CVE-2026-41103

Incorrect implementation of authentication algorithm in Microsoft SSO Plugin for Jira & Confluence allows an unauthorized attacker to elevate privileges over a network...

Use of Hard-coded Credentials

Overview Affected versions of this package are vulnerable to Use of Hard-coded Credentials in the AuthN implementation. An attacker can gain unauthorized access to sensitive information, escalate privileges, and tamper with data by leveraging hard-coded credentials. Remediation Upgrade...

CVE-2024-8158 User impersonation for lib9p based 9p fileservers

A bug in the 9p authentication implementation within lib9p allows an attacker with an existing valid user within the configured auth server to impersonate any other valid filesystem user. This is due to lib9p not properly verifying that the uname given in the Tauth and Tattach 9p messages matches...

RC4 Is Still Considered Harmful

By James Forshaw, Project Zero I've been spending a lot of time researching Windows authentication implementations, specifically Kerberos. In June 2022 I found an interesting issue number 2310 with the handling of RC4 encryption that allowed you to authenticate as another user if you could either...

CVE-2015-2370

The authentication implementation in the RPC subsystem in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not prevent DCE/RPC connection...