35 matches found
Privilege escalation
Warpgate is an open source SSH, HTTPS and MySQL bastion host for Linux. In affected versions there is a privilege escalation vulnerability through a non-admin user's account. Limited users can impersonate another user's account if only single-factor authentication is configured. If a user knows a...
CVE-2023-48712 User authorization bug leading to privilege escalation in warpgate
Warpgate is an open source SSH, HTTPS and MySQL bastion host for Linux. In affected versions there is a privilege escalation vulnerability through a non-admin user's account. Limited users can impersonate another user's account if only single-factor authentication is configured. If a user knows a...
CVE-2023-48712 User authorization bug leading to privilege escalation in warpgate
Warpgate is an open source SSH, HTTPS and MySQL bastion host for Linux. In affected versions there is a privilege escalation vulnerability through a non-admin user's account. Limited users can impersonate another user's account if only single-factor authentication is configured. If a user knows a...
New Azure AD Bug Lets Hackers Brute-Force Passwords Without Getting Caught
Cybersecurity researchers have disclosed an unpatched security vulnerability in the protocol used by Microsoft Azure Active Directory that potential adversaries could abuse to stage undetected brute-force attacks. "This flaw allows threat actors to perform single-factor brute-force attacks agains...
CISA Adds Single-Factor Authentication to the List of Bad Practices
The U.S. Cybersecurity and Infrastructure Security Agency CISA on Monday added single-factor authentication to the short list of "exceptionally risky" cybersecurity practices that could expose critical infrastructure as well as government and the private sector entities to devastating cyberattack...
CISA Adds Single-Factor Authentication to list of Bad Practices
Today, CISA added the use of single-factor authentication for remote or administrative access systems to our Bad Practices list of exceptionally risky cybersecurity practices. Single-factor authentication is a common low-security method of authentication. It only requires matching one factor—such...
Unspecified Vulnerability in NetIQ Advanced Authentication
NetIQ Advanced Authentication is an application from NetIQ UK. It provides a more secure way to protect your sensitive information by moving away from usernames and passwords. A security vulnerability exists in NetIQ Advanced Authentication that allows the use of single-factor authentication in...
CVE-2021-22515
Multi-Factor Authentication MFA functionality can be bypassed, allowing the use of single factor authentication in NetIQ Advanced Authentication versions prior to 6.3 SP4 Patch 1...
CVE-2021-22515 Multi-Factor Authentication (MFA) downgrade exposure in NetIQ Advanced Authentication Server
Multi-Factor Authentication MFA functionality can be bypassed, allowing the use of single factor authentication in NetIQ Advanced Authentication versions prior to 6.3 SP4 Patch 1...
NetIQ Advanced Authentication 安全漏洞
NetIQ Advanced Authentication is an application from NetIQ UK. It provides a more secure way to protect your sensitive information by moving away from usernames and passwords. A security vulnerability exists in NetIQ Advanced Authentication that allows the use of single-factor authentication in...
Should SaaS Companies Publish Customers Lists?
A few weeks back, HR and financial management firm Workday.com sent a security advisory to customers warning that crooks were sending targeted malware phishing attacks at customers. At the same time, Workday is publishing on its site a list of more than 800 companies that use its services, making...
How to Configure NetScaler Gateway and Microsoft Intune (MDM) for Single Factor Authentication
Background The integration of Microsoft Intune with NetScaler Gateway provides best-of-class application access and data protection solution offered by Citrix NetScaler Gateway and Intune. You get the most complete suite of secure productivity apps, including: email calendar contacts note-taking...
Donald Trump's Email Servers are Horribly Insecure — Researcher Reveals
When Hillary Clinton's private email server was hacked earlier this year, she was criticized for her bad security practices that exposed top secret documents stored in emails on that private server. The FBI called her behavior 'extremely careless.' Republican presidential candidate Donald Trump a...
Skeleton Key Malware Bypasses Active Directory Authentication
Enterprise Active Directory administrators need to be on the lookout for anomalous privileged user activity after the discovery of malware capable of bypassing single-factor authentication on AD that was used as part of a larger cyberespionage campaign against a global company based in London...
DUO-PSA-2014-006: Duo Product Security Advisory
Duo Product Security Advisory Advisory ID: DUO-PSA-2014-006 Publication Date: 2014-10-09 Revision Date: 2014-10-16 Status: Confirmed, Fixed Document Revision: 2 Overview Duo Security has identified an issue in which it may be possible for users to perform certain actions without completing...