UPDATE: Cisco Security Notice: Dictionary Attack on Cisco LEAP Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Notice: Dictionary Attack on Cisco LEAP Vulnerability Revision 2.0 Last Updated 2004 April 12 1600 UTC GMT For Public Release 2003 August 03 1600 UTC GMT ---------------------------------------------------------------------- Contents...

Release of Cisco Attack tool Asleap

In August 2003, I wrote a tool called asleap for Linux systems to exploit a weakness in the Cisco LEAP authentication protocol. Using this tool, an attacker can actively compromise Cisco LEAP networks by mounting an offline dictionary attack against weak user passwords. In my testing, I was able ...

CVE-2003-1096

The Cisco LEAP challenge/response authentication mechanism uses passwords in a way that is susceptible to dictionary attacks, which makes it easier for remote attackers to gain privileges via brute force password guessing attacks...

Kerio MailServer 5.6.3 Remote Buffer Overflow Exploit

Exploit for linux platform in category remote exploits ===================================================== Kerio MailServer 5.6.3 Remote Buffer Overflow Exploit ===================================================== / Remote Buffer Overflow Exploit for Kerio MailServer 5.6.3 / /...

Kerio MailServer 5.6.3 - Remote Buffer Overflow

Kerio MailServer 5.6.3 - Remote Buffer Overflow / Remote Buffer Overflow Exploit for Kerio MailServer 5.6.3 / / ========================================= / / By B-r00t / / / / In response to the Kerio Mailserver vulnerabilities / / discovered by David F.Madrid. / / / / Although this exploit...

Kerio MailServer 5.6.3 - Remote Buffer Overflow

/ Remote Buffer Overflow Exploit for Kerio MailServer 5.6.3 / / ========================================= / / By B-r00t / / / / In response to the Kerio Mailserver vulnerabilities / / discovered by David F.Madrid. / / / / Although this exploit requires valid authentication / / details, it is...

kerio563.txt

/ Remote Buffer Overflow Exploit for Kerio MailServer 5.6.3 / / ========================================================= / / By B-r00t ok rcpt to: [email protected] 550 5.1.1 Mailbox does not exist rcpt to:[email protected] 250 2.1.5 Recipient ok local ok local user fred seems to...

Remote Desktop Protocol Service Detection

The Remote Desktop Protocol allows a user to remotely obtain a graphical login and therefore act as a local user on the remote host. If an attacker gains a valid login and password, this service could be used to gain further access on the remote host. An attacker may also use this service to moun...

X Display Manager Control Protocol (XDMCP) Detection

The X Display Manager Control Protocol XDMCP service allows a Unix user to remotely obtain a graphical X11 login and therefore act as a local user on the remote host. If an attacker can gain a valid login and password, this service could be used to gain further access on the remote host. An...

CVE-1999-1073

Excite for Web Servers EWS 1.1 records the first two characters of a plaintext password in the beginning of the encrypted password, which makes it easier for an attacker to guess passwords via a brute force or dictionary attack...

Dallas Semiconductor iButton DS1991 vulnerable to dictionary attack

Overview The Dallas Semiconductor iButton DS1991 is vulnerable to a dictionary attack, allowing an intruder to recover passwords. Description The Dallas Semiconductor iButton DS1911 stores 1 kilobyte of data in 3 separate password-protected areas. It includes functionality intended to prevent...

Check Point Software Firewall-1 3.0/1 4.0/1 4.1 - Session Agent Dictionary Attack (2)

source: https://www.securityfocus.com/bid/1662/info A vulnerability exists in all versions of the Check Point Session Agent, part of Firewall-1. Session Agent works in such a way that the firewall will establish a connection back to the client machine. Upon doing so, it will prompt for a username...

Firewall-1 session agent 3.0 -> 4.1, dictionnary and brute force attack

hi, every session agents from 3.0 to 4.1 4.1 included, all plateforms are vulnerables to a brute force and dictionnary style password attack. while authenticating a user through his port 261, firewall modules send a "331 User:" string to the agent, wait for an answer, and then reply with a "220...

Check Point Software Firewall-1 3.01 4.01 4.1 - Session Agent Dictionary Attack (1)

Check Point Software Firewall-1 3.01 4.01 4.1 - Session Agent Dictionary Attack 1 source: https://www.securityfocus.com/bid/1662/info A vulnerability exists in all versions of the Check Point Session Agent, part of Firewall-1. Session Agent works in such a way that the firewall will establish a...

pptp.revisited.txt

Date: Sat, 13 Feb 1999 11:28:40 -0800 From: [email protected] To: [email protected] Subject: PPTP Revisited The following text is in the "iso-8859-1" character set. Your display is set for the "US-ASCII" character set. Some characters may be displayed incorrectly. Lots of people have aske...

Microsoft IIS 5.0 - User Existence Disclosure (2)

Microsoft IIS 5.0 - User Existence Disclosure 2 source: https://www.securityfocus.com/bid/7492/info Microsoft IIS is prone to an issue where the existence of users may be revealed to remote attackers. The vulnerability exists when users attempt to authenticate against a vulnerable system. IIS wil...

Microsoft IIS 5.0 - User Existence Disclosure (1)

Microsoft IIS 5.0 - User Existence Disclosure 1 source: https://www.securityfocus.com/bid/7492/info Microsoft IIS is prone to an issue where the existence of users may be revealed to remote attackers. The vulnerability exists when users attempt to authenticate against a vulnerable system. IIS wil...

CVE-1999-1073

Excite for Web Servers EWS 1.1 records the first two characters of a plaintext password in the beginning of the encrypted password, which makes it easier for an attacker to guess passwords via a brute force or dictionary attack...