CVE-2024-7401 Client Enrollment Process Bypass

Netskope was notified about a security gap in Netskope Client enrollment process where NSClient is using a static token “Orgkey” as authentication parameter. Since this is a static token, if leaked, cannot be rotated or revoked. A malicious actor can use this token to enroll NSClient from a...

CVE-2024-7401 Client Enrollment Process Bypass

Netskope was notified about a security gap in Netskope Client enrollment process where NSClient is using a static token “Orgkey” as authentication parameter. Since this is a static token, if leaked, cannot be rotated or revoked. A malicious actor can use this token to enroll NSClient from a...

CVE-2024-7401

CVE-2024-7401 affects Netskope Client enrollment: NSClient uses a static OrgKey token as authentication parameter, which cannot be rotated if leaked. Root cause is the static token in the enrollment flow; impact is impersonation by enrolling NSClient from a customer tenant. Public fix details are...

Man-in-the-Middle (MitM)

ipa is vulnerable to man-in-the-middle attack. There is no secure way to provide the ipa server's Certificate Authority CA certificate to a client during join, which limited the client's ability to authenticate and verify the server. This allows an attacker to perform a man-in-the-middle attack...

[CVE- Requested][Vembu Storegrid - Multiple Critical Vulnerabilities]

Advisory Overview Multiple vulnerabilities exist in the Vembu Storegrid Backup and Disaster Recovery solution affecting both the client and server software see Additional Information section include but are not limited to reflected XSS, source code/sensitive information disclosure, privilege...