11 matches found
GHSA-JMMG-JQC7-5QF4 OpenClaw's browser-origin WebSocket auth hardening gap could enable loopback password brute-force chains
This issue is a browser-origin WebSocket auth chain on local loopback deployments using password auth. It is serious, but conditional: an attacker must get the user to open a malicious page and then successfully guess the gateway password. Context and Preconditions OpenClaw’s web/gateway surface ...
goEnumBruteSpray - User Enumeration And Password Bruteforce On Azure, ADFS, OWA, O365 And Gather Emails On Linkedin
The recommended module is o365 for user enumeration and passwords bruteforce / spray . Additional information can be retrieved to avoid account lockout, to know that the password is good but expired, MFA enabled,... Linkedin This module should be used to retrieve a list of email addresses before...
Ian Dunn: Multiple server ssh usernames leaked in your github repository
hi security team,while searching on github,I have found multiple ssh usernames that belongs to your organization are exposed in the organization github repository STEPS TO REPRODUCE:- 1.Go to this repository. you will see the leaked multiple server ssh usernames...
Shreder - A Powerful Multi-Threaded SSH Protocol Password Bruteforce Tool
Shreder is a powerful multi-threaded SSH protocol password brute-force tool. Features Very fast password guessing, just one password in 0.1 second. Optimized for big password lists, Shreder tries 1000 passwords in 1 minute and 40 seconds. Simple CLI and API usage. Installation pip3 install...
CVE-2021-27935
An issue was discovered in AdGuard before 0.105.2. An attacker able to get the user's cookie is able to bruteforce their password offline, because the hash of the password is stored in the cookie...
CVE-2021-27935
An issue was discovered in AdGuard before 0.105.2. An attacker able to get the user's cookie is able to bruteforce their password offline, because the hash of the password is stored in the cookie...
Design/Logic Flaw
An issue was discovered in AdGuard before 0.105.2. An attacker able to get the user's cookie is able to bruteforce their password offline, because the hash of the password is stored in the cookie...
CVE-2021-27935
Affected software: AdGuard prior to 0.105.2. The issue is that the password hash is stored in the user cookie, enabling an attacker who can obtain a user cookie to offline-brute-force the password. This is a server-side authentication-credential exposure via cookies. Impact stated: offline passwo...
ManageEngine Password Manager Pro 8102 to 8302 - Multiple Vulnerabilities
ManageEngine Password Manager Pro 8102 to 8302 - Multiple Vulnerabilities Systems Affected Product : ManageEngine Password Manager Pro Company : ZOHO Corp. Build Number : 8.1 to 8.3 and probably earlier versions Affected Versions : 8102 to 8302 and probably earlier versions Product Description...
ManageEngine Password Manager Pro 8102 to 8302 - Multiple Vulnerabilities
Exploit for jsp platform in category web applications Systems Affected Product : ManageEngine Password Manager Pro Company : ZOHO Corp. Build Number : 8.1 to 8.3 and probably earlier versions Affected Versions : 8102 to 8302 and probably earlier versions Product Description Password Manager Pro i...
Zyxel P660RT2 multiple security vulnerabilities
Crossite scripting, CSRF, password bruteforce...