186 matches found
CVE-2018-7534
In Stealth Authorization Server before 3.3.017.0 in Unisys Stealth Solution, an encryption key may be left in memory...
CVE-2018-7534
In Stealth Authorization Server before 3.3.017.0 in Unisys Stealth Solution, an encryption key may be left in memory...
CVE-2018-7534
The CVE-2018-7534 issue affects Unisys Stealth Solution’s Stealth Authorization Server prior to version 3.3.017.0, where an AES encryption key may remain in memory due to failures in memory encryption/garbage collection. This could allow an attacker with local access to obtain the key and perform...
Shining a Light on OAuth Abuse with PwnAuth
Introduction Spear phishing attacks are seen as one of the biggest cyber threats to an organization. It only takes one employee to enter their credentials or run some malware for an entire organization to become compromised. As such, companies devote significant resources to preventing credential...
Internet Bug Bounty: open redirect in rfc6749
OAuth Providers servers that strictly follow rfc6749 are vulnerable to open redirect. Let me explain, reading 0 If the request fails due to a missing, invalid, or mismatching redirection URI, or if the client identifier is missing or invalid, the authorization server SHOULD inform the resource...
DoS против Cisco PIX (aaa authentication flood)
При слишком большом числе одновременных запросов на авторизацию сервер перестает функционировать...