CVE-2019-18199

An issue was discovered on Fujitsu Wireless Keyboard Set LX390 GK381 devices. Because of the lack of proper encryption of 2.4 GHz communication, and because of password-based authentication, they are vulnerable to replay attacks...

Shadow Credentials

Microsoft has introduced Windows Hello for Business WHfB to replace traditional password based authentication with a key based trust model. This implementation uses PIN or… Continue reading - Shadow Credentials...

EAP-pwd 加密问题漏洞

EAP-pwd is an EAP authentication method that uses a shared password for authentication. A cryptographic issue vulnerability exists in EAP-pwd that stems from a cache access mode error in the hostapd and wpa supplicant components of the product. An attacker could use this vulnerability to launch a...

SUSE: Security Advisory (SUSE-SU-2019:1088-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Design/Logic Flaw

An issue was discovered on Fujitsu Wireless Keyboard Set LX390 GK381 devices. Because of the lack of proper encryption of 2.4 GHz communication, and because of password-based authentication, they are vulnerable to replay attacks...

openSUSE: Security Advisory for wpa_supplicant (openSUSE-SU-2019:1345-1)

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

openSUSE Security Update : wpa_supplicant (openSUSE-2019-1345)

This update for wpasupplicant fixes the following issues : This security issue was fixed : - CVE-2018-14526: Under certain conditions, the integrity of EAPOL-Key messages was not checked, leading to a decryption oracle. An attacker within range of the Access Point and client could have abused the...

ALPINE-CVE-2019-9497

The implementations of EAP-PWD in hostapd EAP Server and wpasupplicant EAP Peer do not validate the scalar and element values in EAP-pwd-Commit. This vulnerability may allow an attacker to complete EAP-PWD authentication without knowing the password. However, unless the crypto library does not...

UBUNTU-CVE-2019-9497

The implementations of EAP-PWD in hostapd EAP Server and wpasupplicant EAP Peer do not validate the scalar and element values in EAP-pwd-Commit. This vulnerability may allow an attacker to complete EAP-PWD authentication without knowing the password. However, unless the crypto library does not...

UBUNTU-CVE-2019-9498

The implementations of EAP-PWD in hostapd EAP Server, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in EAP-pwd-Commit. An attacker may be able to use invalid scalar/element values to complete authentication,...

openSUSE Security Update : wpa_supplicant (openSUSE-2019-871)

This update for wpasupplicant provides the following fixes : This security issues was fixe : - CVE-2018-14526: Under certain conditions, the integrity of EAPOL-Key messages was not checked, leading to a decryption oracle. An attacker within range of the Access Point and client could have abused t...

GoScanSSH Malware Targets SSH Servers, But Avoids Military and .GOV Systems

Researchers have identified a new malware family, dubbed GoScanSSH, that targets public facing SSH servers, but avoids those linked to government and military IP addresses. The malware has been in the wild since June 2017 and exhibits a number of unique characteristics, such as being written in t...

CVE-2013-5163

Directory Services in Apple Mac OS X before 10.8.5 Supplemental Update allows local users to bypass password-based authentication and modify arbitrary Directory Services records via unspecified vectors...

Serv-U Empty Password Authentication Bypass Vulnerability

Serv-U is prone to an authentication-bypass vulnerability. Attackers can exploit this issue to gain unauthorized access to the affected application. However, this requires that the application has password-based authentication disabled. Serv-U 10.2.0.2 and versions prior to 10.3.0.1 are vulnerabl...

RHEL 2.1 : openssh (RHSA-2003:224)

Updated OpenSSH packages are now available. These updates close an information leak caused by sshd's interaction with the PAM system. OpenSSH is a suite of network connectivity tools that can be used to establish encrypted connections between systems on a network and can provide interactive login...