The vulnerability of LDAP authentication modules (mod_auth_ldap and mod_auth_ldap2) in the Prosody Jabber/XMPP server allows attackers to access sensitive data, compromise its integrity, and cause service failures.

The vulnerability of the LDAP authentication modules modauthldap and modauthldap2 in the Prosody Jabber/XMPP server relates to the improper checking of the XMPP address during the determination of whether a user has administrative access. Exploiting this vulnerability can allow an attacker to gai...

The vulnerability of the PAM module’s Python interpreter allows attackers to increase their privileges.

The vulnerability of the PAM module’s Python interpreter involves insecure management of privileges. Exploiting this vulnerability allows attackers to elevate their privileges using a specially created binary file with a setuid flag...

USN-4314-1 libpam-krb5 vulnerability

Russ Allbery discovered that pam-krb5 incorrectly handled some responses. An attacker could possibly use this issue to execute arbitrary code...

Cisco FTD Software Pluggable Authentication Module DoS (cisco-sa-20191002-ftd-fpmc-dos)

According to its self-reported version, Cisco Firepower Threat Defense FTD Software is affected by a vulnerability in the configuration of the Pluggable Authentication Module PAM due to improper resource management in the context of user session management. An authenticated, remote attacker can...

DEBIAN-CVE-2020-8086

The modauthldap and modauthldap2 Community Modules through 2020-01-27 for Prosody incompletely verify the XMPP address passed to the isadmin function. This grants remote entities admin-only functionality if their username matches the username of a local admin...

Blackboard Learn bb-auth-provider-cas authentication module input validation error vulnerability

Blackboard Learn is a learning management system from Blackboard, Inc. bb-auth-provider-cas authentication is one of the authentication modules. A security vulnerability exists in the bb-auth-provider-cas authentication module in Blackboard Learn version 2018-07-02. An attacker could exploit this...

CVE-2018-13257

The CVE-2018-13257 vulnerability affects Blackboard Learn (2018-07-02) in the bb-auth-provider-cas authentication module. The issue is HTTP host header spoofing during CAS service ticket validation, enabling a phishing attack from the CAS server login page. Connected records consistently describe...

CVE-2018-13257

The bb-auth-provider-cas authentication module within Blackboard Learn 2018-07-02 is susceptible to HTTP host header spoofing during Central Authentication Service CAS service ticket validation, enabling a phishing attack from the CAS server login page...

httpd: mod_auth_digest: access control bypass due to race condition

A race condition was found in modauthdigest when the web server was running in a threaded MPM configuration. It could allow a user with valid credentials to authenticate using another username, bypassing configured access control restrictions...

The vulnerability of the PAM module of Cisco Firepower Threat Defense’s microprogramming network interfaces, as well as the Cisco Firepower Management Center’s network management software and the Cisco FX-OS operating system, allows a perpetrator to trigger a service failure.

The vulnerability of the PAM module of Cisco Firepower Threat Defense’s microprogramming network interfaces, as well as the Cisco Firepower Management Center’s network management software and the Cisco FX-OS operating system, involves an uncontrolled consumption of resources. Exploiting this...

Regular Expression Denial Of Service (ReDoS)

webrick is vulenrable to regex denial of service. An attacker is able to crash the application by submitting malicious strings within the Authorization header to the authentication module...

DEBIAN-CVE-2019-14287

In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer account can bypass certain policy blacklists and session PAM modules, and can cause incorrect logging, by invoking sudo with a crafted user ID. For example, this allows bypass of !root configuration, and USER= logging, for a "su...

CVE-2019-12700

A vulnerability in the configuration of the Pluggable Authentication Module PAM used in Cisco Firepower Threat Defense FTD Software, Cisco Firepower Management Center FMC Software, and Cisco FXOS Software could allow an authenticated, remote attacker to cause a denial of service DoS condition. Th...

CVE-2019-12700

A vulnerability in the configuration of the Pluggable Authentication Module PAM used in Cisco Firepower Threat Defense FTD Software, Cisco Firepower Management Center FMC Software, and Cisco FXOS Software could allow an authenticated, remote attacker to cause a denial of service DoS condition. Th...

CVE-2019-12700 Cisco FTD, FMC, and FXOS Software Pluggable Authentication Module Denial of Service Vulnerability

A vulnerability in the configuration of the Pluggable Authentication Module PAM used in Cisco Firepower Threat Defense FTD Software, Cisco Firepower Management Center FMC Software, and Cisco FXOS Software could allow an authenticated, remote attacker to cause a denial of service DoS condition. Th...

CVE-2019-12700 Cisco FTD, FMC, and FXOS Software Pluggable Authentication Module Denial of Service Vulnerability

A vulnerability in the configuration of the Pluggable Authentication Module PAM used in Cisco Firepower Threat Defense FTD Software, Cisco Firepower Management Center FMC Software, and Cisco FXOS Software could allow an authenticated, remote attacker to cause a denial of service DoS condition. Th...

Cisco FTD, FMC, and FXOS Software Pluggable Authentication Module Denial of Service Vulnerability

A vulnerability in the configuration of the Pluggable Authentication Module PAM used in Cisco Firepower Threat Defense FTD Software, Cisco Firepower Management Center FMC Software, and Cisco FXOS Software could allow an authenticated, remote attacker to cause a denial of service DoS condition. Th...

DEBIAN-CVE-2019-16729

pam-python before 1.0.7-1 has an issue in regard to the default environment variable handling of Python, which could allow for local root escalation in certain PAM setups...

The vulnerability of the krb_parse_authz_data function in the SnAuthRPC module of the Secret Net Studio security system allows a hacker to trigger a service failure.

The vulnerability of the krbparseauthzdata function in the SnAuthRPC module of the Secret Net Studio security system is related to buffer overflow attacks. Exploiting this vulnerability could allow a malicious actor to cause service interruptions remotely...

httpd: Weak Digest auth nonce generation in mod_auth_digest

In Apache httpd 2.2.0 to 2.4.29, when generating an HTTP Digest authentication challenge, the nonce sent to prevent reply attacks was not correctly generated using a pseudo-random seed. In a cluster of servers using a common Digest authentication configuration, HTTP requests could be replayed...