Lucene search
K

1377 matches found

Akamai Blog
Akamai Blog
added 2021/06/21 2:0 p.m.54 views

New Admin Portal for Akamai Enterprise Application Access

The definition of a user has evolved to comprise much more than an employee, making secure access to the right application, for the right user, at the right time difficult and complex. Akamai Enterprise Application Access EAA is a unique cloud architecture that closes all inbound firewall ports,...

0.1AI score
Exploits0
The Hacker News
The Hacker News
added 2021/06/17 8:6 a.m.49 views

Strengthen Your Password Policy With GDPR Compliance

A solid password policy is the first line of defense for your corporate network. Protecting your systems from unauthorized users may sound easy on the surface, but it can actually be quite complicated. You have to balance password security with usability, while also following various regulatory...

0.1AI score
Exploits0
CNVD
CNVD
added 2021/06/10 12:0 a.m.7 views

SilverStripe License Issues Vulnerability (CNVD-2021-50577)

SilverStripe is New Zealand SilverStripe Silverstripe company's set of open source programming framework and content management system CMS. The system has support for multiple languages , cross-platform and other features . SilverStripe has an authorization issue vulnerability that stems from...

6.5CVSS6.8AI score0.01157EPSS
Exploits1References1
ThreatPost
ThreatPost
added 2021/06/09 12:58 p.m.52 views

DarkSide Pwned Colonial With Old VPN Password

It took only one dusty, no-longer-used password for the DarkSide cybercriminals to breach the network of Colonial Pipeline Co. last month, resulting in a ransomware attack that caused significant disruption and remains under investigation by the U.S. government and cybersecurity experts. Attacker...

7.7AI score
Exploits0References13
Prion
Prion
added 2021/06/08 8:15 p.m.13 views

Authentication flaw

In SilverStripe through 4.6.0-rc1, GraphQL doesn't honour MFA multi-factor authentication when using basic authentication...

4CVSS6.5AI score0.01157EPSS
Exploits1References4Affected Software1
CVE
CVE
added 2021/06/08 7:37 p.m.93 views

CVE-2020-26136

CVE-2020-26136 affects SilverStripe GraphQL prior to fixes in 4.6.0-rc1, where MFA is not honored when basic authentication is used. Several connected advisories corroborate an authentication bypass risk via the GraphQL module, with mitigation notes indicating that basic-auth has been removed by ...

6.5CVSS6.4AI score0.01157EPSS
Exploits1References4Affected Software1
CNNVD
CNNVD
added 2021/06/08 12:0 a.m.5 views

SilverStripe 授权问题漏洞

SilverStripe is New Zealand SilverStripe Silverstripe company's set of open source programming framework and content management system CMS. The system has support for multiple languages , cross-platform and other features . SilverStripe has an authorization issue vulnerability that stems from...

6.5CVSS5.5AI score0.01157EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2021/06/08 12:0 a.m.3 views

PT-2021-11213 · Silverstripe · Silverstripe

Name of the Vulnerable Software and Affected Versions: SilverStripe versions prior to 4.6.0-rc1 Description: The issue concerns the GraphQL module in SilverStripe, which by default accepts basic-auth as an authentication method. This allows bypassing multi-factor authentication MFA if the...

6.5CVSS6.5AI score0.01157EPSS
Exploits1References10
Prion
Prion
added 2021/05/28 5:15 p.m.19 views

Authentication flaw

Authelia is a a single sign-on multi-factor portal for web apps. This affects uses who are using nginx ngxhttpauthrequestmodule with Authelia, it allows a malicious individual who crafts a malformed HTTP request to bypass the authentication mechanism. It additionally could theoretically affect...

7.5CVSS9.6AI score0.01868EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2021/05/28 5:0 p.m.99 views

CVE-2021-32637

CVE-2021-32637 affects Authelia when used with nginx ngx_http_auth_request_module; a maliciously crafted malformed HTTP request can bypass the authentication mechanism. Public documentation notes that this applies primarily to nginx, while other proxies may not allow malformed URI paths. The root...

