function does not verify that the server has signed...
CVE-2021-32738
js-stellar-sdk is a Javascript library for communicating with a Stellar Horizon server. The Utils.readChallengeTx function used in SEP-10 Stellar Web Authentication states in its function documentation that it reads and validates the challenge transaction including verifying that the...
CVE-2021-32738
js-stellar-sdk is a Javascript library for communicating with a Stellar Horizon server. The Utils.readChallengeTx function used in SEP-10 Stellar Web Authentication states in its function documentation that it reads and validates the challenge transaction including verifying that the...
Design/Logic Flaw
js-stellar-sdk is a Javascript library for communicating with a Stellar Horizon server. The Utils.readChallengeTx function used in SEP-10 Stellar Web Authentication states in its function documentation that it reads and validates the challenge transaction including verifying that the...
CVE-2021-32738
CVE-2021-32738 affects the js-stellar-sdk library used to interact with Stellar Horizon. The vulnerability lies in Utils.readChallengeTx, which, before version 8.2.3, did not verify that the server signature was present on the challenge transaction; however, signature verification via Utils.verif...
Weidmueller Industrial WLAN devices authorization issue vulnerability
Weidmueller Industrial WLAN devices is an industrial WIAN from Weidmueller, Germany. An authorization issue vulnerability exists in Weidmueller Industrial WLAN devices, which stems from a specially configured device hostname that causes the device to interpret selected remote traffic as local...