Lucene search
K

35 matches found

Prion
Prion
added 2023/11/24 5:15 p.m.18 views

Privilege escalation

Warpgate is an open source SSH, HTTPS and MySQL bastion host for Linux. In affected versions there is a privilege escalation vulnerability through a non-admin user's account. Limited users can impersonate another user's account if only single-factor authentication is configured. If a user knows a...

6.5CVSS7.7AI score0.00676EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2023/11/24 5:2 p.m.29 views

CVE-2023-48712 User authorization bug leading to privilege escalation in warpgate

Warpgate is an open source SSH, HTTPS and MySQL bastion host for Linux. In affected versions there is a privilege escalation vulnerability through a non-admin user's account. Limited users can impersonate another user's account if only single-factor authentication is configured. If a user knows a...

7.1CVSS8.8AI score0.00676EPSS
Exploits0References4
Cvelist
Cvelist
added 2023/11/24 5:2 p.m.37 views

CVE-2023-48712 User authorization bug leading to privilege escalation in warpgate

Warpgate is an open source SSH, HTTPS and MySQL bastion host for Linux. In affected versions there is a privilege escalation vulnerability through a non-admin user's account. Limited users can impersonate another user's account if only single-factor authentication is configured. If a user knows a...

7.1CVSS9.3AI score0.00676EPSS
Exploits0References2
The Hacker News
The Hacker News
added 2021/09/30 1:49 p.m.50 views

New Azure AD Bug Lets Hackers Brute-Force Passwords Without Getting Caught

Cybersecurity researchers have disclosed an unpatched security vulnerability in the protocol used by Microsoft Azure Active Directory that potential adversaries could abuse to stage undetected brute-force attacks. "This flaw allows threat actors to perform single-factor brute-force attacks agains...

1.1AI score
Exploits0
The Hacker News
The Hacker News
added 2021/08/31 5:33 a.m.31 views

CISA Adds Single-Factor Authentication to the List of Bad Practices

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Monday added single-factor authentication to the short list of "exceptionally risky" cybersecurity practices that could expose critical infrastructure as well as government and the private sector entities to devastating cyberattack...

0.4AI score
Exploits0
CISA
CISA
added 2021/08/30 12:0 a.m.62 views

CISA Adds Single-Factor Authentication to list of Bad Practices

Today, CISA added the use of single-factor authentication for remote or administrative access systems to our Bad Practices list of exceptionally risky cybersecurity practices. Single-factor authentication is a common low-security method of authentication. It only requires matching one factor—such...

7.4AI score
Exploits0References3
CNVD
CNVD
added 2021/07/15 12:0 a.m.5 views

Unspecified Vulnerability in NetIQ Advanced Authentication

NetIQ Advanced Authentication is an application from NetIQ UK. It provides a more secure way to protect your sensitive information by moving away from usernames and passwords. A security vulnerability exists in NetIQ Advanced Authentication that allows the use of single-factor authentication in...

6.5CVSS6.6AI score0.00685EPSS
Exploits0References1
NVD
NVD
added 2021/07/12 11:15 a.m.24 views

CVE-2021-22515

Multi-Factor Authentication MFA functionality can be bypassed, allowing the use of single factor authentication in NetIQ Advanced Authentication versions prior to 6.3 SP4 Patch 1...

6.5CVSS0.00685EPSS
Exploits0References1
Cvelist
Cvelist
added 2021/07/12 10:4 a.m.26 views

CVE-2021-22515 Multi-Factor Authentication (MFA) downgrade exposure in NetIQ Advanced Authentication Server

Multi-Factor Authentication MFA functionality can be bypassed, allowing the use of single factor authentication in NetIQ Advanced Authentication versions prior to 6.3 SP4 Patch 1...

4.8CVSS6.8AI score0.00685EPSS
Exploits0References1
CNNVD
CNNVD
added 2021/07/12 12:0 a.m.6 views

NetIQ Advanced Authentication 安全漏洞

NetIQ Advanced Authentication is an application from NetIQ UK. It provides a more secure way to protect your sensitive information by moving away from usernames and passwords. A security vulnerability exists in NetIQ Advanced Authentication that allows the use of single-factor authentication in...

6.5CVSS5.5AI score0.00685EPSS
Exploits0References2
Krebs on Security
Krebs on Security
added 2017/05/22 8:53 p.m.31 views

Should SaaS Companies Publish Customers Lists?

A few weeks back, HR and financial management firm Workday.com sent a security advisory to customers warning that crooks were sending targeted malware phishing attacks at customers. At the same time, Workday is publishing on its site a list of more than 800 companies that use its services, making...

6.8AI score
Exploits0
Citrix
Citrix
added 2017/01/19 12:0 a.m.7 views

How to Configure NetScaler Gateway and Microsoft Intune (MDM) for Single Factor Authentication

Background The integration of Microsoft Intune with NetScaler Gateway provides best-of-class application access and data protection solution offered by Citrix NetScaler Gateway and Intune. You get the most complete suite of secure productivity apps, including: email calendar contacts note-taking...

7.2AI score
Exploits0
The Hacker News
The Hacker News
added 2016/10/18 7:12 a.m.13 views

Donald Trump's Email Servers are Horribly Insecure — Researcher Reveals

When Hillary Clinton's private email server was hacked earlier this year, she was criticized for her bad security practices that exposed top secret documents stored in emails on that private server. The FBI called her behavior 'extremely careless.' Republican presidential candidate Donald Trump a...

7.3AI score
Exploits0
ThreatPost
ThreatPost
added 2015/01/14 4:0 p.m.14 views

Skeleton Key Malware Bypasses Active Directory Authentication

Enterprise Active Directory administrators need to be on the lookout for anomalous privileged user activity after the discovery of malware capable of bypassing single-factor authentication on AD that was used as part of a larger cyberespionage campaign against a global company based in London...

0.7AI score
Exploits0References2
Duo Security Advisories
Duo Security Advisories
added 2014/10/09 4:0 a.m.502 views

DUO-PSA-2014-006: Duo Product Security Advisory

Duo Product Security Advisory Advisory ID: DUO-PSA-2014-006 Publication Date: 2014-10-09 Revision Date: 2014-10-16 Status: Confirmed, Fixed Document Revision: 2 Overview Duo Security has identified an issue in which it may be possible for users to perform certain actions without completing...

0.6AI score
Exploits0
Rows per page
Query Builder