How Does Your AD Password Policy Compare to NIST's Password Recommendations?

End-user passwords are one of the weakest components of your overall security protocols. Most users tend to reuse passwords across work and personal accounts. They may also choose relatively weak passwords that satisfy company password policies but can be easily guessed or brute-forced. Your user...

U.S. Dept Of Defense: IDOR on https://██████ via POST UID enables database scraping

Summary: The UID parameter on █████████ in the ██████ ███████ system, with ███████, does not validate that the caller has permission to view information on the UID entered, thereby enabling personnel and student data extraction. Description: The user operations API endpoint for the ███ ██████████...

PT-2023-13770 · Moodle +1 · Moodle +1

Name of the Vulnerable Software and Affected Versions: Moodle affected versions not specified Description: The issue is related to insufficient limitations in some quiz web services, allowing students to bypass sequential navigation during a quiz attempt. Recommendations: At the moment, there is ...

CVE-2020-1905

Media ContentProvider URIs used for opening attachments in other apps were generated sequentially prior to WhatsApp for Android v2.20.185, which could have allowed a malicious third party app chosen to open the file to guess the URIs for previously opened attachments until the opener app is...

Logitech: IDOR when creating App on [platform.streamlabs.com/api/v1/store/whitelist] with user_id field

Summary: Hi team, There is a IDOR when applying to platform.streamlabs.com after loginning. If you login to platform.streamlabs.com and click Create App. You will see the "apply form". And if you submit it, you will see the userid parameter in JSON data of the apply request. api/v1/store/whitelis...

Automattic: Site-wide CSRF at Atavist

Summary: Hi team, I have a Atavist Magazine account. And there are no CSRF tokens on account settings. For example ; - When changing email there is a user ID but they are sequential : F936597 - Deleting credit card : F936618 - Cancelling subscription :...

[SECURITY] Fedora 31 Update: liblas-1.8.1-5.fc31

libLAS is a C/C++ library for reading and writing the very common LAS LiDAR format. The ASPRS LAS format is a sequential binary format used to store data from LiDAR sensors and by LiDAR processing software for data interchange and archival...

CVE-2014-10400

The session.lua library in CGILua 5.0.x uses sequential session IDs, which makes it easier for remote attackers to predict the session ID and hijack arbitrary sessions. NOTE: this vulnerability was SPLIT from CVE-2014-2875...

CVE-2014-10400

The session.lua library in CGILua 5.0.x uses sequential session IDs, which makes it easier for remote attackers to predict the session ID and hijack arbitrary sessions. NOTE: this vulnerability was SPLIT from CVE-2014-2875...

CVE-2014-10400

The session.lua library in CGILua 5.0.x uses sequential session IDs, which makes it easier for remote attackers to predict the session ID and hijack arbitrary sessions. NOTE: this vulnerability was SPLIT from CVE-2014-2875...

CVE-2013-0342

The CreateID function in packet.py in pyrad before 2.1 uses sequential packet IDs, which makes it easier for remote attackers to spoof packets by predicting the next ID, a different vulnerability than CVE-2013-0294...

DEBIAN-CVE-2013-0342

The CreateID function in packet.py in pyrad before 2.1 uses sequential packet IDs, which makes it easier for remote attackers to spoof packets by predicting the next ID, a different vulnerability than CVE-2013-0294...

UBUNTU-CVE-2013-0342

The CreateID function in packet.py in pyrad before 2.1 uses sequential packet IDs, which makes it easier for remote attackers to spoof packets by predicting the next ID, a different vulnerability than CVE-2013-0294...

Security feature bypass

The CreateID function in packet.py in pyrad before 2.1 uses sequential packet IDs, which makes it easier for remote attackers to spoof packets by predicting the next ID, a different vulnerability than CVE-2013-0294...

PYSEC-2019-154

The CreateID function in packet.py in pyrad before 2.1 uses sequential packet IDs, which makes it easier for remote attackers to spoof packets by predicting the next ID, a different vulnerability than CVE-2013-0294...

PYSEC-2019-154

The CreateID function in packet.py in pyrad before 2.1 uses sequential packet IDs, which makes it easier for remote attackers to spoof packets by predicting the next ID, a different vulnerability than CVE-2013-0294...

CVE-2013-0342

CVE-2013-0342 affects the pyrad library: the CreateID function in packet.py prior to 2.1 uses sequential packet IDs, making it easier for remote attackers to spoof RADIUS packets by predicting the next ID. This vulnerability is described in related sources (e.g., Nessus plugin references) as a se...

CVE-2013-0342

The CreateID function in packet.py in pyrad before 2.1 uses sequential packet IDs, which makes it easier for remote attackers to spoof packets by predicting the next ID, a different vulnerability than CVE-2013-0294...

Why we shouldn’t use sequential booking references

I travel a lot with work. In the last 6 months there have only be 2 weeks where I haven’t been to Heathrow airport. Heathrow isn’t the easiest journey by public transport for me as the PTP HQ is in a field in north Bucks. Hence, I usually end driving to the airport. I’ve been to Heathrow twice th...

First American Financial Corp. Leaked Hundreds of Millions of Title Insurance Records

The Web site for Fortune 500 real estate title insurance giant First American Financial Corp. NYSE:FAF leaked hundreds of millions of documents related to mortgage deals going back to 2003, until notified this week by KrebsOnSecurity. The digitized records -- including bank account numbers and...