14 matches found
CVE-2025-59093
Exos 9300 is affected by an insecure database password derivation in which a randomly generated password is built from static random values concatenated with the hostname and a registry-read string. This allows an attacker to derive the database password and authenticate as the user Exos9300Commo...
MiracleLinux 8 : cloud-init-20.3-10.el8.5 (AXSA:2021-2312:08)
The remote MiracleLinux 8 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2021-2312:08 advisory. cloud-init: randomly generated passwords logged in clear-text to world-readable file CVE-2021-3429 Tenable has extracted the preceding description block...
NewStart CGSL MAIN 6.06 : cloud-init Multiple Vulnerabilities (NS-SA-2025-0230)
The remote NewStart CGSL host, running version MAIN 6.06, has cloud-init packages installed that are affected by multiple vulnerabilities: - The default cloud-init configuration, in cloud-init 0.6.2 and newer, included sshdeletekeys: 0, disabling cloud-init's deletion of ssh host keys. In some...
Linux Distros Unpatched Vulnerability : CVE-2020-8631
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - cloud-init through 19.4 relies on Mersenne Twister for a random password, which makes it easier for attackers to predict passwords, because randstr in...
WordPress plugin Civi 访问控制错误漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An access control...
Source code of password manager LastPass stolen by attacker
In a security incident notice from LastPass the company informed the public know that an unauthorized party gained access to portions of the LastPass development environment through a single compromised developer account. There is no evidence that this incident involved any access to customer dat...
cloud-init: randomly generated passwords logged in clear-text to world-readable file
A flaw was found in cloud-init. When a system is configured through cloud-init and the "Set Passwords" module is used with "chpasswd" directive and "RANDOM", the randomly generated password for the relative user is written in clear-text in a file readable by any existing user of the system. The...
cloud-init: randomly generated passwords logged in clear-text to world-readable file
A flaw was found in cloud-init. When a system is configured through cloud-init and the "Set Passwords" module is used with "chpasswd" directive and "RANDOM", the randomly generated password for the relative user is written in clear-text in a file readable by any existing user of the system. The...
cloud-init: randomly generated passwords logged in clear-text to world-readable file
A flaw was found in cloud-init. When a system is configured through cloud-init and the "Set Passwords" module is used with "chpasswd" directive and "RANDOM", the randomly generated password for the relative user is written in clear-text in a file readable by any existing user of the system. The...
Information Disclosure
cloud-init is vulnerable to Information Disclosure. When a user specified configuration which would generate random passwords for users, cloud-init causes those passwords to be written to the serial console by emitting them on stderr. In the default configuration, any stdout or stderr emitted by...
How Does Your AD Password Policy Compare to NIST's Password Recommendations?
End-user passwords are one of the weakest components of your overall security protocols. Most users tend to reuse passwords across work and personal accounts. They may also choose relatively weak passwords that satisfy company password policies but can be easily guessed or brute-forced. Your user...
[SECURITY] Fedora 31 Update: makepasswd-0.5.3-18.fc31
Makepasswd generates pseudo-random passwords of a desired length...
CVE-2013-4786 for LOM vulnerability
Mitigation recommendations for vulnerability CVE-2013-4786: 1. Setup SSL on the LOM port to encrypt credentials during login. 2. Follow the Secure Deployment Guide for Citrix ADC to isolate all management ports including the BMC management port on a management VLAN as is industry best practice...
D-Link Planning to Patch Router Backdoor Bug
D-Link is in the process of developing a patch for a serious security vulnerability in some of its older routers that essentially functions as a backdoor. The bug, discovered by a security researcher and publicized over the weekend, enables a remote user to log into an affected router as an...