Note Mark: OIDC-registered users authenticated by submitting password "null"

Summary IsPasswordMatch in backend/db/models.go falls back to a hard-coded bcrypt"null" placeholder whenever a user has no stored password. OIDC-registered users are created with an empty password, so anyone who submits password: "null" to the internal login endpoint receives a valid session for...

Symfony 安全漏洞

Symfony is a PHP framework for web and console applications and a set of reusable PHP components from Symfony, Inc. A security vulnerability exists in Symfony version v7.0.7, which stems from a failure to adequately handle a login request with a null username or password field, which could result...

CVE-2018-1668

IBM DataPower Gateway 7.5.0.0 through 7.5.0.19, 7.5.1.0 through 7.5.1.18, 7.5.2.0 through 7.5.2.18, and 7.6.0.0 through 7.6.0.11 appliances allows "null" logins which could give read access to IPMI data to obtain sensitive information. IBM X-Force ID: 144894...

CVE-2018-1668

IBM DataPower Gateway 7.5.0.0 through 7.5.0.19, 7.5.1.0 through 7.5.1.18, 7.5.2.0 through 7.5.2.18, and 7.6.0.0 through 7.6.0.11 appliances allows "null" logins which could give read access to IPMI data to obtain sensitive information. IBM X-Force ID: 144894...

rsh NULL Login Remote Privilege Escalation

It is possible to execute arbitrary command on this host using rsh by supplying a NULL username. C Tenable Network Security, Inc. include"compat.inc"; include"dataprotection.inc"; ifdescription scriptid10096; scriptversion "1.17"; scriptcvsdate"Date: 2018/08/13 14:32:36";...

PT-1997-1082 · In.Rshd · In.Rshd

Name of the Vulnerable Software and Affected Versions: in.rshd affected versions not specified Description: The issue allows users to login with a NULL username and execute commands. Recommendations: At the moment, there is no information about a newer version that contains a fix for this...