AlmaLinux 9 : freeradius (ALSA-2023:2166)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:2166 advisory. - In freeradius, the EAP-PWD function computepasswordelement leaks information about the password which allows an attacker to substantially reduce the siz...

freeradius: Information leakage in EAP-PWD

In freeradius, the EAP-PWD function computepasswordelement leaks information about the password which allows an attacker to substantially reduce the size of an offline dictionary attack...

Design/Logic Flaw

The hashing algorithm of ChurchCRM v4.5.3 utilizes a non-random salt value which allows attackers to use precomputed hash tables or dictionary attacks to crack the hashed passwords...

PT-2023-20825 · Churchcrm · Churchcrm

Name of the Vulnerable Software and Affected Versions: ChurchCRM version 4.5.3 Description: The hashing algorithm utilizes a non-random salt value, allowing attackers to use precomputed hash tables or dictionary attacks to crack the hashed passwords. Recommendations: For ChurchCRM version 4.5.3,...

New ShellBot DDoS Malware Variants Targeting Poorly Managed Linux Servers

Poorly managed Linux SSH servers are being targeted as part of a new campaign that deploys different variants of a malware called ShellBot. "ShellBot, also known as PerlBot, is a DDoS Bot malware developed in Perl and characteristically uses IRC protocol to communicate with the C&C server," AhnLa...

Information Disclosure

freeradius is vulnerable to Information Disclosure. The vulnerability exists in the computepasswordelement function, which allows an attacker to substantially reduce the size of an offline dictionary attack, leaking information about the password...

Medium: freeradius

Issue Overview: The EAP-PWD function computepasswordelement leaks information about the password which allows an attacker to substantially reduce the size of an offline dictionary attack. CVE-2022-41859 When an EAP-SIM supplicant sends an unknown SIM option, the server will try to look that optio...

SUSE CVE-2020-28924

An issue was discovered in Rclone before 1.53.3. Due to the use of a weak random number generator, the password generator has been producing weak passwords with much less entropy than advertised. The suggested passwords depend deterministically on the time the second rclone was started. This limi...

SUSE CVE-2022-41859

In freeradius, the EAP-PWD function computepasswordelement leaks information about the password which allows an attacker to substantially reduce the size of an offline dictionary attack...

Weak Password Requirements

Overview publifycore is a Core engine for the Publify blogging system, formerly known as Typo. Affected versions of this package are vulnerable to Weak Password Requirements. The password can easily be cracked using a dictionary attack. Remediation Upgrade publifycore to version 9.2.10 or higher...

ALPINE-CVE-2022-41859

In freeradius, the EAP-PWD function computepasswordelement leaks information about the password which allows an attacker to substantially reduce the size of an offline dictionary attack...

CVE-2022-41859

In freeradius, the EAP-PWD function computepasswordelement leaks information about the password which allows an attacker to substantially reduce the size of an offline dictionary attack...

Information disclosure

In freeradius, the EAP-PWD function computepasswordelement leaks information about the password which allows an attacker to substantially reduce the size of an offline dictionary attack...

CVE-2022-41859

In freeradius, the EAP-PWD function computepasswordelement leaks information about the password which allows an attacker to substantially reduce the size of an offline dictionary attack...

Exploit for SQL Injection in Wordpress

SSI-CVE-2022-21661 Information System's Security 2nd Assignme...

New shc-based Linux Malware Targeting Systems with Cryptocurrency Miner

A new Linux malware developed using the shell script compiler shc has been observed deploying a cryptocurrency miner on compromised systems. "It is presumed that after successful authentication through a dictionary attack on inadequately managed Linux SSH servers, various malware were installed o...

SUSE SLES15 Security Update : freeradius-server (SUSE-SU-2022:4626-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:4626-1 advisory. - In freeradius, the EAP-PWD function computepasswordelement leaks information about the password which allows an attacker to...

Minecraft Servers Under Attack: Microsoft Warns About Cross-Platform DDoS Botnet

Microsoft on Thursday flagged a cross-platform botnet that's primarily designed to launch distributed denial-of-service DDoS attacks against private Minecraft servers. Called MCCrash, the botnet is characterized by a unique spreading mechanism that allows it to propagate to Linux-based devices...

CVE-2022-41859

In freeradius, the EAP-PWD function computepasswordelement leaks information about the password which allows an attacker to substantially reduce the size of an offline dictionary attack...

IBM Spectrum Protect 8.1.0.000 < 8.1.15.000 Multiple Vulnerabilites

IBM Spectrum Protect, formerly known as Tivoli Storage Manager, running on the remote host is version 8.1.0.000 8.1.15.000. It is, therefore, is vulnerable to both: - An offline dictionary attack CVE-2022-22496 while a user account is being established for the IBM Spectrum Protect server if...