Authentication flaw

The aaugustin websockets library before 9.1 for Python has an Observable Timing Discrepancy on servers when HTTP Basic Authentication is enabled with basicauthprotocolfactorycredentials=.... An attacker may be able to guess a password via a timing attack...

PYSEC-2021-95

The aaugustin websockets library before 9.1 for Python has an Observable Timing Discrepancy on servers when HTTP Basic Authentication is enabled with basicauthprotocolfactorycredentials=.... An attacker may be able to guess a password via a timing attack...

CVE-2021-33880

The aaugustin websockets library before 9.1 for Python has an Observable Timing Discrepancy on servers when HTTP Basic Authentication is enabled with basicauthprotocolfactorycredentials=.... An attacker may be able to guess a password via a timing attack...

CVE-2021-33880

The CVE-2021-33880 issue affects the aaugustin websockets library for Python, before version 9.1. It describes an Observable Timing Discrepancy when HTTP Basic Authentication is enabled (basic_auth_protocol_factory(credentials=...)), allowing an attacker to guess passwords via a timing attack. A ...

SUSE-SU-2020:14460-1 Security update for squid3

This update for squid3 fixes the following issues: - Fixed a Cache Poisoning and Request Smuggling attack CVE-2020-15049, bsc1173455 - Fixed incorrect buffer handling that can result in cache poisoning, remote execution, and denial of service attacks when processing ESI responses CVE-2019-12519,...

CVE-2020-14455

An issue was discovered in Mattermost Desktop App before 4.4.0. Prompting for HTTP Basic Authentication is mishandled, allowing phishing, aka MMSA-2020-0007...

Authentication flaw

An issue was discovered in Mattermost Desktop App before 4.4.0. Prompting for HTTP Basic Authentication is mishandled, allowing phishing, aka MMSA-2020-0007...

CVE-2020-14455

An issue was discovered in Mattermost Desktop App before 4.4.0. Prompting for HTTP Basic Authentication is mishandled, allowing phishing, aka MMSA-2020-0007...

CVE-2020-14455

Technical details beyond the provided description are not publicly available in the supplied documents. Monitor for updates.

CVE-2019-13393

The Voo branded NETGEAR CG3700b custom firmware V2.02.03 uses the same default 8 character passphrase for the administrative console and the WPA2 pre-shared key. Either an attack against HTTP Basic Authentication or an attack against WPA2 could be used to determine this passphrase...

Design/Logic Flaw

The Voo branded NETGEAR CG3700b custom firmware V2.02.03 uses the same default 8 character passphrase for the administrative console and the WPA2 pre-shared key. Either an attack against HTTP Basic Authentication or an attack against WPA2 could be used to determine this passphrase...

Authentication flaw

The Voo branded NETGEAR CG3700b custom firmware V2.02.03 uses HTTP Basic Authentication over cleartext HTTP...

CVE-2019-13393

The Voo branded NETGEAR CG3700b custom firmware V2.02.03 uses the same default 8 character passphrase for the administrative console and the WPA2 pre-shared key. Either an attack against HTTP Basic Authentication or an attack against WPA2 could be used to determine this passphrase...

CVE-2019-13393

Affected product: Voo-branded NETGEAR CG3700b with custom firmware V2.02.03. Issue: same default 8-character passphrase used for both the administrative console and the WPA2 pre-shared key. Root cause: credential reuse enables exposure of management/admin access and wireless PSK. Exploitation pat...

CVE-2019-13394

The CVE-2019-13394 entry affects the Voo-branded NETGEAR CG3700b custom firmware (V2.02.03). The vulnerability is that HTTP Basic Authentication is used over cleartext HTTP, causing credentials to be transmitted unencrypted. This exposes confidentiality (and potentially integrity) of credentials ...

Security fix for the ALT Linux 9 package squid version 4.8-alt1

4.8-alt1 built July 16, 2019 Alexey Shabalin in task 234609 --- July 15, 2019 Alexey Shabalin - Updated to 4.8 - Fixes: + CVE-2019-12854 Denial of Service issue in cachemgr.cgi + CVE-2019-12529 Denial of Service in HTTP Basic Authentication + CVE-2019-12525 Denial of Service in HTTP Digest...

Hardcoded credentials

An issue was discovered in AUO Solar Data Recorder before 1.3.0. The web portal uses HTTP Basic Authentication and provides the account and password in the WWW-Authenticate attribute. By using this account and password, anyone can login successfully...

CVE-2019-11367

An issue was discovered in AUO Solar Data Recorder before 1.3.0. The web portal uses HTTP Basic Authentication and provides the account and password in the WWW-Authenticate attribute. By using this account and password, anyone can login successfully...

CVE-2019-11367

An issue was discovered in AUO Solar Data Recorder before 1.3.0. The web portal uses HTTP Basic Authentication and provides the account and password in the WWW-Authenticate attribute. By using this account and password, anyone can login successfully...

AUO Solar Data Recorder < 1.3.0 - Incorrect Access Control

Exploit Title: AUO Solar Data Recorder - Incorrect Access Control Date: 2019-04-16 Exploit Author: Luca.Chiou Vendor Homepage: https://www.auo.com/zh-TW Version: AUO Solar Data Recorder all versions prior to v1.3.0 Tested on: It is a proprietary devices:...