133 matches found
Unencrypted storage of client side sessions
Impact The default configuration of client side sessions results in unencrypted, but signed, data being set as cookie values. This means that if something sensitive goes into the session, it could be read by something with access to the cookies. Note: the documentation does point this out and...
CVE-2021-29481
Ratpack is a toolkit for creating web applications. In versions prior to 1.9.0, the default configuration of client side sessions results in unencrypted, but signed, data being set as cookie values. This means that if something sensitive goes into the session, it could be read by something with...
CVE-2021-28128
Strapi up to version 3.6.0 contains an auth weakness in the admin panel: a user can change their own password without entering the current one. If an attacker gains any valid session, they can take over the account by changing the password. This aligns with the CVSS3.1/8.1 (HIGH) impact noted in ...
Session fixation
SolarWinds N-central through 2020.1 allows session hijacking and requires user interaction or physical access. The N-Central JSESSIONID cookie attribute is not checked against multiple sources such as sourceip, MFA claim, etc. as long as the victim stays logged in within N-Central. To take...
Security guidance for remote desktop adoption
As the volume of remote workers quickly increased over the past two to three months, the IT teams in many companies scrambled to figure out how their infrastructures and technologies would be able to handle the increase in remote connections. Many companies were forced to enhance their capabiliti...
Intel Raid Web Console 3 add server denial-of-service vulnerability
Summary A remote, exploitable denial-of-service vulnerability exists in the web API functionality of Intel Raid Web Console 3. A specially crafted request can lead to a null pointer dereference in the Intel Raid Web Console server. This would result in a denial of service until the user restarts...
CVE-2018-2021
IBM QRadar SIEM 7.2 and 7.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 155345...
Authentication flaw
The ABB IDAL HTTP server CGI interface contains a URL that allows an unauthenticated attacker to bypass authentication and gain access to privileged functions. Specifically, /cgi/loginDefaultUser creates a session in an authenticated state and returns the session ID along with what may be the...
systemd - Lack of Seat Verification in PAM Module Permits Spoofing Active Session to polkit
systemd - Lack of Seat Verification in PAM Module Permits Spoofing Active Session to polkit As documented at , for any action, a polkit policy can specify separate levels of required authentication based on whether a client is: - in an active session on a local console - in an inactive session on...
Open-Xchange: No session expiry after log-out and session id exposed in URL
Hi, There is no session expiry after log-out which can help an attacker to take-over the full account by reusing it. The JSESSIONID which is vulnerable can be used unlimited times even after the password change. The server will keep on creating an unlimited number of sessions after each log-in...
BSA-2018-736
Security Advisory ID : BSA-2018-736 Component : Fabric OS WebGui Revision : 1.0: Initial The Web management interface of Brocade Fabric OS doesn’t send cookies with secure flag.This could allow attackers to intercept or manipulate a victim user's session ID. Affected Products Brocade Fabric OS...
Microsoft Windows: Network security: LAN Manager authentication level
This security setting determines which challenge/response authentication protocol is used for network logons. This choice affects the level of authentication protocol used by clients, the level of session security negotiated, and the level of authentication accepted by servers as follows: - Send ...
Fedora 23 : php (2016-0729e59542)
13 Oct 2016 - PHP version 5.6.27 Core: - Fixed bug php73025 Heap Buffer Overflow in virtualpopen of zendvirtualcwd.c. cmb - Fixed bug php73058 crypt broken when salt is 'too' long. Anatol - Fixed bug php72703 Out of bounds global memory read in BFcrypt triggered by passwordverify. Anatol - Fixed...
tomcat: Session fixation
A session fixation flaw was found in the way Tomcat recycled the requestedSessionSSL field. If at least one web application was configured to use the SSL session ID as the HTTP session ID, an attacker could reuse a previously used session ID for further requests...
Ignite Realtime Openfire group-summary.jsp Cross-Site Scripting (CVE-2015-6972)
A cross-site scripting vulnerability has been reported in Ignite Realtime Openfire Server. The vulnerability is due to insufficient validation of the "search" parameter within the group-summary.jsp page. By convincing an authenticated user to visit a malicious website, a remote attacker can explo...
Imgur: "Sign me out everywhere" does not work for desktop sessions
An account option that allowed users to sign out everywhere was found to not be functioning properly. A user selecting this option was not signed out. A fix has been rolled out to update session security as a result of this report...
WSS is the latest version of any user of the password reset(official demo demo-the vulnerability warning-the black bar safety net
WSS latest version of the design flaws lead to arbitrary user password reset, including the administrator 文件 usereditpassword.php code area ? php $editFormAction = $SERVER'PHPSELF'; if isset$SERVER'QUERYSTRING' $editFormAction .= "?" . htmlentities$SERVER'QUERYSTRING'; $password = "-1"; if...
CVE-2014-3853
Pyplate 0.08 does not set the secure flag for the id cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session...
CVE-2013-4259
runner/connectionplugins/ssh.py in Ansible before 1.2.3, when using ControlPersist, allows local users to redirect a ssh session via a symlink attack on a socket file with a predictable name in /tmp/...
Mac OS X 10.8 < 10.8.4 Multiple Vulnerabilities (Security Update 2013-002)
Binary data 6857.prm...