152 matches found
CVE-2024-45785
MUSASI version 3 contains an issue with use of client-side authentication. If this vulnerability is exploited, other users' credential and sensitive information may be retrieved...
CVE-2024-45785
MUSASI version 3 is affected by a client-side authentication flaw (CWE-603) that can allow a user to fetch another user’s credentials and sensitive information. Multiple sources (CVE-2024-45785 entries across NVD, JVN, Red Hat, and vendor advisories) confirm the issue arises from authentication l...
CVE-2024-45785
MUSASI version 3 contains an issue with use of client-side authentication. If this vulnerability is exploited, other users' credential and sensitive information may be retrieved...
PT-2024-31765 · Musasi · Musasi
Name of the Vulnerable Software and Affected Versions: MUSASI version 3 Description: The issue is related to the use of client-side authentication. If exploited, it may allow retrieval of other users' credentials and sensitive information. Recommendations: For MUSASI version 3, consider disabling...
MUSASI version 3 performing authentication on client-side
Overview MUSASI provided by NEUMANN CO.LTD. is an e-learning system for driving schools. MUSASI version 3 performs authentication within the client-side code CWE-603, and the client in pre-authentication state retrieves the credential information from the server just when a user ID is input. This...
CVE-2024-39375 Use of Client-Side Authentication in TELSAT marKoni FM Transmitter
TELSAT marKoni FM Transmitters are vulnerable to an attacker bypassing authentication and gaining administrator privileges...
TELSAT marKoni FM Transmitter
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION : Exploitable remotely/low attack complexity/public exploits are available Vendor : marKoni Equipment : Markoni-D Compact FM Transmitters, Markoni-DH Exciter+Amplifiers FM Transmitters Vulnerabilities : Command Injection, Use of Hard-coded...
U.S. Dept Of Defense: Client side authentication leads to Auth Bypass
A client-side authentication vulnerability was discovered that allowed an attacker to bypass authentication and access sensitive data. By setting a specific parameter in the local storage, the attacker could gain access to the data without providing the correct password. The vulnerability was...
CVE-2022-3218
Due to a reliance on client-side authentication, the WiFi Mouse Mouse Server from Necta LLC's authentication mechanism is trivially bypassed, which can result in remote code execution...
Remote code execution
Due to a reliance on client-side authentication, the WiFi Mouse Mouse Server from Necta LLC's authentication mechanism is trivially bypassed, which can result in remote code execution...
CVE-2022-3218
CVE-2022-3218 concerns the WiFi Mouse (Mouse Server) from Necta LLC, where authentication is implemented entirely on the client side, enabling a bypass that can lead to remote code execution. Multiple connected sources provide concrete details: (1) NVD/NVDC notes a client-side auth bypass allowin...
PT-2022-21141 · Necta Llc · Wifi Mouse
Name of the Vulnerable Software and Affected Versions: WiFi Mouse Mouse Server from Necta LLC affected versions not specified Description: The issue arises due to the WiFi Mouse Mouse Server's reliance on client-side authentication, which allows its authentication mechanism to be easily bypassed...
Necta WiFi Mouse 授权问题漏洞
Necta WiFi Mouse is a wireless mouse from Necta. A security vulnerability exists in Necta WiFi Mouse version 1.7.8.5, which stems from the fact that due to the reliance on client-side authentication, the authentication mechanism can be easily bypassed, which could lead to remote code execution...
The vulnerability of the SCADA system SIMATIC WinCC, related to the possibility of using authentication on the client side, allows attackers to increase their privileges.
The vulnerability of the SCADA system SIMATIC WinCC is related to the possibility of using authentication on the client side. Exploiting this vulnerability can allow a malicious actor to increase their privileges remotely...
CVE-2022-33139
A vulnerability has been identified in Cerberus DMS All versions, Desigo CC All versions, Desigo CC Compact All versions, SIMATIC WinCC OA V3.16 All versions in default configuration, SIMATIC WinCC OA V3.17 All versions in non-default configuration, SIMATIC WinCC OA V3.18 All versions in...
CVE-2022-33139
A vulnerability has been identified in Cerberus DMS All versions, Desigo CC All versions, Desigo CC Compact All versions, SIMATIC WinCC OA V3.16 All versions in default configuration, SIMATIC WinCC OA V3.17 All versions in non-default configuration, SIMATIC WinCC OA V3.18 All versions in...
Default configuration
A vulnerability has been identified in Cerberus DMS All versions, Desigo CC All versions, Desigo CC Compact All versions, SIMATIC WinCC OA V3.16 All versions in default configuration, SIMATIC WinCC OA V3.17 All versions in non-default configuration, SIMATIC WinCC OA V3.18 All versions in...
PT-2022-3046 · Siemens · Simatic Wincc Oa V3.17 +4
Name of the Vulnerable Software and Affected Versions: Cerberus DMS versions all Desigo CC versions all Desigo CC Compact versions all SIMATIC WinCC OA V3.16 versions all SIMATIC WinCC OA V3.17 versions all SIMATIC WinCC OA V3.18 versions all Description: A vulnerability has been identified in th...
Siemens WinCC OA
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SIMATIC WinCC OA Vulnerability: Use of Client-side Authentication CISA is aware of a public report, known as “OT:ICEFALL” that details vulnerabilities found in multiple operational...
CVE-2022-31463
Owl Labs Meeting Owl 5.2.0.15 does not require a password for Bluetooth commands, because only client-side authentication is used...