3 matches found
Moab Authentication Bypass (insecure message signing) [CVE-2014-5376]
Moab Authentication Bypass insecure message signing : CVE-2014-5376 Software: Moab Affected Versions: Dependent on configuration, can affect all versions of Moab including Moab 8 CVE Reference: CVE-2014-5376 Author: John Fitzpatrick, Luke Jennings MWR Labs http://labs.mwrinfosecurity.com/ Severit...
CVE-2014-5376
Moab Authentication Bypass (CVE-2014-5376): Moab before 7.2.9 and 8 before 8.0.0 can sign messages with a pre-generated key, bypassing validation that the signing user matches the actor in the message. This allows remote authenticated users to impersonate arbitrary users via the actor field, enab...
Moab Insecure Message Signing Authentication Bypass
Moab Authentication Bypass insecure message signing : CVE-2014-5376 Software: Moab Affected Versions: Dependent on configuration, can affect all versions of Moab including Moab 8 CVE Reference: CVE-2014-5376 Author: John Fitzpatrick, Luke Jennings MWR Labs http://labs.mwrinfosecurity.com/ Severit...