32 matches found
[SECURITY] Fedora 44 Update: kf6-kwallet-6.25.0-1.fc44
KWallet is a secure and unified container for user passwords...
GHSA-VFGX-5Q85-58Q3 openssl-encrypt has non-cryptographic PRNG used for steganography pixel selection
Summary The generatepseudorandomsequence function in opensslencrypt/plugins/steganography/core/utils.py at lines 89-91 uses Python's random module Mersenne Twister for steganographic pixel/sample selection. Affected Code python random.seedseed sequence = random.samplerangemaxvalue, minlength,...
openssl-encrypt has non-cryptographic PRNG used for steganography pixel selection
Summary The generatepseudorandomsequence function in opensslencrypt/plugins/steganography/core/utils.py at lines 89-91 uses Python's random module Mersenne Twister for steganographic pixel/sample selection. Affected Code python random.seedseed sequence = random.samplerangemaxvalue, minlength,...
PT-2025-32241 · Unknown · Thinbus-Srp-Npm
Name of the Vulnerable Software and Affected Versions: thinbus-srp-npm versions 2.0.0 and below Description: A protocol compliance bug exists in the Javascript Secure Remote Password implementation, specifically in the client's entropy generation. The client generates a fixed 252 bits of entropy...
One Identity Password Manager 安全漏洞
One Identity Password Manager is a web platform for providing authentication from One Identity, Inc. in the United States. A security vulnerability exists in One Identity Password Manager versions prior to 5.14.4, which stems from a flaw in the security hardening mechanism in the Secure Password...
CVE-2025-27582
The Secure Password extension in One Identity Password Manager before 5.14.4 allows local privilege escalation. The issue arises from a flawed security hardening mechanism within the kiosk browser used to display the Password Self-Service site to end users. Specifically, the application attempts ...
CVE-2020-35567
An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. The software uses a secure password for database access, but this password is shared across instances...
PT-2023-14726 · Bofei · Bofei Dbd+ Application
Name of the Vulnerable Software and Affected Versions: BOFEI DBD+ Application for IOS & Android version 1.4.4 Description: An insecure password reset issue was discovered in the BOFEI DBD+ Application for IOS & Android service due to an insecure expiry mechanism. Recommendations: For version 1.4....
How to share your Wi-Fi password safely
You may not have as many people visiting your home due to the pandemic, but restrictions are a hit-and-miss affair. Its possible your region has opened up a little, and youre seeing folks in your home for the first time in a long time. They may well be bringing new devices to your home, and you m...
Default credentials
The Simple JWT Login WordPress plugin before 3.3.0 can be used to create new WordPress user accounts with a randomly generated password. The password is generated using the strshuffle PHP function that "does not generate cryptographically secure values, and should not be used for cryptographic...
Five Critical Password Security Rules Your Employees Are Ignoring
According to Keeper Security's Workplace Password Malpractice Report, many remote workers aren't following best practices for password security. Password security was a problem even before the advent of widespread remote work. So, what happened post-pandemic? Keeper Security's Workplace Password...
CVE-2020-35567
An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. The software uses a secure password for database access, but this password is shared across instances...
CVE-2020-11968
In the web-panel in IQrouter through 3.3.1, remote attackers can read system logs because of Incorrect Access Control. Note: The vendor claims that this vulnerability can only occur on a brand-new network that, after initiating the forced initial configuration which has a required step for settin...
PT-2020-12958 · Openwrt +1 · Openwrt +1
Name of the Vulnerable Software and Affected Versions: IQrouter versions 3.3.1 and earlier Description: The issue allows remote attackers to control the device, enabling actions such as restarting the network, rebooting, upgrading, or resetting, due to incorrect access control. This issue is...
Programmers Who Don't Understand Security Are Poor at Security
A university study confirmed the obvious: if you pay a random bunch of freelance programmers a small amount of money to write security software, they're not going to do a very good job at it. In an experiment that involved 43 programmers hired via the Freelancer.com platform, University of Bonn...
Unikrn: Rate-limit protection get executed in the last stage of the registration process, allowing enumeration of existing account.
Summary: ====== This may be low risk impact but I need to suggest on improvement on your existing rate-limit protection on the registration page, It is an easy workaround and make the current protection more secure. Description: ======== Unikrn increases the registration security by requiring use...
Tiny SRP Library Buffer Overflow Vulnerability
The Tiny SRP library is a library for secure authentication of small clients or servers. A buffer overflow vulnerability in the Tiny SRP library's handling of the 'username' field allows a remote attacker to submit a special request to crash an application linked to the library...
CVE-2014-9016
The password hashing API in Drupal 7.x before 7.34 and the Secure Password Hashes aka phpass module 6.x-2.x before 6.x-2.1 for Drupal allows remote attackers to cause a denial of service CPU and memory consumption via a crafted request...
Cross site request forgery (csrf)
The password hashing API in Drupal 7.x before 7.34 and the Secure Password Hashes aka phpass module 6.x-2.x before 6.x-2.1 for Drupal allows remote attackers to cause a denial of service CPU and memory consumption via a crafted request...
UBUNTU-CVE-2014-9016
The password hashing API in Drupal 7.x before 7.34 and the Secure Password Hashes aka phpass module 6.x-2.x before 6.x-2.1 for Drupal allows remote attackers to cause a denial of service CPU and memory consumption via a crafted request...