10 matches found
CVE-2026-41913
OpenClaw before 2026.4.4 contains a race condition vulnerability in shared-secret authentication that allows concurrent asynchronous requests to bypass the per-key rate-limit budget. Attackers can exploit this by sending multiple simultaneous authentication attempts to circumvent intended...
CVE-2026-41913
OpenClaw before 2026.4.4 contains a race condition in shared-secret authentication that allows concurrent asynchronous requests to bypass the per-key rate-limit budget on Tailscale-capable paths. Attackers can exploit multiple simultaneous authentication attempts to circumvent intended rate-limit...
CVE-2026-41913 OpenClaw < 2026.4.4 - Rate-Limit Bypass via Concurrent Async Authentication Attempts
OpenClaw before 2026.4.4 contains a race condition vulnerability in shared-secret authentication that allows concurrent asynchronous requests to bypass the per-key rate-limit budget. Attackers can exploit this by sending multiple simultaneous authentication attempts to circumvent intended...
CVE-2026-41913
OpenClaw before 2026.4.4 contains a race condition vulnerability in shared-secret authentication that allows concurrent asynchronous requests to bypass the per-key rate-limit budget. Attackers can exploit this by sending multiple simultaneous authentication attempts to circumvent intended...
PT-2026-35795
OpenClaw before 2026.4.4 contains a race condition vulnerability in shared-secret authentication that allows concurrent asynchronous requests to bypass the per-key rate-limit budget. Attackers can exploit this by sending multiple simultaneous authentication attempts to circumvent intended...
This Week in Spring - May 23rd, 2023
Hi, Spring fans! Welcome to another installment of This Week in Spring! It's May 23rd and, famously, nothing major has happened in the last week OH WAIT WE RELEASED SPRING BOOT 3.1! Have you checked it out yet? It's dope. I did a Spring Tips installment looking at some of its features here that y...
CVE-2002-1623
The CVE-2002-1623 entry concerns the Internet Key Exchange (IKE) protocol: when using Aggressive Mode for shared secret authentication, identities are not encrypted during negotiation. This can allow remote attackers to determine valid usernames by monitoring responses before password entry or by...
CVE-2002-1623
The design of the Internet Key Exchange IKE protocol, when using Aggressive Mode for shared secret authentication, does not encrypt initiator or responder identities during negotiation, which may allow remote attackers to determine valid usernames by 1 monitoring responses before the password is...
CVE-2002-1623
The design of the Internet Key Exchange IKE protocol, when using Aggressive Mode for shared secret authentication, does not encrypt initiator or responder identities during negotiation, which may allow remote attackers to determine valid usernames by 1 monitoring responses before the password is...
Internet Key Exchange (IKE) protocol discloses identity when Aggressive Mode shared secret authentication is used
Overview The Internet Key Exchange IKE protocol discloses username information when Aggressive Mode is used for shared secret authentication. Description The Internet Key Exchange IKE protocol provides a negotiation mechanism that allows an initiator to establish an encrypted session with a...