820 matches found
Seraph in Confluence 3.5 environment no longer able to instantiate custom authenticator
Customer using custom authenticator no longer works in Confluence 3.5 despite updates to latest API, latest Atlassian SDK, and building against Confluence 3.5 and embedded Crowd. See attached error log from customer. In brief, error is: noformat Caused by:...
Seraph in Confluence 3.5 environment no longer able to instantiate custom authenticator
Customer using custom authenticator no longer works in Confluence 3.5 despite updates to latest API, latest Atlassian SDK, and building against Confluence 3.5 and embedded Crowd. See attached error log from customer. In brief, error is: noformat Caused by:...
Seraph in Confluence 3.5 environment no longer able to instantiate custom authenticator
Customer using custom authenticator no longer works in Confluence 3.5 despite updates to latest API, latest Atlassian SDK, and building against Confluence 3.5 and embedded Crowd. See attached error log from customer. In brief, error is: noformat Caused by:...
VSR Advisories: Citrix Access Gateway Command Injection Vulnerability
VSR Security Advisory http://www.vsecurity.com/ -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Advisory Name: Citrix Access Gateway Command Injection Vulnerability Release Date: 2010-12-21 Application: Citrix Access Gateway Versions: Access Gateway Enterprise...
Confluence features that require password confirmation (websudo, captcha) do not work with custom authentication
When user is required to confirm the password, Confluence always checks the entered password against the internally stored user/password. If an instance is configured to use custom authentication which is different from atlassian-user, the password validation will fail. h3. Resolution This is fix...
Confluence features that require password confirmation (websudo, captcha) do not work with custom authentication
When user is required to confirm the password, Confluence always checks the entered password against the internally stored user/password. If an instance is configured to use custom authentication which is different from atlassian-user, the password validation will fail. h3. Resolution This is fix...
Debian Security Advisory DSA 1065-1 (hostapd)
The remote host is missing an update to hostapd announced via advisory DSA 1065-1. Matteo Rosi and Leonardo Maccari discovered that hostapd, a wifi network authenticator daemon, performs insufficient boundary checks on a key length value, which might be exploited to crash the service. The old...
Debian: Security Advisory (DSA-1065-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] Fedora 7 Update: wpa_supplicant-0.5.7-3.fc7
wpasupplicant is a WPA Supplicant for Linux, BSD and Windows with support for WPA and WPA2 IEEE 802.11i / RSN. Supplicant is the IEEE 802.1X/WPA component that is used in the client stations. It implements key negotiation with a WPA Authenticator and it controls the roaming and IEEE 802.11...
[SECURITY] [DSA 1065-1] New hostapd packages fix denial of service
-------------------------------------------------------------------------- Debian Security Advisory DSA 1065-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff May 19th, 2006 http://www.debian.org/security/faq -...
DSA-1065-1 hostapd - missing input sanitising
Bulletin has no description...
OpenBSD wuth RADIUS authorization module unauthorized access
Response authenticator is not checked, it allows to spoof response from RADIUS server...
Enhance Seraph SSO support to create users automatically
Users of SSO systems generally also have some sort of external user management. As a simple first step, JIRA's SSO authenticator could create an OSUser account in JIRA if the SSO authentication succeeds...
Re: More problems with RADIUS (protocol and implementations)
I note that the original message didn't cite my short message to Bugtraq about security issues with RADIUS: http://cert.uni-stuttgart.de/archive/bugtraq/2000/12/msg00332.html Some points in that message were also covered by Joshua, he added a number of good points, and missed a few others...
More problems with RADIUS (protocol and implementations)
Hello bugtraq, There are more problems in RADIUS protocol and some of implementations: 1. There is no way RADIUS server can validate Access-Request packet really originated by NAS RADIUS client before and even after, if packet has no User-Password attribute decoding all attributes. It opens a...
Secure Computing e.iD Authenticator for Palm 2.0 - PIN Brute Force
Secure Computing e.iD Authenticator for Palm 2.0 - PIN Brute Force source: https://www.securityfocus.com/bid/2105/info Summary: An attacker that obtains access to the "sceiddb.pdb" file, part of Secure Computing's e.iD Authenticator for Palm, can determine the user's PIN. Problem Description:...
Secure Computing e.iD Authenticator for Palm 2.0 - PIN Brute Force
source: https://www.securityfocus.com/bid/2105/info Summary: An attacker that obtains access to the "sceiddb.pdb" file, part of Secure Computing's e.iD Authenticator for Palm, can determine the user's PIN. Problem Description: Secure Computing's SafeWord is a system of authentication services tha...
National Science Foundation Squid Web Proxy 1.01.12.1 - Authentication Failure
National Science Foundation Squid Web Proxy 1.01.12.1 - Authentication Failure source: https://www.securityfocus.com/bid/741/info There is a vulnerability present in certain versions of the Squid Web Proxy Cache developed by the National Science Foundation. This problem is only in effect when use...
National Science Foundation Squid Web Proxy 1.0/1.1/2.1 - Authentication Failure
source: https://www.securityfocus.com/bid/741/info There is a vulnerability present in certain versions of the Squid Web Proxy Cache developed by the National Science Foundation. This problem is only in effect when users of the cache are using an external authenticator. The following is quoted fr...
CVE-2026-45063: Identity Spoofing via Unanchored DN Regex in X509Authenticator
More info at https://symfony.com/cve-2026-45063...