Ross Anderson’s Memorial Service

The memorial service for Ross Anderson will be held on Saturday, at 2:00 PM BST. People can attend remotely on Zoom. The passcode is "L3954FrrEF"...

Cisco Webex Meetings Meeting Information and Metadata Issue June 2024

In early May 2024, Cisco identified bugs in Cisco Webex Meetings that we now believe were leveraged in targeted security research activity allowing unauthorized access to meeting information and metadata in Cisco Webex deployments for certain customers. These bugs have been addressed and a fix ha...

Zebra Industrial Printers Insufficiently Protected Credentials (CVE-2019-10960)

Zebra Industrial Printers All Versions, Zebra printers are shipped with unrestricted end-user access to front panel options. If the option to use a passcode to limit the functionality of the front panel is applied, specially crafted packets could be sent over the same network to a port on the...

CVE-2024-2431

An issue in the Palo Alto Networks GlobalProtect app enables a non-privileged user to disable the GlobalProtect app in configurations that allow a user to disable GlobalProtect with a passcode...

CVE-2024-2431

An issue in the Palo Alto Networks GlobalProtect app enables a non-privileged user to disable the GlobalProtect app in configurations that allow a user to disable GlobalProtect with a passcode...

CVE-2024-2431 GlobalProtect App: Local User Can Disable GlobalProtect

An issue in the Palo Alto Networks GlobalProtect app enables a non-privileged user to disable the GlobalProtect app in configurations that allow a user to disable GlobalProtect with a passcode...

PT-2024-20351 · Palo Alto Networks · Palo Alto Networks Globalprotect

Name of the Vulnerable Software and Affected Versions: Palo Alto Networks GlobalProtect app affected versions not specified Description: An issue in the Palo Alto Networks GlobalProtect app enables a non-privileged user to disable the GlobalProtect app in configurations that allow a user to disab...

Apple to introduce new feature that makes life harder for iPhone thieves

Reportedly, Apple has plans to make it harder for iPhone thieves to steal your personal information even if they have your device’s passcode. A new feature called Stolen Device Protection is included in the beta version of iOS 17.3. The feature limits access to your private information in case...

PT-2023-6519 · Apple · Watchos

Name of the Vulnerable Software and Affected Versions: watchOS versions prior to 10 Description: An authentication issue was addressed with improved state management. The issue is related to the Passcode component of the watchOS operating system and is associated with deficiencies in the...

Windows Workspace Authentication Error "incorrect user name or password" via NetScaler Gateway

When using Windows workspace, after input username, password and passcode, error prompt "incorrect username or password"two-factor basic authentication. And can't access Storefront resource list. While access same Gateway with Web Browser is working fine...

How to Automatically Delete Passcode Texts on Android and iOS

Here’s one simple way to reduce your security risk while logging in...

HammerSpace GDE / GFS 4.6.6-324 Authentication Bypass

Affected Product: HammerSpace Global Data Environment / Global File System - https://hammerspace.com/product Affected Versions: v4.6.6-324 and below with default installation/configuration. Vendor Notified: Yes, sometime between: 08/2022 and 10/2022, confirmed 2023-03-21 there is a fix in an...

CVE-2023-28646

Nextcloud android is an android app for interfacing with the nextcloud home server ecosystem. In versions from 3.7.0 and before 3.24.1 an attacker that has access to the unlocked physical device can bypass the Nextcloud Android Pin/passcode protection via a thirdparty app. This allows to see meta...

Design/Logic Flaw

Nextcloud android is an android app for interfacing with the nextcloud home server ecosystem. In versions from 3.7.0 and before 3.24.1 an attacker that has access to the unlocked physical device can bypass the Nextcloud Android Pin/passcode protection via a thirdparty app. This allows to see meta...

CVE-2023-28646 App lockout in nextcloud Android app can be bypassed via thirdparty apps

Nextcloud android is an android app for interfacing with the nextcloud home server ecosystem. In versions from 3.7.0 and before 3.24.1 an attacker that has access to the unlocked physical device can bypass the Nextcloud Android Pin/passcode protection via a thirdparty app. This allows to see meta...

CVE-2023-28646

CVE-2023-28646 affects Nextcloud Android app versions 3.7.0 through 3.24.0 (fixed in 3.24.1). An attacker with physical access to an unlocked device can bypass the Android Pin/passcode protection via a third-party app, enabling access to meta information such as sharers, sharees, and file activit...

[NetScaler] LDAP password can be changed with an incorrect Radius Passcode

Below is an example of common 2Factor authentication flow: Root factor: Start Login Schema XML = /nsconfig/loginschema/LoginSchema/DualAuth.xml Adv Authn Policy = LDAPPol Rule = true Action = LDAPAct Next Factor if Success = RadiusFactor Login Schema Profile = LSCHEMAINT Adv Authn Policy =...

CVE-2023-20857

VMware Workspace ONE Content contains a passcode bypass vulnerability. A malicious actor, with access to a users rooted device, may be able to bypass the VMware Workspace ONE Content passcode...

CVE-2023-20857

VMware Workspace ONE Content contains a passcode bypass vulnerability. A malicious actor, with access to a users rooted device, may be able to bypass the VMware Workspace ONE Content passcode...

Design/Logic Flaw

VMware Workspace ONE Content contains a passcode bypass vulnerability. A malicious actor, with access to a users rooted device, may be able to bypass the VMware Workspace ONE Content passcode...