171 matches found
CVE-2022-40722 Misconfiguration of RSA padding for offline MFA in the PingID Adapter for PingFederate.
A misconfiguration of RSA padding implemented in the PingID Adapter for PingFederate to support Offline MFA with PingID mobile authenticators is vulnerable to pre-computed dictionary attacks, leading to a bypass of offline MFA...
CVE-2022-40722 Misconfiguration of RSA padding for offline MFA in the PingID Adapter for PingFederate.
A misconfiguration of RSA padding implemented in the PingID Adapter for PingFederate to support Offline MFA with PingID mobile authenticators is vulnerable to pre-computed dictionary attacks, leading to a bypass of offline MFA...
CVE-2023-26855
The hashing algorithm of ChurchCRM v4.5.3 utilizes a non-random salt value which allows attackers to use precomputed hash tables or dictionary attacks to crack the hashed passwords...
CVE-2023-26855
The hashing algorithm of ChurchCRM v4.5.3 utilizes a non-random salt value which allows attackers to use precomputed hash tables or dictionary attacks to crack the hashed passwords...
CVE-2023-26855
The hashing algorithm of ChurchCRM v4.5.3 utilizes a non-random salt value which allows attackers to use precomputed hash tables or dictionary attacks to crack the hashed passwords...
ChurchCRM 安全特征问题漏洞
ChurchCRM is an open source CRM system for churches. A security vulnerability exists in ChurchCRM version v4.5.3 that stems from the program's hashing algorithm utilizing non-random salt values. An attacker exploiting this vulnerability could break a hashed password by using a pre-computed hash...
CVE-2023-26855
The hashing algorithm of ChurchCRM v4.5.3 utilizes a non-random salt value which allows attackers to use precomputed hash tables or dictionary attacks to crack the hashed passwords...
K97733133: BIG-IP APM Edge Client vulnerability CVE-2020-5893
Security Advisory Description When a user connects to a VPN using BIG-IP Edge Client over an unsecure network, BIG-IP Edge Client responds to authentication requests over HTTP while sending probes for captive portal detection. CVE-2020-5893 Impact An attacker can use a man-in-the-middle MITM atta...
SUSE CVE-2017-3225
Das U-Boot is a device bootloader that can read its configuration from an AES encrypted file. For devices utilizing this environment encryption mode, U-Boot's use of a zero initialization vector may allow attacks against the underlying cryptographic implementation and allow an attacker to decrypt...
SUSE CVE-2019-14833
A flaw was found in Samba, all versions starting samba 4.5.0 before samba 4.9.15, samba 4.10.10, samba 4.11.2, in the way it handles a user password change or a new password for a samba user. The Samba Active Directory Domain Controller can be configured to use a custom script to check for passwo...
DEBIAN-CVE-2022-41859
In freeradius, the EAP-PWD function computepasswordelement leaks information about the password which allows an attacker to substantially reduce the size of an offline dictionary attack...
UBUNTU-CVE-2022-41859
In freeradius, the EAP-PWD function computepasswordelement leaks information about the password which allows an attacker to substantially reduce the size of an offline dictionary attack...
Linux Malware Using SHC Compiler Installs CoinMiner and DDoS Bots
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary A new strain of Linux malware, developed using the Shc compiler, has been found to install a CoinMiner on infected systems. It is believed that this malware is being spread through dictionary attacks on...
Klyda - Highly Configurable Script For Dictionary/Spray Attacks Against Online Web Applications
The Klyda project has been created to aid in quick credential based attacks against online web applications. Klyda supports the use from simple password sprays, to large multithreaded dictionary attacks. Klyda is a new project, and I am looking for any contributions. Any help is very appreciated...
CVE-2021-41995
A misconfiguration of RSA in PingID Mac Login prior to 1.1 is vulnerable to pre-computed dictionary attacks, leading to an offline MFA bypass...
CVE-2021-41995
A misconfiguration of RSA in PingID Mac Login prior to 1.1 is vulnerable to pre-computed dictionary attacks, leading to an offline MFA bypass...
CVE-2021-41995 PingID Mac Login prior to 1.1 vulnerable to pre-computed dictionary attacks
A misconfiguration of RSA in PingID Mac Login prior to 1.1 is vulnerable to pre-computed dictionary attacks, leading to an offline MFA bypass...
CVE-2021-41995
PingID Mac Login prior to 1.1 is affected by an RSA misconfiguration that enables pre-computed dictionary attacks, allowing offline MFA bypass. Affected product: PingID Mac Login; vulnerable versions are
CVE-2022-22496
While a user account for the IBM Spectrum Protect Server 8.1.0.000 through 8.1.14 is being established, it may be configured to use SESSIONSECURITY=TRANSITIONAL. While in this mode, it may be susceptible to an offline dictionary attack. IBM X-Force ID: 226942...
CVE-2021-41993
A misconfiguration of RSA in PingID Android app prior to 1.19 is vulnerable to pre-computed dictionary attacks, leading to an offline MFA bypass when using PingID Windows Login...