Input validation

An improper validation of certificate with host mismatch CWE-297 vulnerability in FortiOS versions 6.4.6 and below may allow the connection to a malicious LDAP server via options in GUI, leading to disclosure of sensitive information, such as AD credentials...

CVE-2021-41019

An improper validation of certificate with host mismatch CWE-297 vulnerability in FortiOS versions 6.4.6 and below may allow the connection to a malicious LDAP server via options in GUI, leading to disclosure of sensitive information, such as AD credentials...

Protect

An improper validation of certificate with host mismatch CWE-297 vulnerability in FortiOS may allow the connection to a malicious LDAP server via options in GUI, leading to disclosure of sensitive information, such as AD credentials...

CVE-2020-13793

Unsafe storage of AD credentials in Ivanti DSM netinst 5.1 due to a static, hard-coded encryption key...

CVE-2020-13793

CVE-2020-13793 affects Ivanti DSM netinst 5.1, where AD credentials are stored insecurely due to a static, hard-coded encryption key. According to the connected records, the CVSS-3.1 base score is 9.8 (CRITICAL) with network attack vector, no privileges required, and high impact on confidentialit...

Single Sign on Support for Linux Receiver

This article is intended for Citrix administrators and technical teams only. Non-admin users must contact their company’s Help Desk/IT support team and can refer to CTX297149 for more information. Question The client wants to achieve authenticated access to XenApp/XenDesktop infrastructure via...

CVE-2010-0214

The administrative interface on the PolyVision RoomWizard with firmware 3.2.3 places the Sync Connector Active Directory AD credentials in a web form that is accessed over HTTP on port 80, which allows remote attackers to obtain sensitive information by reading the HTML source code corresponding ...