[NetScaler-Azure] NetScaler may RESET TCP connections randomly, RESET Code: 8201

NetScaler on Azure, you may observe that some TCP connections can be RESET by NetScaler unexpectedly, RESET code is 8201. For more information about Reset code, please see:Citrix ADC NetScaler Reset Codes reference...

Improper Access Control

github.com/answerdev/answer is vulnerable to Improper Access Control. The vulnerability exists due to the reset code leakage in RetrievePassWord function, which allows an attacker to takeover the account via the password recovery mechanism...

ADC LB VIP sending Reset with code 9872

1. Application was being accessed through the LB vServer and it was not loading 2.nstrace taken on the ADC showedRST flag:0x014 sent by VIP to the client in response to almost every GET request sent by the client. 3. ADC was sending RST with window size 9872 which means Websocket upgrade request...

Account Takeover via reset password

Description Password recovery leads to Account Take Over due to reset code leakage. Proof of Concept Create an acount in https://meta.answer.dev/ and verify mail, then log out. Go to password recovery https://meta.answer.dev/users/account-recovery, insert your email and capture the server respons...

PT-2022-4655 · Nodebb · Nodebb

Name of the Vulnerable Software and Affected Versions: NodeBB Forum Software versions prior to 1.19.7 NodeBB Forum Software versions prior to 2.0.0 Description: The utils.generateUUID helper function in NodeBB Forum Software uses a cryptographically insecure pseudo-random number generator...

Fix of CVE: CVE-2021-3326, CVE-2021-43396

CVE-2021-3326: avoid denial of service due to a failed assertion - CVE-2021-43396: check actual stored character in state reset code...

Fix of CVE: CVE-2021-3326, CVE-2021-43396

CVE-2021-3326: avoid denial of service due to a failed assertion - CVE-2021-43396: check actual stored character in state reset code...

Opencart 3 Extension TMD Vendor System SQL Injection

Exploit Title: Opencart 3 Extension TMD Vendor System - Blind SQL Injection Author: Muhammad Zaki Sulistya [email protected] Date: 03-11-2021 Product: TMD Vendor System Vendor Homepage: https://www.opencartextensions.in/ Software Link:...

CVE-2020-28642

In InfiniteWP Admin Panel before 3.1.12.3, resetPasswordSendMail generates a weak password-reset code, which makes it easier for remote attackers to conduct admin Account Takeover attacks...

CVE-2020-15000

A PIN management problem was discovered on Yubico YubiKey 5 devices 5.2.0 to 5.2.6. OpenPGP has three passwords: Admin PIN, Reset Code, and User PIN. The Reset Code is used to reset the User PIN, but it is disabled by default. A flaw in the implementation of OpenPGP sets the Reset Code to a known...

CVE-2020-15000

A PIN management problem was discovered on Yubico YubiKey 5 devices 5.2.0 to 5.2.6. OpenPGP has three passwords: Admin PIN, Reset Code, and User PIN. The Reset Code is used to reset the User PIN, but it is disabled by default. A flaw in the implementation of OpenPGP sets the Reset Code to a known...

Design/Logic Flaw

A PIN management problem was discovered on Yubico YubiKey 5 devices 5.2.0 to 5.2.6. OpenPGP has three passwords: Admin PIN, Reset Code, and User PIN. The Reset Code is used to reset the User PIN, but it is disabled by default. A flaw in the implementation of OpenPGP sets the Reset Code to a known...

CVE-2020-15000

A PIN management problem was discovered on Yubico YubiKey 5 devices 5.2.0 to 5.2.6. OpenPGP has three passwords: Admin PIN, Reset Code, and User PIN. The Reset Code is used to reset the User PIN, but it is disabled by default. A flaw in the implementation of OpenPGP sets the Reset Code to a known...

CVE-2013-7180

Cobham SAILOR 900 VSAT; SAILOR FleetBroadBand 150, 250, and 500; EXPLORER BGAN; and AVIATOR 200, 300, 350, and 700D devices do not properly restrict password recovery, which allows attackers to obtain administrative privileges by leveraging physical access or terminal access to spoof a reset code...

CVE-2013-7180

Cobham SAILOR 900 VSAT; SAILOR FleetBroadBand 150, 250, and 500; EXPLORER BGAN; and AVIATOR 200, 300, 350, and 700D devices do not properly restrict password recovery, which allows attackers to obtain administrative privileges by leveraging physical access or terminal access to spoof a reset code...

Short Password Reset code vulnerability allows hackers to brute-force many websites

Yesterday we received a vulnerability report in web applications from some unknown Indian Hacker, who explained that how Hackers are hijacking Mobile recharge and Free SMS service related websites. He detailed the loophole in password reset process, that could allow attackers to brute force many...