82 matches found
Design/Logic Flaw
A denial of service vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 and earlier in BasicAuthenticationFilter.java, BasicHeaderApiTokenAuthenticator.java that allows attackers to create ephemeral in-memory user records by attempting to log in using invalid credentials...
CVE-2018-1999043
A denial of service vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 and earlier in BasicAuthenticationFilter.java, BasicHeaderApiTokenAuthenticator.java that allows attackers to create ephemeral in-memory user records by attempting to log in using invalid credentials...
CVE-2018-1999043
A denial of service vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 and earlier in BasicAuthenticationFilter.java, BasicHeaderApiTokenAuthenticator.java that allows attackers to create ephemeral in-memory user records by attempting to log in using invalid credentials...
Target Credential Status by Authentication Protocol - No Credentials Provided
Nessus was not able to successfully authenticate directly to the remote target on an available authentication protocol. Nessus was able to connect to the remote port and identify that the service running on the port supports an authentication protocol, but Nessus failed to authenticate to the...
Unable to Enroll with SecureHub - Error: "Invalid Credentials"
Users unable to enroll device in XenMobile Error: "Invalid Credentials" Other users are able to enroll on the affected device, however the affected user is unable to enroll...
CVE-2018-7739
antsle antman before 0.9.1a allows remote attackers to bypass authentication via invalid characters in the username and password parameters, as demonstrated by a username=&password=%0a string to the /login URI. This allows obtaining root permissions within the web management console, because the...
Target Credential Status by Authentication Protocol - Failure for Provided Credentials
Nessus failed to successfully authenticate directly to the remote target on an available authentication protocol. Nessus was able to connect to the remote port and identify that the service running on the port supports an authentication protocol, but Nessus failed to authenticate to the remote...
PYSEC-2017-151
Directory traversal vulnerability in minion id validation in SaltStack Salt before 2016.11.7 and 2017.7.x before 2017.7.1 allows remote minions with incorrect credentials to authenticate to a master via a crafted minion ID...
Unauthorized Domain Creation
admin-cli is vulnerable to unauthorised domain creation. The vulnerability is possible since it does not verify the validity of admin's credentials before creation of domain...
AlienVault OSSIM/USM Remote Code Execution
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule "AlienVault OSSIM/USM Remote Code Execution", 'Description' = %q This module exploits object injection, authentication bypass an...
AlienVault OSSIM/USM Remote Code Execution Exploit
This Metasploit module exploits object injection, authentication bypass and ip spoofing vulnerabilities all together. Unauthenticated users can execute arbitrary commands under the context of the root user. By abusing authentication bypass issue on gauge.php lead adversaries to exploit object...
AlienVault OSSIM/USM Remote Code Execution
This module exploits object injection, authentication bypass and ip spoofing vulnerabilities all together. Unauthenticated users can execute arbitrary commands under the context of the root user. By abusing authentication bypass issue on gauge.php lead adversaries to exploit object injection...
AlienVault OSSIM/USM < 5.3.1 - Remote Code Execution (Metasploit)
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule "AlienVault OSSIM/USM Remote Code Execution", 'Description' = %q This module exploits object injection, authentication bypass an...
Error: “Invalid Credentials” appears when a new password is set.
The Receiver app is configured to use published application on StoreFront through NetScaler Gateway. When logging on or launching a published application, a user is required to set a new password if the current password is expired. When a new password is set, the following “Invalid Credentials”...
FTP Media Server 3.0 - Authentication Bypass Denial of Service
FTP Media Server 3.0 - Authentication Bypass Denial of Service !/usr/bin/env python ================================================================================== Exploit Title: FTP Media Server 3.0 - Authentication Bypass and Denial of Service Date: 2015-05-25 Exploit Author: Wh1t3Rh1n0...
CVE-2013-7239
memcached before 1.4.17 allows remote attackers to bypass authentication by sending an invalid request with SASL credentials, then sending another request with incorrect SASL credentials...
Debian Security Advisory DSA 2832-1 (memcached - several vulnerabilities)
Multiple vulnerabilities have been found in memcached, a high-performance memory object caching system. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2011-4971 Stefan Bucur reported that memcached could be caused to crash by sending a specially crafted...
JBoss: Datasource connection manager returns valid connection for wrong credentials when using security-domains
The IronJacamar container before 1.0.12.Final for JBoss Application Server, when allow-multiple-users is enabled in conjunction with a security domain, does not use the credentials supplied in a getConnection function call, which allows remote attackers to obtain access to an arbitrary datasource...
CVE-2011-5117
Sophos SafeGuard Enterprise Device Encryption 5.x through 5.50.8.13, Sophos SafeGuard Easy Device Encryption Client 5.50.x, and Sophos Disk Encryption 5.50.x have a delay before removal of 1 out-of-date credentials and 2 invalid credentials, which allows physically proximate attackers to defeat t...
Backup to CIFS Share fails with "Failed to call RPC function 'FcIsExists': The user name or password is incorrect."
Error Change in Veeam Backup & Replication 12.x Starting in Veeam Backup & Replication 12, the error message that will be displayed when the credentials to access the SMB share are invalid was changed. The underlying error is still the same and is recorded in the log file:...