CVE-2022-4498

CVE-2022-4498 affects TP-Link WR710N-V1-151022 and Archer C5-V2-160201 via the httpd daemon. A crafted HTTP Basic Authentication input can trigger a heap overflow in httpd, yielding either a DoS (crash) or arbitrary code execution on affected devices. Public sources (CERT/CC and NVD entries) corr...

PT-2022-6285 · Tp Link · Tp-Link Archer C5 +1

Name of the Vulnerable Software and Affected Versions: TP-Link Archer C5 version 2 TP-Link WR710N version 1 Description: The issue is related to a heap-based buffer overflow when handling packets, which can be exploited by a remote attacker to execute arbitrary code or cause a denial of service...

CVE-2022-45956

Boa Web Server versions 0.94.13 through 0.94.14 fail to validate the correct security constraint on the HEAD HTTP method allowing everyone to bypass the Basic Authorization mechanism...

Prometheus vulnerable to basic authentication bypass

Impact Prometheus can be secured by a web.yml file that specifies usernames and hashed passwords for basic authentication. Passwords are hashed with bcrypt, which means that even if you have access to the hash, it is very hard to find the original password back. However, a flaw in the way this...

CVE-2022-33321

Cleartext Transmission of Sensitive Information vulnerability due to the use of Basic Authentication for HTTP connections in Mitsubishi Electric consumer electronics products PHOTOVOLTAIC COLOR MONITOR ECO-GUIDE, HEMS adapter, Wi-Fi Interface, Air Conditioning, Induction hob, Mitsubishi Electric...

CVE-2022-33321

Cleartext Transmission of Sensitive Information vulnerability due to the use of Basic Authentication for HTTP connections in Mitsubishi Electric consumer electronics products PHOTOVOLTAIC COLOR MONITOR ECO-GUIDE, HEMS adapter, Wi-Fi Interface, Air Conditioning, Induction hob, Mitsubishi Electric...

Design/Logic Flaw

Cleartext Transmission of Sensitive Information vulnerability due to the use of Basic Authentication for HTTP connections in Mitsubishi Electric consumer electronics products PHOTOVOLTAIC COLOR MONITOR ECO-GUIDE, HEMS adapter, Wi-Fi Interface, Air Conditioning, Induction hob, Mitsubishi Electric...

CVE-2022-33321

Cleartext Transmission of Sensitive Information vulnerability due to the use of Basic Authentication for HTTP connections in Mitsubishi Electric consumer electronics products PHOTOVOLTAIC COLOR MONITOR ECO-GUIDE, HEMS adapter, Wi-Fi Interface, Air Conditioning, Induction hob, Mitsubishi Electric...

Mitsubishi Electric consumer electronics products 安全漏洞

Mitsubishi Electric consumer electronics products is a line of consumer electronics products from Mitsubishi Electric Corporation Mitsubishi Electric of Japan. A security vulnerability exists in Mitsubishi Electric consumer electronics products that stems from the use of basic authentication for...

CVE-2022-33321

Summary: CVE-2022-33321 is a vulnerability in Mitsubishi Electric consumer electronics products caused by using Basic Authentication over HTTP. This cleartext transmission can let a remote, unauthenticated attacker sniff credentials (username/password) and potentially cause a DoS. Affected produc...

CVE-2022-33321

Cleartext Transmission of Sensitive Information vulnerability due to the use of Basic Authentication for HTTP connections in Mitsubishi Electric consumer electronics products PHOTOVOLTAIC COLOR MONITOR ECO-GUIDE, HEMS adapter, Wi-Fi Interface, Air Conditioning, Induction hob, Mitsubishi Electric...

Authentication Bypass

github.com/brokercap/bifrost is vulnerable to authentication bypass. The vulnerability exists in multiple functions of ajax.js because of removing the X-Requested-With: XMLHttpRequest field from the request header which allows an attacker to bypass permission using HTTP basic authentication...

Support Statement - Exchange Online Basic Authentication Deprecation

Purpose This article provides information on actions that must be taken to ensure Veeam Backup for Microsoft 365 will continue to function after the Basic Authentication Deprecation in Exchange Online. Associated Error Messages The following errors may be shown in Veeam Backup for Microsoft 365...

Bifrost Licensing Issue Vulnerability

Bifrost is a middleware package that synchronizes MySQL MariaDB binary log data to other types of databases.Bifrost 1.8.6-release and earlier versions are vulnerable to authorization issues, which stem from its vulnerability to authentication bypass when using HTTP basic authentication, which can...

Brokercap Bifrost subject to authentication bypass when using HTTP basic authentication

Bifrost is a middleware package which can synchronize MySQL/MariaDB binlog data to other types of databases. Versions 1.8.6-release and prior are vulnerable to authentication bypass when using HTTP basic authentication. This may allow group members who only have read permissions to write requests...

GHSA-P6FH-XC6R-G5HW Brokercap Bifrost subject to authentication bypass when using HTTP basic authentication

Bifrost is a middleware package which can synchronize MySQL/MariaDB binlog data to other types of databases. Versions 1.8.6-release and prior are vulnerable to authentication bypass when using HTTP basic authentication. This may allow group members who only have read permissions to write requests...

Authentication Bypass

github.com/brokercap/bifrost is vulnerable to authentication bypass. The vulnerability exists in common.go because the write permission limit for monitor group is not properly defined which allows an attacker to bypass permission using HTTP basic authentication...

CVE-2022-39219

Summary: CVE-2022-39219 affects the Bifrost middleware (used to synchronize MySQL/MariaDB binlogs to other databases). Versions 1.8.6-release and earlier are vulnerable to an authentication bypass when HTTP basic authentication is used, potentially allowing a user with read permissions to perform...

PT-2022-24818 · Oracle +1 · Mysql Server +1

Name of the Vulnerable Software and Affected Versions: Bifrost versions 1.8.6-release and prior Description: Bifrost is a middleware package that synchronizes MySQL/MariaDB binlog data to other types of databases. The issue allows group members with only read permissions to write requests when th...

Bifrost 授权问题漏洞

Bifrost is a middleware package that synchronizes MySQL MariaDB binary log data to other types of databases.Bifrost 1.8.6-release and earlier versions are vulnerable to authorization issues, which stem from its vulnerability to authentication bypass when using HTTP basic authentication, which can...