17 matches found
EUVD-2017-11017
Malware in sbrugna...
EUVD-2016-10168
Malware in sbrugna...
Business Logic Errors
github.com/answerdev/answer is vulnerable to Business Logic Errors. The vulnerability exists in UpdateUserPassword function at userbackyard.go because the password restrictions are not properly set which allows an attacker to lock victims out of their account...
PYSEC-2022-297
Weak Password Requirements in GitHub repository ikus060/rdiffweb prior to 2.4.9...
Reduce End-User Password Change Frustrations
Organizations today must give attention to their cybersecurity posture, including policies, procedures, and technical solutions for cybersecurity challenges. This often results in a greater burden on the IT service desk staff as end-users encounter issues related to security software, policies, a...
Denial Of Service (DoS)
ipa is vulnerable to denial of service. The lack of password length restrictions leads to denial of service...
Linux: PASS_MIN_DAYS in /etc/login.defs
The SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.150276";...
Micro Focus Novell eDirectory Password Restriction Vulnerability
Micro Focus Novell eDirectory is an identity management infrastructure platform that combines identity management architecture and directory services technology from Micro Focus, UK. The platform provides authentication policies, data backup and recovery services, and data disaster recovery. A...
MGASA-2017-0100 Updated phpmyadmin packages fix security vulnerability
A vulnerability was discovered where the restrictions caused by $cfg'Servers'$i'AllowNoPassword' = false are bypassed under certain PHP versions. This can allow the login of users who have no password set even if the administrator has set $cfg'Servers'$i'AllowNoPassword' to false which is also th...
CVE-2016-5838
WordPress before 4.5.3 allows remote attackers to bypass intended password-change restrictions by leveraging knowledge of a cookie...
EXPRESSCLUSTER X vulnerable to directory traversal
Overview EXPRESSCLUSTER X from NEC Corporation is software to provide high availability HA clustering. EXPRESSCLUSTER X contains an issue in WebManager, which may lead to directory traversal. Yusuke SAKAI of Cyber Defense Institute, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated...
CVE-2013-2032
MediaWiki before 1.19.6 and 1.20.x before 1.20.5 does not allow extensions to prevent password changes without using both Special:PasswordReset and Special:ChangePassword, which allows remote attackers to bypass the intended restrictions of an extension that only implements one of these blocks...
Better error handling when changing password with LDAP connected
panel:bgColor=e7f4fa NOTE: This suggestion is for JIRA Server. Using JIRA Cloud? See the corresponding suggestion|http://jira.atlassian.com/browse/JRACLOUD-34098. panel When configuring JIRA to connect to LDAP directory with Read/Write permission, user could encounter such error as the following...
Better error handling when changing password with LDAP connected
When configuring JIRA to connect to LDAP directory with Read/Write permission, user could encounter such error as the following when trying to change their password. This error will be thrown when the LDAP directory has a certain password restrictions and the user input the password which does no...
Forgot Password/Crowd Integration exception handling and regex improvements
If JIRA is integrated with Crowd, and Crowd has password restrictions e.g. regex, a user will receive a stack trace in JIRA if the new password does not meet Crowd's password requirements e.g. through the Forgot Password link in JIRA. noformat java.lang.IllegalArgumentException: Could not change...
Смена неменяемого пароля в Windows NT (protection bypass)
Изменить неизменяемый пароль или пароль блокированной записи можно через IIS...
Corsaire Limited Security Advisory - Symantec/Axent NetProwler 3. 5.x password restrictions
-- Corsaire Limited Security Advisory -- Title: Symantec/Axent NetProwler 3.5.x password restrictions Date: 17.03.01 Application: Symantec/Axent NetProwler 3.5.x Environment: WinNT Author: Martin O'Neal [email protected] Audience: General distribution -- Scope -- The aim of this document ...