CVE-2026-3184

A flaw was found in util-linux. Improper hostname canonicalization in the login1 utility, when invoked with the -h option, can modify the supplied remote hostname before setting PAMRHOST. A remote attacker could exploit this by providing a specially crafted hostname, potentially bypassing...

CVE-2026-3184

Affects util-linux, specifically the login(1) utility when invoked with -h. The root cause is improper hostname canonicalization, which can modify the supplied remote hostname before setting PAM_RHOST. This weakness can bypass host-based PAM access control rules that rely on fully qualified domai...

EUVD-2012-3386

Malware in sbrugna...

EUVD-2005-4305

Malware in sbrugna...

Configure a Proper SSH Service Authentication Mode

A proper authentication mode helps ensure user and system data security. Typically, the user/password authentication mode is suitable for human-machine users. In non-interactive login scenarios, the public and private keys are suitable for authentication. In high-risk scenarios, only the public a...

SUSE CVE-2007-6430

Asterisk Open Source 1.2.x before 1.2.26 and 1.4.x before 1.4.16, and Business Edition B.x.x before B.2.3.6 and C.x.x before C.1.0-beta8, when using database-based registrations "realtime" and host-based authentication, does not check the IP address when the username is correct and there is no...

SSH Host Based Authentication

Introduction Are you an organization that manages or hosts a huge pool of resources on remote locations/servers? Well, host-based authority-validation technique is the most-suited way to manage the access and control rights related to your hardware and applications. Once implemented, this identit...

Top-5 stupid security mistakes in web apps

In this blog entry, I will summarize some commonly overlooked issues which have been affecting many web projects for the last 5 years. All of them are obvious and super predictable and could be used be script kiddies as well as by fully automated scanners and internal security checks. Let’s go! 1...

Silex USB Device Server Web Configuration Page Empty Password

The Web Configuration Page of the remote Silex USB Device Server uses an empty password to manage the device. Knowing this, an attacker with access to the web server can gain administrative access to the device. Note that the device's Web Configuration Page uses host-based authentication. If a...

DEBIAN-CVE-2012-3416

Condor before 7.8.2 allows remote attackers to bypass host-based authentication and execute actions such as ALLOWADMINISTRATOR or ALLOWWRITE by connecting from a system with a spoofed reverse DNS hostname...

CVE-2012-3416

Condor before 7.8.2 allows remote attackers to bypass host-based authentication and execute actions such as ALLOWADMINISTRATOR or ALLOWWRITE by connecting from a system with a spoofed reverse DNS hostname...

CVE-2012-3416

Condor before 7.8.2 allows remote attackers to bypass host-based authentication and execute actions such as ALLOWADMINISTRATOR or ALLOWWRITE by connecting from a system with a spoofed reverse DNS hostname...

Design/Logic Flaw

Condor before 7.8.2 allows remote attackers to bypass host-based authentication and execute actions such as ALLOWADMINISTRATOR or ALLOWWRITE by connecting from a system with a spoofed reverse DNS hostname...

CVE-2012-3416

CVE-2012-3416 affects Condor prior to 7.8.2. A remote attacker could bypass host-based authentication and perform privileged actions (e.g., ALLOW_ADMINISTRATOR, ALLOW_WRITE) by connecting from a system with a spoofed reverse DNS hostname. The issue is rated CVSSv2 base 10.0 (HIGH) with network ac...

PT-2012-4697 · Htcondor · Condor

Name of the Vulnerable Software and Affected Versions: Condor versions prior to 7.8.2 Description: The issue allows remote attackers to bypass host-based authentication and execute certain actions, such as ALLOW ADMINISTRATOR or ALLOW WRITE, by connecting from a system with a spoofed reverse DNS...

Important: Red Hat Security Advisory: condor security update

Updated condor packages that fix one security issue are now available for Red Hat Enterprise MRG 2.1 for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System CVSS base score, which gives a...

condor: host based authentication does not implement forward-confirmed reverse dns

Condor before 7.8.2 allows remote attackers to bypass host-based authentication and execute actions such as ALLOWADMINISTRATOR or ALLOWWRITE by connecting from a system with a spoofed reverse DNS hostname...

condor: host based authentication does not implement forward-confirmed reverse dns

Condor before 7.8.2 allows remote attackers to bypass host-based authentication and execute actions such as ALLOWADMINISTRATOR or ALLOWWRITE by connecting from a system with a spoofed reverse DNS hostname...

CVE-2011-2907

Terascale Open-Source Resource and Queue Manager aka TORQUE Resource Manager 3.0.1 and earlier allows remote attackers to bypass host-based authentication and submit arbitrary jobs via a modified PBSOHOST variable to the qsub program...

Design/Logic Flaw

Terascale Open-Source Resource and Queue Manager aka TORQUE Resource Manager 3.0.1 and earlier allows remote attackers to bypass host-based authentication and submit arbitrary jobs via a modified PBSOHOST variable to the qsub program...