Apache Kafka's SCRAM implementation Incorrectly Implements Authentication Algorithm

Incorrect Implementation of Authentication Algorithm in Apache Kafka's SCRAM implementation. Issue Summary: Apache Kafka's implementation of the Salted Challenge Response Authentication Mechanism SCRAM did not fully adhere to the requirements of RFC 5802 1. Specifically, as per RFC 5802, the serv...

PT-2024-10440 · Ibm · Ibm Security Verify Governance

Name of the Vulnerable Software and Affected Versions: IBM Security Verify Governance 10.0.2 Identity Manager Description: The issue is related to the transmission of user credentials in clear text by the Identity Manager component, which could be obtained by an attacker using man-in-the-middle...

PT-2024-23576 · Unknown · Ros2 Galactic Geochelone

Name of the Vulnerable Software and Affected Versions: ROS2 Galactic Geochelone versions 2 Description: An issue was discovered where the system transmits messages in plaintext, allowing attackers to access sensitive information via a man-in-the-middle attack. Recommendations: For ROS2 Galactic...

PT-2024-23587 · Unknown · Ros2 Dashing Diademata

Name of the Vulnerable Software and Affected Versions: ROS2 Dashing Diademata versions 2 Description: An issue was discovered where the system transmits messages in plaintext, exposing sensitive information. Recommendations: For ROS2 Dashing Diademata version 2, consider implementing encryption f...

PT-2023-22621 · Hopechart · Hopechart Hqt-401 Telematics Unit

Name of the Vulnerable Software and Affected Versions: HopeChart HQT-401 telematics unit version 201808021036 HopeChart HQT-401 telematics unit versions prior to the fixed version fixed version not specified Description: Insufficient authentication in the MQTT backend allows an attacker to access...

PT-2022-9038 · Ibm · Ibm Spectrum Protect Plus

Name of the Vulnerable Software and Affected Versions: IBM Spectrum Protect Plus versions 10.1.0 through 10.1.12 Description: The issue discloses sensitive information due to unencrypted data being used in the communication flow between Spectrum Protect Plus vSnap and its agents. An attacker coul...

InjectaBLE vulnerability discovered in Bluetooth Low Energy (BLE)

Researchers at the LAAS-CNRS laboratory have demonstrated the ability to obtain a be able to obtain full man-in-the-middle status from two Bluetooth Low Energy BLE devices that have an unencrypted connection have. The man-in-the-middle attack does not work on encrypted connections. However, it is...

Sun SunPCi II VNC Software 2.3 - Password Disclosure

Sun SunPCi II VNC Software 2.3 - Password Disclosure // source: https://www.securityfocus.com/bid/5146/info The SunPCi II card is a co-processor for a number of Solaris based systems, and provides PC software compatibility, including the ability to run Microsoft Windows. Driver software is...