Microsoft Windows Active Directory LDAPS Authentication Bypass Vulnerability (2630837)

This host is missing a critical security update according to Microsoft Bulletin MS11-086. OpenVAS Vulnerability Test $Id: secpodms11-086.nasl 8276 2018-01-03 12:29:18Z asteins $ Microsoft Windows Active Directory LDAPS Authentication Bypass Vulnerability 2630837 Authors: Madhuri D Copyright:...

Microsoft Windows active directory authentication bypass

Certificate revocation list is not checked on LDAPs access...

Microsoft Windows Active Directory LDAPS Authentication Bypass Vulnerability (2630837)

This host is missing a critical security update according to Microsoft Bulletin MS11-086. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

DSA-2343-1 openssl - CA trust revocation

Bulletin has no description...

CVE-2011-2014

The LDAP over SSL aka LDAPS implementation in Active Directory, Active Directory Application Mode ADAM, and Active Directory Lightweight Directory Service AD LDS in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7...

Authentication flaw

The LDAP over SSL aka LDAPS implementation in Active Directory, Active Directory Application Mode ADAM, and Active Directory Lightweight Directory Service AD LDS in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7...

Microsoft Active Directory LDAPS Authentication Bypass Vulnerability

Description Microsoft Active Directory is prone to an authentication-bypass vulnerability. An attacker can exploit this issue to bypass certain security restrictions by using a revoked certificate. Technologies Affected Avaya Aura Conferencing 6.0 Standard Avaya CallPilot 4.0 Avaya CallPilot 5.0...

PT-2011-3552 · Microsoft · Windows Xp +7

Name of the Vulnerable Software and Affected Versions: Active Directory versions prior to the fixed version Active Directory Application Mode ADAM versions prior to the fixed version Active Directory Lightweight Directory Service AD LDS versions prior to the fixed version Microsoft Windows XP...

Debian DSA-2339-1 : nss - several vulnerabilities

This update to the NSS cryptographic libraries revokes the trust in the'DigiCert Sdn. Bhd' certificate authority. More information can be found in the Mozilla Security Blog. This update also fixes an insecure load path for pkcs11.txt configuration file CVE-2011-3640 . %NASLMINLEVEL 70300 C Tenabl...

Malaysian CA Digicert Revokes Certs With Weak Keys, Mozilla Moves to Revoke Trust

UPDATED–A certificate authority in Malaysia has had to revoke 22 certificates it issued with weak keys and missing extensions. The problem has prompted Mozilla to revoke trust in the intermediate certificate authority from Digicert Sdn. Bhd., and Microsoft said it plans to take the same actions, ...

EFF Data Shows Four CAs Compromised Since June

The EFF, through the use of its SSL Observatory, has taken a look at the data from certificate revocation lists for SSL certificates in recent months, and found that there were four separate CAs compromised in the last four months. The data that the EFF looked at was a summary of the reasons that...

CVE-2011-3227

libsecurity in Apple Mac OS X before 10.7.2 does not properly handle errors during processing of a nonstandard extension in a Certificate Revocation list CRL, which allows remote attackers to execute arbitrary code or cause a denial of service application crash a crafted 1 web site or 2 e-mail...

CVE-2011-3227

libsecurity in Apple Mac OS X before 10.7.2 does not properly handle errors during processing of a nonstandard extension in a Certificate Revocation list CRL, which allows remote attackers to execute arbitrary code or cause a denial of service application crash a crafted 1 web site or 2 e-mail...

[SECURITY] [DSA 2313-1] iceweasel security update

------------------------------------------------------------------------- Debian Security Advisory DSA-2313-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff September 29, 2011 http://www.debian.org/security/faq -...

Dutch Government Sets Sept. 28 Kill Date for DigiNotar Certs

Adobe said on Friday that its products would soon reject certificates issued by the disgraced Dutch certificate authority DigiNotar following the Dutch government’s decision, Friday, to revoke DigiNotar PKIoverheid CA certificates used by government agencies on September 28. The news sets an...

DEBIAN-CVE-2011-3207

crypto/x509/x509vfy.c in OpenSSL 1.0.x before 1.0.0e does not initialize certain structure members, which makes it easier for remote attackers to bypass CRL validation by using a nextUpdate value corresponding to a time in the past...

Debian DSA-2309-1 : openssl - compromised certificate authority

Several fraudulent SSL certificates have been found in the wild issued by the DigiNotar Certificate Authority, obtained through a security compromise of said company. After further updates on this incident, it has been determined that all of DigiNotar's signing certificates can no longer be...

Mozilla Asks Firefox CAs to Audit Security Systems in Wake of DigiNotar Hack

Already having revoked trust in the root certificates issued by DigiNotar, Mozilla is taking steps to avoid having to repeat that process with any other certificate authority trusted by Firefox, asking all of the CAs involved in the root program to conduct audits of their PKIs and verify that...

DigiNotar Hacker Says He Has GlobalSign Database Backups, Other Data

As GlobalSign continues the investigation into the claimed compromise of its CA infrastructure, the attacker who says he breached DigiNotar and Comodo said in another message on Pastebin Wednesday that not only did he hack GlobalSign, but he has the private key used to sign the certificate for th...

Microsoft Revokes Trust in Five DigiNotar Root Certs, Mozilla Drops Trust For Staat der Nederland Certs

The fallout from the DigiNotar compromise continued on Tuesday, as Microsoft said it has now revoked its trust of all five of the certificate authority’s root certificates. The update that makes this change is being pushed out to users on all supported versions of Windows. Mozilla also released n...