10CVSS9.6AI score0.01868EPSS
Exploits1References2Affected Software1
Akamai Blog
Akamai Blog
added 2021/05/21 11:0 a.m.30 views

Why FIDO2 Is the Answer to Better Security

A groundbreaking increase in security incidents is affecting governments around the world. In light of this, the United States issued a formal order to implement a robust set of security measures designed to improve the security of federal systems. In his most recent executive order, President...

7.7AI score
Exploits0
Akamai Blog
Akamai Blog
added 2021/05/21 4:0 a.m.17 views

Why FIDO2 is the Answer to Better Security

A groundbreaking increase in security incidents is affecting governments around the world. In light of this, the United States issued a formal order to implement a robust set of security measures designed to improve the security of federal systems. In his most recent executive order, President...

1.5AI score
Exploits0
The Hacker News
The Hacker News
added 2021/05/20 10:20 a.m.52 views

Is Single Sign-On Enough to Secure Your SaaS Applications?

If there's one thing all great SaaS platforms share in common, it's their focus on simplifying the lives of their end-users. Removing friction for users in a safe way is the mission of single sign-on SSO providers. With SSO at the helm, users don't have to remember separate passwords for each app...

Exploits0
Krebs on Security
Krebs on Security
added 2021/05/19 3:13 p.m.180 views

Recycle Your Phone, Sure, But Maybe Not Your Number

Many online services allow users to reset their passwords by clicking a link sent via SMS, and this unfortunately widespread practice has turned mobile phone numbers into de facto identity documents. Which means losing control over one thanks to a divorce, job termination or financial crisis can ...

7AI score
Exploits0
OSV
OSV
added 2021/05/16 4:15 p.m.4 views

CVE-2021-29041

Denial-of-service DoS vulnerability in the Multi-Factor Authentication module in Liferay DXP 7.3 before fix pack 1 allows remote authenticated attackers to prevent any user from authenticating by 1 enabling Time-based One-time password TOTP on behalf of the other user or 2 modifying the other...

6.5CVSS5.8AI score0.01148EPSS
Exploits0References2
NVD
NVD
added 2021/05/16 4:15 p.m.16 views

CVE-2021-29041

Denial-of-service DoS vulnerability in the Multi-Factor Authentication module in Liferay DXP 7.3 before fix pack 1 allows remote authenticated attackers to prevent any user from authenticating by 1 enabling Time-based One-time password TOTP on behalf of the other user or 2 modifying the other...

6.5CVSS0.01148EPSS
Exploits0References2
Prion
Prion
added 2021/05/16 4:15 p.m.21 views

Denial of service

Denial-of-service DoS vulnerability in the Multi-Factor Authentication module in Liferay DXP 7.3 before fix pack 1 allows remote authenticated attackers to prevent any user from authenticating by 1 enabling Time-based One-time password TOTP on behalf of the other user or 2 modifying the other...

4CVSS6.4AI score0.01148EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2021/05/16 3:14 p.m.76 views

CVE-2021-29041

CVE-2021-29041 is a DoS vulnerability in the Multi-Factor Authentication (MFA) module of Liferay DXP 7.3 prior to fix pack 1. The issue allows remote authenticated attackers to prevent any user from authenticating by (1) enabling TOTP on behalf of another user or (2) modifying the other user’s TO...

6.5CVSS6.3AI score0.01148EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2021/05/16 3:14 p.m.18 views

CVE-2021-29041

Denial-of-service DoS vulnerability in the Multi-Factor Authentication module in Liferay DXP 7.3 before fix pack 1 allows remote authenticated attackers to prevent any user from authenticating by 1 enabling Time-based One-time password TOTP on behalf of the other user or 2 modifying the other...

6.6AI score0.01148EPSS
Exploits0References2
ThreatPost
ThreatPost
added 2021/05/12 3:48 p.m.110 views

‘FragAttacks’: Wi-Fi Bugs Affect Millions of Devices

A Belgian security researcher specializing in Wi-Fi bugs has unearthed a clutch of new ones, which he called FragAttacks, that affect the Wi-Fi standard itself. The name is short for “fragmentation and aggregation attacks.” Some bugs date back to 1997, meaning that computers, smartphones or other...

6.5CVSS6.8AI score0.07604EPSS
Exploits4References31
Rows per page
Query Builder