Linux Distros Unpatched Vulnerability : CVE-2020-12755

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - fishProtocol::establishConnection in fish/fish.cpp in KDE kio-extras through 20.04.0 makes a cacheAuthentication call even if the user had not set the...

Metasploit Weekly Wrap-Up 01/12/24

New module content 1 Windows Gather Mikrotik Winbox "Keep Password" Credentials Extractor Author: Pasquale 'sid' Fiorillo Type: Post Pull request: 18604 contributed by siddolo Path: windows/gather/credentials/winboxsettings Description: This pull request introduces a new post module to extract th...

Windows Gather Mikrotik Winbox "Keep Password" Credentials Extractor

This module extracts Mikrotik Winbox credentials saved in the "settings.cfg.viw" file when the "Keep Password" option is selected in Winbox. Module Options msf use post/windows/gather/credentials/winboxsettings msf postwinboxsettings show actions ...actions... msf postwinboxsettings set ACTION ms...

UBUNTU-CVE-2020-12755

fishProtocol::establishConnection in fish/fish.cpp in KDE kio-extras through 20.04.0 makes a cacheAuthentication call even if the user had not set the keepPassword option. This may lead to unintended KWallet storage of a password...

CVE-2020-5721

MikroTik WinBox 3.22 and below stores the user's cleartext password in the settings.cfg.viw configuration file when the Keep Password field is set and no Master Password is set. Keep Password is set by default and, by default Master Password is not set. An attacker with access to the configuratio...