21 matches found
CVE-2020-2301
Jenkins Active Directory Plugin 2.19 and earlier allows attackers to log in as any user with any password while a successful authentication of that user is still in the optional cache when using Windows/ADSI mode...
PySQLRecon - Offensive MSSQL Toolkit Written In Python, Based Off SQLRecon
PySQLRecon is a Python port of the awesome SQLRecon project by @sanjivkawa. See the commands section for a list of capabilities. Install PySQLRecon can be installed with pip3 install pysqlrecon or by cloning this repository and running pip3 install . Commands All of the main modules from SQLRecon...
GHSA-8WCW-CW2F-H4G2 Improper Authentication (empty password) in Jenkins Active Directory Plugin
Jenkins Active Directory Plugin implements two separate modes: Integration with ADSI on Windows, and an OS agnostic LDAP-based mode. The Windows/ADSI mode does not specifically prohibit use of empty passwords in Active Directory Plugin prior to 2.20 and 2.16.1. If the Active Directory server allo...
Authentication cache in Active Directory Jenkins Plugin allows logging in with any password
Jenkins Active Directory Plugin implements two separate modes: Integration with ADSI on Windows, and an OS agnostic LDAP-based mode. Optionally, to reduce lookup time, a cache can be configured to remember user lookups and user authentications. In Active Directory Plugin prior to 2.20 and 2.16.1,...
Improper Authentication in Jenkins Active Directory Plugin
Jenkins Active Directory Plugin implements two separate modes: Integration with ADSI on Windows, and an OS agnostic LDAP-based mode. The LDAP-based mode in Active Directory Plugin starting in version 1.44 and prior to versions 2.16.1 and 2.20 shares code between user lookup and user authenticatio...
Improper Authentication (empty password) in Jenkins Active Directory Plugin
Jenkins Active Directory Plugin implements two separate modes: Integration with ADSI on Windows, and an OS agnostic LDAP-based mode. The Windows/ADSI mode does not specifically prohibit use of empty passwords in Active Directory Plugin prior to 2.20 and 2.16.1. If the Active Directory server allo...
GHSA-RF92-3VJR-W628 Improper Authentication in Jenkins Active Directory Plugin
Jenkins Active Directory Plugin implements two separate modes: Integration with ADSI on Windows, and an OS agnostic LDAP-based mode. The LDAP-based mode in Active Directory Plugin starting in version 1.44 and prior to versions 2.16.1 and 2.20 shares code between user lookup and user authenticatio...
GHSA-954F-XW44-56R2 Authentication cache in Active Directory Jenkins Plugin allows logging in with any password
Jenkins Active Directory Plugin implements two separate modes: Integration with ADSI on Windows, and an OS agnostic LDAP-based mode. Optionally, to reduce lookup time, a cache can be configured to remember user lookups and user authentications. In Active Directory Plugin prior to 2.20 and 2.16.1,...
CVE-2020-2300
Jenkins Active Directory Plugin 2.19 and earlier does not prohibit the use of an empty password in Windows/ADSI mode, which allows attackers to log in to Jenkins as any user depending on the configuration of the Active Directory server...
CVE-2020-2301
Jenkins Active Directory Plugin 2.19 and earlier allows attackers to log in as any user with any password while a successful authentication of that user is still in the optional cache when using Windows/ADSI mode...
Design/Logic Flaw
Jenkins Active Directory Plugin 2.19 and earlier does not prohibit the use of an empty password in Windows/ADSI mode, which allows attackers to log in to Jenkins as any user depending on the configuration of the Active Directory server...
Design/Logic Flaw
Jenkins Active Directory Plugin 2.19 and earlier allows attackers to log in as any user with any password while a successful authentication of that user is still in the optional cache when using Windows/ADSI mode...
CVE-2020-2301
The CVE-2020-2301 issue affects Jenkins Active Directory Plugin (versions 2.19 and earlier). In Windows/ADSI mode, the plugin’s authentication cache could cause a login to be successful for any user with any password because the provided password was not validated when a cache entry existed. This...
CVE-2020-2301
Jenkins Active Directory Plugin 2.19 and earlier allows attackers to log in as any user with any password while a successful authentication of that user is still in the optional cache when using Windows/ADSI mode...
CVE-2020-2300
Jenkins Active Directory Plugin 2.19 and earlier does not prohibit the use of an empty password in Windows/ADSI mode, which allows attackers to log in to Jenkins as any user depending on the configuration of the Active Directory server...
PT-2020-15531 · Jenkins · Jenkins Active Directory Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Active Directory Plugin versions 2.19 and earlier Jenkins Active Directory Plugin versions prior to 2.20 and 2.16.1 Description: The issue allows attackers to log in as any user with any password while a successful authentication of...
Dump Active Directory Domain Information: goddi
goddi go dump domain info dumps domain users, groups, domain controllers, and more in CSV output and it runs on Windows and Linux. Functionality StartTLS and TLS tls.Client func connections supported. Connections over TLS are default. All output goes to CSVs and are created in /csv/ in the curren...
ADSI Settings
Gather and store the ADSI parameters to be used in other plugins. TRUSTED...
Command line under a new account method-vulnerability warning-the black bar safety net
Today research about the user control panel file nusrmgr. cpl, the discovery call is to the Shell. Users to add users, it also simultaneously calls the wscript. shell, Shell. Application, Shell. LocalMachine these three components. But added to the user while this one Shell. Users is sufficient. ...
The use of components plus the user-to vulnerability and early warning-the black bar safety net
by:lcx Today research about the user control panel file nusrmgr. cpl, the discovery call is to the Shell. Users to add users, it also simultaneously calls the wscript. shell, Shell. Application, Shell. LocalMachine these three components. But added to the user while this one Shell. Users is...