Lucene search
K

171 matches found

Cvelist
Cvelist
added 2023/04/25 12:0 a.m.19 views

CVE-2022-40722 Misconfiguration of RSA padding for offline MFA in the PingID Adapter for PingFederate.

A misconfiguration of RSA padding implemented in the PingID Adapter for PingFederate to support Offline MFA with PingID mobile authenticators is vulnerable to pre-computed dictionary attacks, leading to a bypass of offline MFA...

7.7CVSS7.7AI score0.00328EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2023/04/25 12:0 a.m.8 views

CVE-2022-40722 Misconfiguration of RSA padding for offline MFA in the PingID Adapter for PingFederate.

A misconfiguration of RSA padding implemented in the PingID Adapter for PingFederate to support Offline MFA with PingID mobile authenticators is vulnerable to pre-computed dictionary attacks, leading to a bypass of offline MFA...

7.7CVSS7.1AI score0.00328EPSS
Exploits0References2
NVD
NVD
added 2023/04/04 2:15 a.m.14 views

CVE-2023-26855

The hashing algorithm of ChurchCRM v4.5.3 utilizes a non-random salt value which allows attackers to use precomputed hash tables or dictionary attacks to crack the hashed passwords...

7.5CVSS7.5AI score0.00729EPSS
Exploits1References1
OSV
OSV
added 2023/04/04 2:15 a.m.17 views

CVE-2023-26855

The hashing algorithm of ChurchCRM v4.5.3 utilizes a non-random salt value which allows attackers to use precomputed hash tables or dictionary attacks to crack the hashed passwords...

7.5CVSS7AI score
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/04/04 12:0 a.m.6 views

CVE-2023-26855

The hashing algorithm of ChurchCRM v4.5.3 utilizes a non-random salt value which allows attackers to use precomputed hash tables or dictionary attacks to crack the hashed passwords...

6.8AI score0.00729EPSS
Exploits1References1
CNNVD
CNNVD
added 2023/04/04 12:0 a.m.4 views

ChurchCRM 安全特征问题漏洞

ChurchCRM is an open source CRM system for churches. A security vulnerability exists in ChurchCRM version v4.5.3 that stems from the program's hashing algorithm utilizing non-random salt values. An attacker exploiting this vulnerability could break a hashed password by using a pre-computed hash...

7.5CVSS7.3AI score0.00729EPSS
Exploits1References2
Cvelist
Cvelist
added 2023/04/04 12:0 a.m.31 views

CVE-2023-26855

The hashing algorithm of ChurchCRM v4.5.3 utilizes a non-random salt value which allows attackers to use precomputed hash tables or dictionary attacks to crack the hashed passwords...

7.7AI score0.00729EPSS
Exploits1References1
F5 Networks
F5 Networks
added 2023/02/21 6:35 p.m.27 views

K97733133: BIG-IP APM Edge Client vulnerability CVE-2020-5893

Security Advisory Description When a user connects to a VPN using BIG-IP Edge Client over an unsecure network, BIG-IP Edge Client responds to authentication requests over HTTP while sending probes for captive portal detection. CVE-2020-5893 Impact An attacker can use a man-in-the-middle MITM atta...

4.3CVSS4.9AI score0.00561EPSS
Exploits0Affected Software2
SUSE CVE
SUSE CVE
added 2023/02/15 4:52 a.m.5 views

SUSE CVE-2017-3225

Das U-Boot is a device bootloader that can read its configuration from an AES encrypted file. For devices utilizing this environment encryption mode, U-Boot's use of a zero initialization vector may allow attacks against the underlying cryptographic implementation and allow an attacker to decrypt...

4.6CVSS6.6AI score0.00309EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 4:9 a.m.3 views

SUSE CVE-2019-14833

A flaw was found in Samba, all versions starting samba 4.5.0 before samba 4.9.15, samba 4.10.10, samba 4.11.2, in the way it handles a user password change or a new password for a samba user. The Samba Active Directory Domain Controller can be configured to use a custom script to check for passwo...

4.2CVSS8.9AI score0.02084EPSS
Exploits0References8
OSV
OSV
added 2023/01/17 6:15 p.m.2 views

DEBIAN-CVE-2022-41859

In freeradius, the EAP-PWD function computepasswordelement leaks information about the password which allows an attacker to substantially reduce the size of an offline dictionary attack...

7.5CVSS7.3AI score0.0086EPSS
Exploits0References1
OSV
OSV
added 2023/01/17 6:15 p.m.1 views

UBUNTU-CVE-2022-41859

In freeradius, the EAP-PWD function computepasswordelement leaks information about the password which allows an attacker to substantially reduce the size of an offline dictionary attack...

7.5CVSS5.8AI score0.0086EPSS
Exploits0References5
hivepro
hivepro
added 2023/01/06 2:13 p.m.25 views

Linux Malware Using SHC Compiler Installs CoinMiner and DDoS Bots

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary A new strain of Linux malware, developed using the Shc compiler, has been found to install a CoinMiner on infected systems. It is believed that this malware is being spread through dictionary attacks on...

2.6AI score
Exploits0
Kitploit
Kitploit
added 2022/12/06 11:30 a.m.60 views

Klyda - Highly Configurable Script For Dictionary/Spray Attacks Against Online Web Applications

The Klyda project has been created to aid in quick credential based attacks against online web applications. Klyda supports the use from simple password sprays, to large multithreaded dictionary attacks. Klyda is a new project, and I am looking for any contributions. Any help is very appreciated...

7.3AI score
Exploits0References2
NVD
NVD
added 2022/06/30 8:15 p.m.16 views

CVE-2021-41995

A misconfiguration of RSA in PingID Mac Login prior to 1.1 is vulnerable to pre-computed dictionary attacks, leading to an offline MFA bypass...

7.7CVSS0.00724EPSS
Exploits0References2
OSV
OSV
added 2022/06/30 8:15 p.m.4 views

CVE-2021-41995

A misconfiguration of RSA in PingID Mac Login prior to 1.1 is vulnerable to pre-computed dictionary attacks, leading to an offline MFA bypass...

7.5CVSS5.5AI score0.00724EPSS
Exploits0References2
Cvelist
Cvelist
added 2022/06/30 7:25 p.m.21 views

CVE-2021-41995 PingID Mac Login prior to 1.1 vulnerable to pre-computed dictionary attacks

A misconfiguration of RSA in PingID Mac Login prior to 1.1 is vulnerable to pre-computed dictionary attacks, leading to an offline MFA bypass...

7.7CVSS7.7AI score0.00724EPSS
Exploits0References2
CVE
CVE
added 2022/06/30 7:25 p.m.65 views

CVE-2021-41995

PingID Mac Login prior to 1.1 is affected by an RSA misconfiguration that enables pre-computed dictionary attacks, allowing offline MFA bypass. Affected product: PingID Mac Login; vulnerable versions are

7.7CVSS7.5AI score0.00724EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2022/06/29 12:0 a.m.7 views

CVE-2022-22496

While a user account for the IBM Spectrum Protect Server 8.1.0.000 through 8.1.14 is being established, it may be configured to use SESSIONSECURITY=TRANSITIONAL. While in this mode, it may be susceptible to an offline dictionary attack. IBM X-Force ID: 226942...

6.5CVSS6.2AI score0.0039EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2022/04/30 10:15 p.m.2 views

CVE-2021-41993

A misconfiguration of RSA in PingID Android app prior to 1.19 is vulnerable to pre-computed dictionary attacks, leading to an offline MFA bypass when using PingID Windows Login...

4.8CVSS5.8AI score0.00231EPSS
Exploits0References2
Rows per page
Query Builder