CVE-2020-5922

In BIG-IP versions 15.0.0-15.1.0.4, 14.1.0-14.1.2.6, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.2, iControl REST does not implement Cross Site Request Forgery protections for users which make use of Basic Authentication in a web browser...

SUSE-SU-2020:14460-1 Security update for squid3

This update for squid3 fixes the following issues: - Fixed a Cache Poisoning and Request Smuggling attack CVE-2020-15049, bsc1173455 - Fixed incorrect buffer handling that can result in cache poisoning, remote execution, and denial of service attacks when processing ESI responses CVE-2019-12519,...

chromium-browser: Incorrect security UI in basic auth

Incorrect security UI in basic auth in Google Chrome on iOS prior to 84.0.4147.89 allowed a remote attacker to spoof the contents of the Omnibox URL bar via a crafted HTML page...

GHSA-W542-CPP9-R3G7 Field Test CSRF vulnerability

The Field Test dashboard is vulnerable to cross-site request forgery CSRF with non-session based authentication methods in versions v0.2.0 through v0.3.2. Impact The Field Test dashboard is vulnerable to CSRF with non-session based authentication methods, like basic authentication. Session-based...

CVE-2020-6528

Incorrect security UI in basic auth in Google Chrome on iOS prior to 84.0.4147.89 allowed a remote attacker to spoof the contents of the Omnibox URL bar via a crafted HTML page...

DEBIAN-CVE-2020-6528

Incorrect security UI in basic auth in Google Chrome on iOS prior to 84.0.4147.89 allowed a remote attacker to spoof the contents of the Omnibox URL bar via a crafted HTML page...

UBUNTU-CVE-2020-6528

Incorrect security UI in basic auth in Google Chrome on iOS prior to 84.0.4147.89 allowed a remote attacker to spoof the contents of the Omnibox URL bar via a crafted HTML page...

CVE-2020-6528

Incorrect security UI in basic auth in Google Chrome on iOS prior to 84.0.4147.89 allowed a remote attacker to spoof the contents of the Omnibox URL bar via a crafted HTML page...

Unspecified Vulnerability in Google Chrome Basic Auth

Chrome is a simple and efficiently designed web browsing tool developed by Google that is characterized by its simplicity and speed. A security vulnerability exists in Basic Auth in versions prior to Google Chrome 84.0.4147.89, which stems from an incorrect security user interface and can be...

CVE-2020-4071

In django-basic-auth-ip-whitelist before 0.3.4, a potential timing attack exists on websites where the basic authentication is used or configured, i.e. BASICAUTHLOGIN and BASICAUTHPASSWORD is set. Currently the string comparison between configured credentials and the ones provided by users is...

PYSEC-2020-37

In django-basic-auth-ip-whitelist before 0.3.4, a potential timing attack exists on websites where the basic authentication is used or configured, i.e. BASICAUTHLOGIN and BASICAUTHPASSWORD is set. Currently the string comparison between configured credentials and the ones provided by users is...

CVE-2020-4071 Timing attack on django-basic-auth-ip-whitelist

In django-basic-auth-ip-whitelist before 0.3.4, a potential timing attack exists on websites where the basic authentication is used or configured, i.e. BASICAUTHLOGIN and BASICAUTHPASSWORD is set. Currently the string comparison between configured credentials and the ones provided by users is...

Information Disclosure

djangobasicauthipwhitelist is vulnerable to information disclosure. The vulnerability exists through a timing attack through the applied string comparison function when basic authentication is used...

Timing attack on django-basic-auth-ip-whitelist

Impact Potential timing attack exists on websites where the basic authentication is used or configured, i.e. BASICAUTHLOGIN and BASICAUTHPASSWORD is set. Currently the string comparison between configured credentials and the ones provided by users is performed through a character-by-character...

GHSA-M38J-PMG3-V5X5 Timing attack on django-basic-auth-ip-whitelist

Impact Potential timing attack exists on websites where the basic authentication is used or configured, i.e. BASICAUTHLOGIN and BASICAUTHPASSWORD is set. Currently the string comparison between configured credentials and the ones provided by users is performed through a character-by-character...

Mattermost Desktop App Authorization Issue Vulnerability

Mattermost Desktop App is a messaging desktop application from Mattermost USA. An authorization issue vulnerability exists in Mattermost Desktop App versions prior to 4.4.0, which stems from the program failing to properly handle the popup of the HTTP Basic Authentication box and can be exploited...

CVE-2020-14455

An issue was discovered in Mattermost Desktop App before 4.4.0. Prompting for HTTP Basic Authentication is mishandled, allowing phishing, aka MMSA-2020-0007...

CVE-2020-14455

An issue was discovered in Mattermost Desktop App before 4.4.0. Prompting for HTTP Basic Authentication is mishandled, allowing phishing, aka MMSA-2020-0007...

Authentication flaw

An issue was discovered in Mattermost Desktop App before 4.4.0. Prompting for HTTP Basic Authentication is mishandled, allowing phishing, aka MMSA-2020-0007...

CVE-2020-14455

An issue was discovered in Mattermost Desktop App before 4.4.0. Prompting for HTTP Basic Authentication is mishandled, allowing phishing, aka MMSA-2020-0007...