Mageia: Security Advisory (MGASA-2017-0371)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2021-43298

The code that performs password matching when using 'Basic' HTTP authentication does not use a constant-time memcmp and has no rate-limiting. This means that an unauthenticated network attacker can brute-force the HTTP basic password, byte-by-byte, by recording the webserver's response time until...

Embedthis Software GoAhead 安全漏洞

Embedthis Software GoAhead is an embedded Web server from Embedthis Software. A security vulnerability exists in Embedthis Software GoAhead, which stems from the fact that the code that performs password matching during "basic" HTTP authentication does not use the constant time memcmp and is not...

The vulnerability in the user interface of the basic authentication mechanism for Google Chrome allows a hacker to manipulate the URL input by using a specially created HTML page.

The vulnerability of the basic authentication user interface of Google Chrome is related to information representation errors in the user interface. Exploiting this vulnerability can allow a malicious actor to forge the URL content using a specially created HTML page...

Cross-site Scripting (XSS)

monit:stretch is vulnerable to cross-site scripting. Lack of proper sanitization in http/cervlet.c allows a remote unauthenticated attacker to introduce arbitrary JavaScript via manipulation of an unsanitized user field of the Authorization header for HTTP Basic Authentication, which is mishandle...

AuthGuard 授权问题漏洞

AuthGuard is easy to use and easy to customize identity server. It supports multiple authentication and authorization options, and can be extended to support additional options or add new features. It is an API-only solution and currently has no dedicated dashboard. an authorization issue...

The vulnerability of the “Basic HTTP Authentication” method for the Ethernet web application of the WISE-4060 module allows a attacker to gain access to confidential information.

The vulnerability of the “Basic HTTP Authentication” method in the Ethernet web application of the WISE-4060 module involves the transmission of data in an open manner. Exploiting this vulnerability could allow a remote attacker to gain access to confidential information...

CVE-2021-39890

It was possible to bypass 2FA for LDAP users and access some specific pages with Basic Authentication in GitLab 14.1.1 and above...

CVE-2021-39890

It was possible to bypass 2FA for LDAP users and access some specific pages with Basic Authentication in GitLab 14.1.1 and above...

Authentication flaw

It was possible to bypass 2FA for LDAP users and access some specific pages with Basic Authentication in GitLab 14.1.1 and above...

UBUNTU-CVE-2021-39890

It was possible to bypass 2FA for LDAP users and access some specific pages with Basic Authentication in GitLab 14.1.1 and above...

CVE-2021-39890

CVE-2021-39890 affects GitLab 14.1.1 and later and allows bypassing 2FA for LDAP users and accessing certain pages via Basic Authentication. The connected documents confirm the issue and affected product/version, but do not provide a detailed root-cause description or patch-level remediation with...

CVE-2021-39890

It was possible to bypass 2FA for LDAP users and access some specific pages with Basic Authentication in GitLab 14.1.1 and above...

CVE-2021-39890

Removed by vendor...

PT-2021-22737 · Gitlab · Gitlab

Name of the Vulnerable Software and Affected Versions: GitLab versions 14.1.1 and above Description: The issue allows bypassing 2FA for LDAP users and accessing specific pages using Basic Authentication. Recommendations: For GitLab versions 14.1.1 and above, at the moment, there is no information...

Basic Authentication Detected

The scanner detected the presence of a web page protected by a 'Basic' authentication. No source data...

Basic Authentication Bruteforced

The scanner successfully authenticated on the target web application by using weak credentials in the request basic authentication HTTP header. No source data...

LiquidFiles 3.5.13 Privilege Escalation Vulnerability

=============================================================================== title: LiquidFiles Privilege Escalation product: LiquidFiles v3.5.13 vulnerability type: Privilege Escalation severity: Medium CVSSv3 score: 6.7 CVSSv3 vector: AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L found: 2021-10-29 by:...

python: urllib: Regular expression DoS in AbstractBasicAuthHandler

There's a flaw in urllib's AbstractBasicAuthHandler class. An attacker who controls a malicious HTTP server that an HTTP client such as web browser connects to, could trigger a Regular Expression Denial of Service ReDOS during an authentication request with a specially crafted payload that is sen...

CVE-2021-42763

Couchbase Server before 6.6.3 and 7.x before 7.0.2 stores Sensitive Information in Cleartext. The issue occurs when the cluster manager forwards a HTTP request from the pluggable UI query workbench etc to the specific service. In the backtrace, the Basic Auth Header included in the HTTP request,...