1911 matches found
freeradius: Information leakage in EAP-PWD
In freeradius, the EAP-PWD function computepasswordelement leaks information about the password which allows an attacker to substantially reduce the size of an offline dictionary attack...
AlmaLinux 9 : freeradius (ALSA-2023:2166)
The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:2166 advisory. - In freeradius, the EAP-PWD function computepasswordelement leaks information about the password which allows an attacker to substantially reduce the siz...
freeradius: Information leakage in EAP-PWD
In freeradius, the EAP-PWD function computepasswordelement leaks information about the password which allows an attacker to substantially reduce the size of an offline dictionary attack...
May 9, 2023—KB5026372 (OS Build 22621.1702)
May 9, 2023—KB5026372 OS Build 22621.1702 For information about Windows update terminology, see the article about the types of Windows updates and the monthly quality update types. For an overview of Windows 11, version 22H2, see its update history page. Note Follow @WindowsUpdate to find out whe...
Western Digital Confirms Customer Data Stolen by Hackers in March Breach
Digital storage giant Western Digital confirmed that an "unauthorized third party" gained access to its systems and stole personal information belonging to the company's online store customers. "This information included customer names, billing and shipping addresses, email addresses and telephon...
CVE-2023-1385
Improper JPAKE implementation allows offline PIN brute-forcing due to the initialization of random values to a known value, which leads to unauthorized authentication to amzn.lightning services. This issue affects: Amazon Fire TV Stick 3rd gen versions prior to 6.2.9.5. Insignia TV with...
Input validation
Improper JPAKE implementation allows offline PIN brute-forcing due to the initialization of random values to a known value, which leads to unauthorized authentication to amzn.lightning services. This issue affects: Amazon Fire TV Stick 3rd gen versions prior to 6.2.9.5. Insignia TV with...
CVE-2023-1385
CVE-2023-1385 describes an improper JPAKE implementation that allows offline PIN brute-forcing due to initializing random values to a known value, enabling unauthorized authentication to amzn.lightning services. Affected: Amazon Fire TV Stick 3rd gen before 6.2.9.5 and Insignia TV with FireOS 7.6...
CVE-2023-1385
Improper JPAKE implementation allows offline PIN brute-forcing due to the initialization of random values to a known value, which leads to unauthorized authentication to amzn.lightning services. This issue affects: Amazon Fire TV Stick 3rd gen versions prior to 6.2.9.5. Insignia TV with...
Google Authenticator WILL get end-to-end encryption. Eventually.
Following criticism, Google has decided to bring end-to-end encryption E2EE to its Google Authenticator cloud backups. The search giant recently introduced a feature that allows users back up two-factor authentication 2FA tokens to the cloud, but the lack of encryption caused some commentators to...
Amazon Fire TV Stick 安全特征问题漏洞
The Amazon Fire TV Stick is a television voice recognition remote control from Amazon.com, Inc. The Amazon Fire TV Stick suffers from a security signature issue vulnerability that stems from initializing random numbers to known values and incorrect JPAKE implementation that allows for brute force...
CVE-2022-40722
A misconfiguration of RSA padding implemented in the PingID Adapter for PingFederate to support Offline MFA with PingID mobile authenticators is vulnerable to pre-computed dictionary attacks, leading to a bypass of offline MFA...
CVE-2022-40722
A misconfiguration of RSA padding implemented in the PingID Adapter for PingFederate to support Offline MFA with PingID mobile authenticators is vulnerable to pre-computed dictionary attacks, leading to a bypass of offline MFA...
Design/Logic Flaw
A misconfiguration of RSA padding implemented in the PingID Adapter for PingFederate to support Offline MFA with PingID mobile authenticators is vulnerable to pre-computed dictionary attacks, leading to a bypass of offline MFA...
PingID Adapter 加密问题漏洞
PingID Adapter is a middleware for authentication and access control from Ping Identity. A security vulnerability exists in PingID Adapter that stems from the vulnerability of offline MFA to pre-computed dictionary attacks, which can lead to offline MFA being bypassed...
CVE-2022-40722
CVE-2022-40722 concerns a misconfiguration of RSA padding in the PingID Adapter for PingFederate used to support Offline MFA with PingID mobile authenticators. Red Hat, NVD, CNNVD and other sources describe that this faulty padding enables pre-computed dictionary attacks that bypass offline MFA. ...
CVE-2022-40722 Misconfiguration of RSA padding for offline MFA in the PingID Adapter for PingFederate.
A misconfiguration of RSA padding implemented in the PingID Adapter for PingFederate to support Offline MFA with PingID mobile authenticators is vulnerable to pre-computed dictionary attacks, leading to a bypass of offline MFA...
CVE-2022-40722 Misconfiguration of RSA padding for offline MFA in the PingID Adapter for PingFederate.
A misconfiguration of RSA padding implemented in the PingID Adapter for PingFederate to support Offline MFA with PingID mobile authenticators is vulnerable to pre-computed dictionary attacks, leading to a bypass of offline MFA...
PT-2023-13897 · Ping Identity · Pingid Adapter For Pingfederate
Name of the Vulnerable Software and Affected Versions: PingID Adapter for PingFederate affected versions not specified Description: A misconfiguration of RSA padding in the PingID Adapter for PingFederate, used to support Offline MFA with PingID mobile authenticators, makes it vulnerable to...
QBot changes tactic, remains a menace to business networks
QBot, an infostealer-turned-dropper that aids criminal gangs in their malicious campaigns, is now being distributed as part of a phishing campaign using PDFs and Windows Script Files WSF, according to recent discoveries by malware hunter Proxylife @pr0xylife and the Cryptolaemus group...