1377 matches found
New Admin Portal for Akamai Enterprise Application Access
The definition of a user has evolved to comprise much more than an employee, making secure access to the right application, for the right user, at the right time difficult and complex. Akamai Enterprise Application Access EAA is a unique cloud architecture that closes all inbound firewall ports,...
Strengthen Your Password Policy With GDPR Compliance
A solid password policy is the first line of defense for your corporate network. Protecting your systems from unauthorized users may sound easy on the surface, but it can actually be quite complicated. You have to balance password security with usability, while also following various regulatory...
SilverStripe License Issues Vulnerability (CNVD-2021-50577)
SilverStripe is New Zealand SilverStripe Silverstripe company's set of open source programming framework and content management system CMS. The system has support for multiple languages , cross-platform and other features . SilverStripe has an authorization issue vulnerability that stems from...
DarkSide Pwned Colonial With Old VPN Password
It took only one dusty, no-longer-used password for the DarkSide cybercriminals to breach the network of Colonial Pipeline Co. last month, resulting in a ransomware attack that caused significant disruption and remains under investigation by the U.S. government and cybersecurity experts. Attacker...
Authentication flaw
In SilverStripe through 4.6.0-rc1, GraphQL doesn't honour MFA multi-factor authentication when using basic authentication...
CVE-2020-26136
CVE-2020-26136 affects SilverStripe GraphQL prior to fixes in 4.6.0-rc1, where MFA is not honored when basic authentication is used. Several connected advisories corroborate an authentication bypass risk via the GraphQL module, with mitigation notes indicating that basic-auth has been removed by ...
SilverStripe 授权问题漏洞
SilverStripe is New Zealand SilverStripe Silverstripe company's set of open source programming framework and content management system CMS. The system has support for multiple languages , cross-platform and other features . SilverStripe has an authorization issue vulnerability that stems from...
PT-2021-11213 · Silverstripe · Silverstripe
Name of the Vulnerable Software and Affected Versions: SilverStripe versions prior to 4.6.0-rc1 Description: The issue concerns the GraphQL module in SilverStripe, which by default accepts basic-auth as an authentication method. This allows bypassing multi-factor authentication MFA if the...
Authentication flaw
Authelia is a a single sign-on multi-factor portal for web apps. This affects uses who are using nginx ngxhttpauthrequestmodule with Authelia, it allows a malicious individual who crafts a malformed HTTP request to bypass the authentication mechanism. It additionally could theoretically affect...
CVE-2021-32637
CVE-2021-32637 affects Authelia when used with nginx ngx_http_auth_request_module; a maliciously crafted malformed HTTP request can bypass the authentication mechanism. Public documentation notes that this applies primarily to nginx, while other proxies may not allow malformed URI paths. The root...
Why FIDO2 Is the Answer to Better Security
A groundbreaking increase in security incidents is affecting governments around the world. In light of this, the United States issued a formal order to implement a robust set of security measures designed to improve the security of federal systems. In his most recent executive order, President...
Why FIDO2 is the Answer to Better Security
A groundbreaking increase in security incidents is affecting governments around the world. In light of this, the United States issued a formal order to implement a robust set of security measures designed to improve the security of federal systems. In his most recent executive order, President...
Is Single Sign-On Enough to Secure Your SaaS Applications?
If there's one thing all great SaaS platforms share in common, it's their focus on simplifying the lives of their end-users. Removing friction for users in a safe way is the mission of single sign-on SSO providers. With SSO at the helm, users don't have to remember separate passwords for each app...
Recycle Your Phone, Sure, But Maybe Not Your Number
Many online services allow users to reset their passwords by clicking a link sent via SMS, and this unfortunately widespread practice has turned mobile phone numbers into de facto identity documents. Which means losing control over one thanks to a divorce, job termination or financial crisis can ...
CVE-2021-29041
Denial-of-service DoS vulnerability in the Multi-Factor Authentication module in Liferay DXP 7.3 before fix pack 1 allows remote authenticated attackers to prevent any user from authenticating by 1 enabling Time-based One-time password TOTP on behalf of the other user or 2 modifying the other...
CVE-2021-29041
Denial-of-service DoS vulnerability in the Multi-Factor Authentication module in Liferay DXP 7.3 before fix pack 1 allows remote authenticated attackers to prevent any user from authenticating by 1 enabling Time-based One-time password TOTP on behalf of the other user or 2 modifying the other...
Denial of service
Denial-of-service DoS vulnerability in the Multi-Factor Authentication module in Liferay DXP 7.3 before fix pack 1 allows remote authenticated attackers to prevent any user from authenticating by 1 enabling Time-based One-time password TOTP on behalf of the other user or 2 modifying the other...
CVE-2021-29041
CVE-2021-29041 is a DoS vulnerability in the Multi-Factor Authentication (MFA) module of Liferay DXP 7.3 prior to fix pack 1. The issue allows remote authenticated attackers to prevent any user from authenticating by (1) enabling TOTP on behalf of another user or (2) modifying the other user’s TO...
CVE-2021-29041
Denial-of-service DoS vulnerability in the Multi-Factor Authentication module in Liferay DXP 7.3 before fix pack 1 allows remote authenticated attackers to prevent any user from authenticating by 1 enabling Time-based One-time password TOTP on behalf of the other user or 2 modifying the other...
‘FragAttacks’: Wi-Fi Bugs Affect Millions of Devices
A Belgian security researcher specializing in Wi-Fi bugs has unearthed a clutch of new ones, which he called FragAttacks, that affect the Wi-Fi standard itself. The name is short for “fragmentation and aggregation attacks.” Some bugs date back to 1997, meaning that computers, smartphones or other...