EUVD-2016-9941

Malware in sbrugna...

CVE-2019-13918

A vulnerability has been identified in SINEMA Remote Connect Server All versions V2.0 SP1. The web interface has no means to prevent password guessing attacks. The vulnerability could be exploited by an attacker with network access to the vulnerable software, requiring no privileges and no user...

Inadequate Logging

tog-pegasus does not log authentication attempts. Failed authentication attempts against the OpenPegasus CIM server were not logged to the system log as documented in README.RedHat.Security. An attacker could use this flaw to perform password guessing attacks against a user account without leavin...

CVE-2017-10356

It was discovered that the Security component of OpenJDK generated weak password-based encryption keys used to protect private keys stored in key stores. This made it easier to perform password guessing attacks to decrypt stored keys if an attacker could gain access to a key store...

CVE-2019-13918

A vulnerability has been identified in SINEMA Remote Connect Server All versions V2.0 SP1. The web interface has no means to prevent password guessing attacks. The vulnerability could be exploited by an attacker with network access to the vulnerable software, requiring no privileges and no user...

WPA3

Everyone is writing about the new WPA3 Wi-Fi security standard, and how it improves security over the current WPA2 standard. This summary is as good as any other: The first big new feature in WPA3 is protection against offline, password-guessing attacks. This is where an attacker captures data fr...

CVE-2016-9124

Revive Adserver before 3.2.3 suffers from Improper Restriction of Excessive Authentication Attempts. The login page of Revive Adserver is vulnerable to password-guessing attacks. An account lockdown feature was considered, but rejected to avoid introducing service disruptions to regular users...

CVE-2016-9124

Revive Adserver before 3.2.3 suffers from Improper Restriction of Excessive Authentication Attempts. The login page of Revive Adserver is vulnerable to password-guessing attacks. An account lockdown feature was considered, but rejected to avoid introducing service disruptions to regular users...

Revive Adserver Multiple Vulnerabilities

Revive Adserver is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:revive:adserver"; if...

[SYSS-2014-013] FancyFon FAMOC - Use of a One-Way Hash without a Salt

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2014-013 Products: FAMOC Vendor: FancyFon Affected Versions: 3.16.5 Tested Versions: 3.16.5 Vulnerability Type: Use of a One-Way Hash without a Salt CWE-759 Risk Level: Low Solution Status: Fixed Vendor Notification: 2014-12-19...

Localize: No BruteForce Protection

A common threat web developers face is a password-guessing attack known as a brute force attack. A brute-force attack is an attempt to discover a password by systematically trying every possible combination of letters, numbers, and symbols until you discover the one correct combination that works...

Scientific Linux Security Update : samba4 on SL6.x i386/x86_64 (20140409)

It was found that certain Samba configurations did not enforce the password lockout mechanism. A remote attacker could use this flaw to perform password guessing attacks on Samba user accounts. Note: this flaw only affected Samba when deployed as a Primary Domain Controller. CVE-2013-4496 A flaw...

HackerOne: Login page password-guessing attack

A brute-force attack is an attempt to discover a password by systematically trying every possible combination of letters, numbers, and symbols until you discover the one correct combination that works. hackerone.com page doesn't have any protection against password-guessing attacks brute force...

CVE-2012-5627

Oracle MySQL and MariaDB 5.5.x before 5.5.29, 5.3.x before 5.3.12, and 5.2.x before 5.2.14 does not modify the salt during multiple executions of the changeuser command within the same connection which makes it easier for remote authenticated users to conduct brute force password guessing attacks...

Command injection

Oracle MySQL and MariaDB 5.5.x before 5.5.29, 5.3.x before 5.3.12, and 5.2.x before 5.2.14 does not modify the salt during multiple executions of the changeuser command within the same connection which makes it easier for remote authenticated users to conduct brute force password guessing attacks...

CVE-2012-3798

The Janrain Capture module 6.x-1.0 and 7.x-1.0 for Drupal, when creating a local user account, allows attackers to obtain part of the initial input used to generate passwords, which makes it easier to conduct brute force password guessing attacks...

Design/Logic Flaw

tog-pegasus in OpenGroup Pegasus 2.7.0 on Red Hat Enterprise Linux RHEL 5, Fedora 9, and Fedora 10 does not log failed authentication attempts to the OpenPegasus CIM server, which makes it easier for remote attackers to avoid detection of password guessing attacks...

CVE-2006-4080

DeluxeBB 1.08, and possibly earlier, uses cookies that include the MD5 hash of a password, which allows remote attackers to gain privileges by sniffing or cross-site scripting XSS and conduct password guessing attacks...

Design/Logic Flaw

enter.asp in Mini-Nuke 2.3 and earlier makes it easier for remote attackers to conduct password guessing attacks by setting the guvenlik parameter to the same value as the hidden gguvenlik parameter, which bypasses a verification step because the gguvenlik parameter is assumed to be immutable by...

CVE-2006-2734

enter.asp in Mini-Nuke 2.3 and earlier makes it easier for remote attackers to conduct password guessing attacks by setting the guvenlik parameter to the same value as the hidden gguvenlik parameter, which bypasses a verification step because the gguvenlik parameter is assumed to be immutable by...