9 matches found
curl: CVE-2026-8926: password leak with netrc and user in URL
Hey all, Before the following report, I just want to point to a comment from our scanner, where it seems it was already picked up but it was dismissed and the PR was closed later by another commit - https://github.com/curl/curl/pull/20932issuecomment-4072903895 Nonetheless, it appears this issue...
CVE-2024-45862
Kastle Systems firmware prior to May 1, 2024, stored machine credentials in cleartext, which may allow an attacker to access sensitive information...
Do We Really Need The OWASP NHI Top 10?
The Open Web Application Security Project has recently introduced a new Top 10 project - the Non-Human Identity NHI Top 10. For years, OWASP has provided security professionals and developers with essential guidance and actionable frameworks through its Top 10 projects, including the widely used...
CVE-2024-45862 Cleartext Storage of Sensitive Information in Kastle Systems Access Control System
Kastle Systems firmware prior to May 1, 2024, stored machine credentials in cleartext, which may allow an attacker to access sensitive information...
VMware vCenter Server 6.0 / 6.5 / 6.7 Multiple Vulnerabilities (VMSA-2019-0013)
The version of VMware vCenter Server installed on the remote host is 6.0 prior to U3j, 6.5 prior to U3, or 6.7 prior to U3, and is, therefore, affected by the following vulnerabilities: - An information disclosure vulnerability caused by insufficient session expiration. This allows an attacker wi...
Does domain passthrough authentication work with NetScaler Gateway?
Question: Does domain pass through authentication work with NetScaler Gateway, like forwarding the windows machine credentials so that user do not have to login and does single sign onlatest update for 12.0.58.x? Answer: No, Domain pass through does not work with Netscaler Gateway. Authentication...
FreeBSD : samba -- Exposure of machine account credentials in winbind log files (92fd40eb-c458-11da-9c79-00123ffe8333)
Samba Security Advisory : The machine trust account password is the secret shared between a domain controller and a specific member server. Access to the member server machine credentials allows an attacker to impersonate the server in the domain and gain access to additional information regardin...
Exposed clear text of domain machine
Description The machine trust account password is the secret shared between a domain controller and a specific member server. Access to the member server machine credentials allows an attacker to impersonate the server in the domain and gain access to additional information regarding domain users...
samba -- Exposure of machine account credentials in winbind log files
Samba Security Advisory: The machine trust account password is the secret shared between a domain controller and a specific member server. Access to the member server machine credentials allows an attacker to impersonate the server in the domain and gain access to additional information regarding...