CVE-2021-33880

The aaugustin websockets library before 9.1 for Python has an Observable Timing Discrepancy on servers when HTTP Basic Authentication is enabled with basicauthprotocolfactorycredentials=.... An attacker may be able to guess a password via a timing attack...

Python 安全漏洞

Python is an open source, object-oriented programming language from the Python Foundation. The language is extensible, supports modules and packages, and supports multiple platforms. A security vulnerability exists in Python's aaugustin websockets library prior to 9.1, which stems from an...

SUSE: Security Advisory (SUSE-SU-2019:2089-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2021-21335

In the SPNEGO HTTP Authentication Module for nginx spnego-http-auth-nginx-module before version 1.1.1 basic Authentication can be bypassed using a malformed username. This affects users of spnego-http-auth-nginx-module that have enabled basic authentication. This is fixed in version 1.1.1 of...

CVE-2021-21335

In the SPNEGO HTTP Authentication Module for nginx spnego-http-auth-nginx-module before version 1.1.1 basic Authentication can be bypassed using a malformed username. This affects users of spnego-http-auth-nginx-module that have enabled basic authentication. This is fixed in version 1.1.1 of...

Authentication flaw

In the SPNEGO HTTP Authentication Module for nginx spnego-http-auth-nginx-module before version 1.1.1 basic Authentication can be bypassed using a malformed username. This affects users of spnego-http-auth-nginx-module that have enabled basic authentication. This is fixed in version 1.1.1 of...

CVE-2021-21335 Basic Authentication can be bypassed using a malformed username

In the SPNEGO HTTP Authentication Module for nginx spnego-http-auth-nginx-module before version 1.1.1 basic Authentication can be bypassed using a malformed username. This affects users of spnego-http-auth-nginx-module that have enabled basic authentication. This is fixed in version 1.1.1 of...

CVE-2021-23972

One phishing tactic on the web is to provide a link with HTTP Auth. For example 'https://[email protected]'. To mitigate this type of attack, Firefox will display a warning dialog; however, this warning dialog would not have been displayed if evil.com used a redirect that was cached...

Backdoor.Win32.Agent.aak Hardcoded Credentials

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/64f2fd4dbd9039e5bc054f475eaa582a.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Agent.aak Vulnerability: Weak Hardcoded Credentials Description: The HTTP backdoor...

Fedora 32 : monitorix (2021-fc24737ebc)

The remote Fedora 32 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2021-fc24737ebc advisory. - Monitorix 3.13.0 allows remote attackers to bypass Basic Authentication in a default installation i.e., an installation without a hostsdeny option. This...

Fedora 33 : monitorix (2021-5f7da70bfe)

The remote Fedora 33 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2021-5f7da70bfe advisory. - Monitorix 3.13.0 allows remote attackers to bypass Basic Authentication in a default installation i.e., an installation without a hostsdeny option. This...

CVE-2020-14246

HCL OneTest Performance V9.5, V10.0, V10.1 uses basic authentication which is relatively weak. An attacker could potentially decode the encoded credentials...

CVE-2020-14246

HCL OneTest Performance V9.5, V10.0, V10.1 uses basic authentication which is relatively weak. An attacker could potentially decode the encoded credentials...

HCL OneTest 安全漏洞

HCL OneTest is a software testing tool from HCL India that provides multiple testing options. The software supports API testing, functional testing, UI testing, performance testing and service virtualization to support software automation testing. A security vulnerability exists in HCL OneTest...

CVE-2021-3325

Monitorix 3.13.0 allows remote attackers to bypass Basic Authentication in a default installation i.e., an installation without a hostsdeny option. This issue occurred because a new access-control feature was introduced without considering that some exiting installations became unsafe, upon an...

CVE-2021-3325

Monitorix 3.13.0 allows remote attackers to bypass Basic Authentication in a default installation i.e., an installation without a hostsdeny option. This issue occurred because a new access-control feature was introduced without considering that some exiting installations became unsafe, upon an...

CVE-2021-3325

Monitorix 3.13.0 allows remote attackers to bypass Basic Authentication in a default installation i.e., an installation without a hostsdeny option. This issue occurred because a new access-control feature was introduced without considering that some exiting installations became unsafe, upon an...

Design/Logic Flaw

Monitorix 3.13.0 allows remote attackers to bypass Basic Authentication in a default installation i.e., an installation without a hostsdeny option. This issue occurred because a new access-control feature was introduced without considering that some exiting installations became unsafe, upon an...

CVE-2021-3325

Monitorix 3.13.0 is vulnerable to bypassing Basic Authentication in default installations lacking hosts_deny configuration due to a newly introduced access-control feature not accounting for existing setups. This is evidenced across multiple sources (NVD/NV OSV/ Fedora advisories) and is addresse...

CVE-2021-3325

Monitorix 3.13.0 allows remote attackers to bypass Basic Authentication in a default installation i.e., an installation without a hostsdeny option. This issue occurred because a new access-control feature was introduced without considering that some exiting installations became unsafe, upon an...