7 matches found
CVE-2026-45039 RustFS: Internode RPC HMAC secret falls back to public default credential, enabling peer impersonation
RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta.2, the internode RPC layer authenticates every request with an HMAC-SHA256 signature using a shared secret. The function that produces this secret, getsharedsecret in crates/ecstore/src/rpc/httpauth.rs, falls back to...
CVE-2026-45039 RustFS: Internode RPC HMAC secret falls back to public default credential, enabling peer impersonation
RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta.2, the internode RPC layer authenticates every request with an HMAC-SHA256 signature using a shared secret. The function that produces this secret, getsharedsecret in crates/ecstore/src/rpc/httpauth.rs, falls back to...
CVE-2026-45039
RustFS prior to 1.0.0-beta.2 uses an HMAC-SHA256 signature for internode RPC authentication that falls back to DEFAULT_SECRET_KEY = "rustfsadmin" if neither RUSTFS_RPC_SECRET nor the global S3 secret key is configured. The vulnerability arises from get_shared_secret() in crates/ecstore/src/rpc/ht...
ChainSafe js-libp2p-noise 数据伪造问题漏洞
ChainSafe js-libp2p-noise is an open source implementation of TypeScript containing the noise protocol from ChainSafe Canada. ChainSafe js-libp2p-noise is vulnerable to a data forgery issue that allows a man-in-the-middle to impersonate other peers and disable those peers...
CVE-2021-41025
Multiple vulnerabilities in the authentication mechanism of confd in FortiWeb versions 6.4.1, 6.4.0, 6.3.0 through 6.3.15, 6.2.0 through 6.2.6, 6.1.0 through 6.1.2, 6.0.0 thorugh 6.0.7, including an instance of concurrent execution using shared resource with improper synchronization and one of...
Fortinet FortiWeb 竞争条件问题漏洞
Fortinet FortiWeb is a web application layer firewall from Fortinet that blocks threats such as cross-site scripting, SQL injection, cookie poisoning, schema poisoning and other attacks, secures web applications and protects sensitive database content. A security vulnerability exists that could b...
MGASA-2016-0219 Updated ntp packages fix security vulnerability
ntpq and ntpdc disclose the origin timestamp to unauthenticated clients, which may allow an attacker to impersonate a legitimate peer CVE-2015-8139. An attacker who is able to spoof packets with correct origin timestamps from enough servers before the expected response packets arrive at the targe...