534 matches found
Authentication flaw
DISPUTED An issue was discovered in the LINE jp.naver.line application 8.8.0 for iOS. The Passcode feature allows authentication bypass via runtime manipulation that forces a certain method to disable passcode authentication. NOTE: the vendor indicates that this is not an attack of interest withi...
CVE-2018-13446
An issue was discovered in the LINE jp.naver.line application 8.8.1 for Android. The Passcode feature allows authentication bypass via runtime manipulation that forces a certain method's return value to true. In other words, an attacker could authenticate with an arbitrary passcode. NOTE: the...
CVE-2018-13435
An issue was discovered in the LINE jp.naver.line application 8.8.0 for iOS. The Passcode feature allows authentication bypass via runtime manipulation that forces a certain method to disable passcode authentication. NOTE: the vendor indicates that this is not an attack of interest within the...
CVE-2018-13435
The CVE-2018-13435 entry applies to the LINE jp.naver.line iOS app (version 8.8.0). A vulnerability in the Passcode feature allows authentication bypass via runtime manipulation that forces a method to disable passcode authentication. This is a local issue with high impact (per CVSS), effectively...
PT-2018-11822 · Naver · Line
Name of the Vulnerable Software and Affected Versions: LINE jp.naver.line application version 8.8.0 for iOS Description: An issue in the LINE application allows authentication bypass via runtime manipulation that forces a certain method to disable passcode authentication. The vendor notes that th...
FreeBSD : gitea -- TOTP passcode reuse (bcf56a42-9df8-11e8-afb0-589cfc0f81b0)
The Gitea project reports : TOTP passcodes can be reused. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from the FreeBSD VuXML database : Copyright 2003-2018 Jacques Vidrine and contributors Redistribution and use in source VuXML and...
CVE-2018-12446
An issue was discovered in the com.dropbox.android application 98.2.2 for Android. The Passcode feature allows authentication bypass via runtime manipulation that forces a certain method's return value to true. In other words, an attacker could authenticate with an arbitrary passcode. NOTE: the...
Authentication flaw
DISPUTED An issue was discovered in the com.dropbox.android application 98.2.2 for Android. The Passcode feature allows authentication bypass via runtime manipulation that forces a certain method's return value to true. In other words, an attacker could authenticate with an arbitrary passcode...
CVE-2018-12446
An issue was discovered in the com.dropbox.android application 98.2.2 for Android. The Passcode feature allows authentication bypass via runtime manipulation that forces a certain method's return value to true. In other words, an attacker could authenticate with an arbitrary passcode. NOTE: the...
CVE-2018-12446
Summary : The vulnerability CVE-2018-12446 affects the Dropbox Android app (com.dropbox.android) version 98.2.2. The Passcode feature can be bypassed via runtime manipulation that makes a method return true, allowing an attacker to authenticate with an arbitrary passcode. The vendor notes this is...
CVE-2018-12446
An issue was discovered in the com.dropbox.android application 98.2.2 for Android. The Passcode feature allows authentication bypass via runtime manipulation that forces a certain method's return value to true. In other words, an attacker could authenticate with an arbitrary passcode. NOTE: the...
PT-2018-11179 · Dropbox · Com.Dropbox.Android
Name of the Vulnerable Software and Affected Versions: com.dropbox.android version 98.2.2 Description: An issue in the Passcode feature allows authentication bypass via runtime manipulation, forcing a certain method's return value to true, enabling an attacker to authenticate with an arbitrary...
Security Bulletin: IBM Maximo Anywhere contains an unspecified vulnerability that could allow a remote attacker to obtain sensitive information (CVE-2015-4945)
Summary A security vulnerability in IBM Maximo Anywhere could allow an attacker to bypass passcode protections to obtain sensitive information. Vulnerability Details CVEID: CVE-2015-4945 DESCRIPTION: IBM Maximo Anywhere contains an unspecified vulnerability that could allow a remote attacker to...
Seven security tips for staying safe on an iPhone
iPhones have a reputation for being notoriously secure. After all, they caused quite the kerfuffle between Apple and the FBI because they are, from the FBI's point of view, too secure! However, don't let that lull you into a false sense of security. Using an iPhone is not an automatic guarantee o...
BrilliantTS FUZE card (MCU firmware 0.1.73, BLE firmware 0.7.4)Vulnerability
Description of FUZE Card FUZE is an IoT device the size, shape, and thickness of a normal credit card. You program credit cards into it via Bluetooth BLE using a smart phone app. When you go to pay, you use the buttons and e-Paper display to select which card to emulate. The magnetic stripe...
GrayKey iPhone unlocker poses serious security concerns
Ever since the case of the San Bernadino shooter pitted Apple against the FBI over the unlocking of an iPhone, opinions have been split on providing backdoor access to the iPhone for law enforcement. Some felt that Apple was aiding and abetting a felony by refusing to create a special version of...
Linux/x86-64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Password (doomedra) Shellcode (175 bytes)
/ ;Author - Andriy Brukhovetskyy - doomedraven - SLAEx64 - 1322 ;175 bytes ;http://www.doomedraven.com/2014/05/slaex64-shellbindtcp-with-passcode.html global start section .text start: push byte 0x29 ; 41 - socket syscall pop rax push byte 0x02 ; AFINET pop rdi push byte 0x01 ; SOCKSTREAM pop rsi...
CVE-2017-17436
An issue was discovered in the software on Vaultek Gun Safe VT20i products. There is no encryption of the session between the Android application and the safe. The website and marketing materials advertise that this communication channel is encrypted with "Highest Level Bluetooth Encryption" and...
Apple iPhone X Face ID Fooled by a Mask
Apple’s Face ID technology, the centerpiece biometric authentication mechanism for the iPhone X, has been cracked a little more than a week after it was introduced to the public. Researchers from Vietnamese security company Bkav demonstrated that they could fool the technology to unlock the phone...
Apple's FaceID
This is a good interview with Apple's SVP of Software Engineering about FaceID. Honestly, I don't know what to think. I am confident that Apple is not collecting a photo database, but not optimistic that it can't be hacked with fake faces. I dislike the fact that the police can point the phone at...