A week in security (February 16 – February 22)

Last week on Malwarebytes Labs: Age verification vendor Persona left frontend exposed, researchers say Facebook ads spread fake Windows 11 downloads that steal passwords and crypto wallets AI-generated passwords are a security risk Intimate products maker Tenga spilled customer data Meta patents ...

AI-generated passwords are a security risk

Using Artificial Intelligence AI to generate your passwords is a bad idea. It's likely to give that password to a criminal who can then use it in a dictionary attack—which is when an attacker runs through a prepared list of likely passwords words, phrases, patterns with automated tools until one ...

Design/Logic Flaw

In Zimbra Collaboration ZCS 8.8.15 and 9.0, a closed account with 2FA and generated passwords can send e-mail messages when configured for Imap/smtp...

CVE-2022-1412

The Log WPMail WordPress plugin through 0.1 saves sent email in a publicly accessible directory using predictable filenames, allowing any unauthenticated visitor to obtain potentially sensitive information like generated passwords...

CentOS 8 : cloud-init (CESA-2021:3081)

The remote CentOS Linux 8 host has a package installed that is affected by a vulnerability as referenced in the CESA-2021:3081 advisory. - cloud-init: randomly generated passwords logged in clear-text to world-readable file CVE-2021-3429 Note that Nessus has not tested for this issue but has...

RLSA-2021:3081 Moderate: cloud-init security update

The cloud-init packages provide a set of init scripts for cloud instances. Cloud instances need special scripts to run during initialization to retrieve and install SSH keys, and to let the user run various scripts. Security Fixes: cloud-init: randomly generated passwords logged in clear-text to...

DEBIAN-CVE-2020-1773

An attacker with the ability to generate session IDs or password reset tokens, either by being able to authenticate or by exploiting OSA-2020-09, may be able to predict other users session IDs, password reset tokens and automatically generated passwords. This issue affects OTRS Community Edition:...

CVE-2020-1773

An attacker with the ability to generate session IDs or password reset tokens, either by being able to authenticate or by exploiting OSA-2020-09, may be able to predict other users session IDs, password reset tokens and automatically generated passwords. This issue affects OTRS Community Edition:...

PT-2020-15050 · Otrs +2 · Otrs +3

Name of the Vulnerable Software and Affected Versions: OTRS Community Edition versions 5.0.41 and prior OTRS Community Edition versions 6.0.26 and prior OTRS versions 7.0.15 and prior Description: An attacker with the ability to generate session IDs or password reset tokens may be able to predict...