Lucene search
K

347 matches found

Securelist
Securelist
added 2024/06/18 11:30 a.m.18 views

Analysis of user password strength

The processing power of computers keeps growing, helping users to solve increasingly complex problems faster. A side effect is that passwords that were impossible to guess just a few years ago can be cracked by hackers within mere seconds in 2024. For example, the RTX 4090 GPU is capable of...

6.9AI score
Exploits0
NVD
NVD
added 2024/06/10 12:15 p.m.33 views

CVE-2024-28833

Improper restriction of excessive authentication attempts with two factor authentication methods in Checkmk 2.3 before 2.3.0p6 facilitates brute-forcing of second factor mechanisms...

7.5CVSS0.00392EPSS
Exploits0References1
OSV
OSV
added 2024/06/10 12:15 p.m.9 views

CVE-2024-28833

Improper restriction of excessive authentication attempts with two factor authentication methods in Checkmk 2.3 before 2.3.0p6 facilitates brute-forcing of second factor mechanisms...

7.5CVSS7.4AI score
Exploits0References1
UbuntuCve
UbuntuCve
added 2024/06/10 12:15 p.m.28 views

CVE-2024-28833

Improper restriction of excessive authentication attempts with two factor authentication methods in Checkmk 2.3 before 2.3.0p6 facilitates brute-forcing of second factor mechanisms...

7.5CVSS5.8AI score0.00392EPSS
Exploits0References2
CVE
CVE
added 2024/06/10 11:55 a.m.63 views

CVE-2024-28833

CVE-2024-28833 affects Checkmk 2.3 prior to 2.3.0p6, where excessive authentication attempts for two-factor authentication are not properly restricted, enabling brute-forcing of second factor mechanisms. The vulnerability is tied to the authentication flow and could impact confidentiality due to ...

7.5CVSS6.4AI score0.00392EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2024/04/24 12:15 p.m.12 views

CVE-2024-28825

Improper restriction of excessive authentication attempts on some authentication methods in Checkmk before 2.3.0b5 beta, 2.2.0p26, 2.1.0p43, and in Checkmk 2.0.0 EOL facilitates password brute-forcing...

9.8CVSS6AI score0.00521EPSS
Exploits0References1
OSV
OSV
added 2024/04/24 12:15 p.m.5 views

CVE-2024-28825

Improper restriction of excessive authentication attempts on some authentication methods in Checkmk before 2.3.0b5 beta, 2.2.0p26, 2.1.0p43, and in Checkmk 2.0.0 EOL facilitates password brute-forcing...

9.8CVSS9.8AI score
Exploits0References1
OSV
OSV
added 2024/04/24 12:15 p.m.1 views

UBUNTU-CVE-2024-28825

Improper restriction of excessive authentication attempts on some authentication methods in Checkmk before 2.3.0b5 beta, 2.2.0p26, 2.1.0p43, and in Checkmk 2.0.0 EOL facilitates password brute-forcing...

9.8CVSS5.8AI score0.00521EPSS
Exploits0References2
CVE
CVE
added 2024/04/24 11:25 a.m.70 views

CVE-2024-28825

CVE-2024-28825 affects Checkmk installations where login attempts are not adequately limited. The vulnerability exists in multiple Checkmk branches prior to fixes: 2.3.0b5 (beta), 2.2.0p26, 2.1.0p43, and (EOL) 2.0.0. Root cause: insufficient restriction on excessive authentication attempts for ce...

9.8CVSS7.2AI score0.00521EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2024/04/24 11:25 a.m.14 views

CVE-2024-28825 Brute-force protection ineffective for some login methods

Improper restriction of excessive authentication attempts on some authentication methods in Checkmk before 2.3.0b5 beta, 2.2.0p26, 2.1.0p43, and in Checkmk 2.0.0 EOL facilitates password brute-forcing...

5.9CVSS7.4AI score0.00521EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/04/24 11:25 a.m.19 views

CVE-2024-28825 Brute-force protection ineffective for some login methods

Improper restriction of excessive authentication attempts on some authentication methods in Checkmk before 2.3.0b5 beta, 2.2.0p26, 2.1.0p43, and in Checkmk 2.0.0 EOL facilitates password brute-forcing...

