408 matches found
RHEL 3 / 4 : freeradius (RHSA-2006:0271)
Updated freeradius packages that fix an authentication weakness are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. FreeRADIUS is a high-performance and highly configurable free RADIUS server designed to allow centralized...
CVE-2001-1517
CVE-2001-1517 affects Windows 2000 RunAs (runas.exe). The issue is that cleartext authentication data is stored in memory, potentially allowing a attacker to recover usernames and passwords by a process sharing the same memory page after a RunAs operation ends. Evidence in connected sources confi...
Cerberus FTP Server 2.1 - Information Disclosure
Cerberus FTP Server 2.1 - Information Disclosure source: https://www.securityfocus.com/bid/7369/info It has been reported that Cerberus FTP Server is prone to an information disclosure weakness. The problem exists in the way the FTP server handles the authentication procedure. An attacker may...
Qpopper 34 - Username Information Disclosure
Qpopper 34 - Username Information Disclosure source: https://www.securityfocus.com/bid/7110/info An information disclosure weakness has been reported for Qpopper when authenticating. The weakness is due to the fact that if a valid username is sent with a bad password, Qpopper will wait a small...
Qpopper 3/4 - 'Username' Information Disclosure
source: https://www.securityfocus.com/bid/7110/info An information disclosure weakness has been reported for Qpopper when authenticating. The weakness is due to the fact that if a valid username is sent with a bad password, Qpopper will wait a small amount of time prior to disconnecting the clien...
VNC authentication weakness
VNC authentication weakness --------------------------- VNC uses a DES-encrypted challenge-response system to avoid passing passwords over the wire in plaintext. However, it seems that a weakness in the way the challenge is generated by some servers would make this useless. The following program...
Sun SunPCi II VNC Software 2.3 - Password Disclosure
// source: https://www.securityfocus.com/bid/5146/info The SunPCi II card is a co-processor for a number of Solaris based systems, and provides PC software compatibility, including the ability to run Microsoft Windows. Driver software is available for the SunPCi card, including a Virtual Network...
Legato Networker vulnerability
There's a weakness in the authentification scheme of Legato Networker Software prior to version 6.1. When a client contacts the server, it announces in clear text via RPC his hostname or ip adress , his username and the user's groups. Then the server tries to resolve the ip adress of the machine...