PYSEC-2022-210

An issue was discovered in SaltStack Salt in versions before 3002.9, 3003.5, 3004.2. PAM auth fails to reject locked accounts, which allows a previously authorized user whose account is locked still run Salt commands when their account is locked. This affects both local shell accounts with an...

Hardcoded credentials

Xerox ColorCube and WorkCenter devices in 2013 had hardcoded FTP and shell user accounts...

CVE-2017-6781

A vulnerability in the management of shell user accounts for Cisco Policy Suite CPS Software for CPS appliances could allow an authenticated, local attacker to gain elevated privileges on an affected system. The affected privilege level is not at the root level. The vulnerability is due to...

DreamHost Warns of Attack, Forces Customer Password Changes

Attackers were able to compromise a database at DreamHost, a large hosting provider, late last week and the company is forcing all of its customers to change their passwords for their FTP and shell accounts as a precautionary measure. DreamHost did not provide many details about what happened in...