5.9CVSS6.2AI score0.00521EPSS
Exploits0References1
OSV
OSV
added 2024/04/18 4:44 p.m.15 views

GHSA-6M9H-2PR2-9J8F 1Panel's password verification is suspected to have a timing attack vulnerability

Summary 源码中密码校验处使用 != 符号,而不是hmac.Equal,这可能导致产生计时攻击漏洞,从而爆破密码。 建议使用 hmac.Equal 比对密码。 Translation: The source code uses the != symbol instead of hmac.Equal for password verification, which may lead to timing attack vulnerabilities that can lead to password cracking. It is recommended to use hmac...

5.9CVSS5.4AI score0.0038EPSS
Exploits0References4
NVD
NVD
added 2024/04/09 7:15 p.m.24 views

CVE-2023-6799

The WP Reset – Most Advanced WordPress Reset Tool plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.0 via the use of insufficiently random snapshot names. This makes it possible for unauthenticated attackers to extract sensitive data...

5.9CVSS5.6AI score0.00704EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/04/09 6:58 p.m.27 views

CVE-2023-6799 WP Reset <= 2.0 - Sensitive Information Exposure due to Insufficient Randomness

The WP Reset – Most Advanced WordPress Reset Tool plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.0 via the use of insufficiently random snapshot names. This makes it possible for unauthenticated attackers to extract sensitive data...

5.9CVSS5.8AI score0.00704EPSS
Exploits0References3
WPVulnDB
WPVulnDB
added 2024/03/27 12:0 a.m.19 views

WP Reset < 2.0 - Sensitive Information Exposure due to Insufficient Randomness

Description The plugin is vulnerable to Sensitive Information Exposure via the use of insufficiently random snapshot names, allowing unauthenticated attackers to extract sensitive data including site backups by brute-forcing the snapshot filenames...

5.9CVSS6.6AI score0.00704EPSS
Exploits0References1Affected Software1
Kitploit
Kitploit
added 2024/03/09 11:30 a.m.68 views

SSH-Private-Key-Looting-Wordlists - A Collection Of Wordlists To Aid In Locating Or Brute-Forcing SSH Private Key File Names

SSH Private Key Looting Wordlists. A Collection Of Wordlists To Aid In Locating Or Brute-Forcing SSH Private Key File Names. LFI for Lateral Movement? Gain SSH Access? ?file=../../../../../../../../home/user/.ssh/idrsa ?file=../../../../../../../../home/user/.ssh/idrsa-cert SSH Private Key...

7.2AI score
Exploits0References1
OSV
OSV
added 2023/11/30 5:15 p.m.6 views

CVE-2023-31176

An Insufficient Entropy vulnerability in the Schweitzer Engineering Laboratories SEL-451 could allow an unauthenticated remote attacker to brute-force session tokens and bypass authentication. See product Instruction Manual Appendix A dated 20230830 for more details...

9.8CVSS5.8AI score0.00927EPSS
Exploits0References2
OSV
OSV
added 2023/10/31 3:31 a.m.20 views

GHSA-4GPM-R23H-GPRW generator-jhipster allows a timing attack against validateToken due to a string comparison that stops at the first character

JHipster generator-jhipster before 2.23.0 allows a timing attack against validateToken due to a string comparison that stops at the first character that is different. Attackers can guess tokens by brute forcing one character at a time and observing the timing. This of course drastically reduces t...

7.5CVSS7.4AI score0.00593EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2023/10/31 12:0 a.m.9 views

CVE-2015-20110

JHipster generator-jhipster before 2.23.0 allows a timing attack against validateToken due to a string comparison that stops at the first character that is different. Attackers can guess tokens by brute forcing one character at a time and observing the timing. This of course drastically reduces t...

7AI score0.00593EPSS
Exploits0References4
Cvelist
Cvelist
added 2023/10/31 12:0 a.m.23 views

CVE-2015-20110

JHipster generator-jhipster before 2.23.0 allows a timing attack against validateToken due to a string comparison that stops at the first character that is different. Attackers can guess tokens by brute forcing one character at a time and observing the timing. This of course drastically reduces t...

7.5AI score0.00593EPSS
Exploits0References4
Rows per page
Query Builder