Lucene search
+L

226 matches found

Malwarebytes
Malwarebytes
added 2023/10/19 12:13 p.m.15 views

IT administrators’ passwords are awful too

The key is under the doormat by the front door. The administrator password is "admin". These are easy to remember clues when you are providing entrance to someone you trust. The problem is that they are also enormously easy to guess. It’s where we would expect an unwanted visitor to check first,...

7.3AI score
Exploits0
Krebs on Security
Krebs on Security
added 2023/07/25 9:20 p.m.30 views

Who and What is Behind the Malware Proxy Service SocksEscort?

Researchers this month uncovered a two-year-old Linux-based remote access trojan dubbed AVrecon that enslaves Internet routers into botnet that bilks online advertisers and performs password-spraying attacks. Now new findings reveal that AVrecon is the malware engine behind a 12-year-old service...

7.1AI score
Exploits0
OSV
OSV
added 2023/05/03 10:15 p.m.6 views

CVE-2022-45860

A weak authentication vulnerability CWE-1390 in FortiNAC-F version 7.2.0, FortiNAC version 9.4.2 and below, 9.2 all versions, 9.1 all versions, 8.8 all versions, 8.7 all versions in device registration page may allow an unauthenticated attacker to perform password spraying attacks with an increas...

7.5CVSS5.8AI score0.00488EPSS
Exploits0References1
NVD
NVD
added 2023/05/03 10:15 p.m.27 views

CVE-2022-45860

A weak authentication vulnerability CWE-1390 in FortiNAC-F version 7.2.0, FortiNAC version 9.4.2 and below, 9.2 all versions, 9.1 all versions, 8.8 all versions, 8.7 all versions in device registration page may allow an unauthenticated attacker to perform password spraying attacks with an increas...

7.5CVSS6.2AI score0.00488EPSS
Exploits0References1
Prion
Prion
added 2023/05/03 10:15 p.m.20 views

Authentication flaw

A weak authentication vulnerability CWE-1390 in FortiNAC-F version 7.2.0, FortiNAC version 9.4.2 and below, 9.2 all versions, 9.1 all versions, 8.8 all versions, 8.7 all versions in device registration page may allow an unauthenticated attacker to perform password spraying attacks with an increas...

5CVSS7.7AI score0.00488EPSS
Exploits0References1Affected Software2
CVE
CVE
added 2023/05/03 9:26 p.m.57 views

CVE-2022-45860

The CVE-2022-45860 entry describes a weak authentication vulnerability in FortiNAC-F v7.2.0 and FortiNAC versions 9.4.2 and below, 9.2 and earlier, 9.1 and earlier, 8.8 and earlier, 8.7 and earlier, located in the device registration page. The underlying issue allows an unauthenticated attacker t...

7.5CVSS7.7AI score0.00488EPSS
Exploits0References1Affected Software2
Cvelist
Cvelist
added 2023/05/03 9:26 p.m.32 views

CVE-2022-45860

A weak authentication vulnerability CWE-1390 in FortiNAC-F version 7.2.0, FortiNAC version 9.4.2 and below, 9.2 all versions, 9.1 all versions, 8.8 all versions, 8.7 all versions in device registration page may allow an unauthenticated attacker to perform password spraying attacks with an increas...

5.3CVSS8AI score0.00488EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/05/03 9:26 p.m.17 views

CVE-2022-45860

A weak authentication vulnerability CWE-1390 in FortiNAC-F version 7.2.0, FortiNAC version 9.4.2 and below, 9.2 all versions, 9.1 all versions, 8.8 all versions, 8.7 all versions in device registration page may allow an unauthenticated attacker to perform password spraying attacks with an increas...

5.3CVSS7.4AI score0.00488EPSS
Exploits0References1
Fortinet
Fortinet
added 2023/05/03 12:0 a.m.48 views

FortiNAC - Weak authentication mechanism on device registration page

A weak authentication vulnerability CWE-1390 in FortiNAC device registration page may allow an unauthenticated attacker to perform password spraying attacks with an increased chance of success...

5CVSS7.7AI score0.00488EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2023/01/25 12:0 a.m.27 views

Siemens Desigo PXC and DXR Devices Improper Restriction of Excessive Authentication Attempts (CVE-2022-24044)

A vulnerability has been identified in Desigo DXR2 All versions V01.21.142.5-22, Desigo PXC3 All versions V01.21.142.4-18, Desigo PXC4 All versions V02.20.142.10-10884, Desigo PXC5 All versions V02.20.142.10-10884. The login functionality of the application does not employ any countermeasures...

7.5CVSS7.2AI score0.00844EPSS
Exploits0References3
Kitploit
Kitploit
added 2022/07/07 12:30 a.m.66 views

CrackQL - GraphQL Password Brute-Force And Fuzzing Utility

CrackQL is a GraphQL password brute-force and fuzzing utility. CrackQL is a versatile GraphQL penetration testing tool that exploits poor rate-limit and cost analysis controls to brute-force credentials and fuzz operations. How it works? CrackQL works by automatically batching a single GraphQL...

6.9AI score
Exploits0References4
Kitploit
Kitploit
added 2022/06/21 12:30 p.m.26 views

Msprobe - Finding All Things On-Prem Microsoft For Password Spraying And Enumeration

Finding all things on-prem Microsoft for password spraying and enumeration. The tool will used a list of common subdomains associated with your target apex domain to attempt to discover valid instances of on-prem Microsoft solutions. Screenshots of the tool in action are below: Installing Install...

7.3AI score
Exploits0References6
The Hacker News
The Hacker News
added 2022/05/27 4:14 p.m.25 views

Experts Detail New RCE Vulnerability Affecting Google Chrome Dev Channel

Details have emerged about a recently patched critical remote code execution vulnerability in the V8 JavaScript and WebAssembly engine used in Google Chrome and Chromium-based browsers. The issue relates to a case of use-after-free in the instruction optimization component, successful exploitatio...

1.8AI score
Exploits0
ATTACKERKB
ATTACKERKB
added 2022/05/20 1:15 p.m.3 views

CVE-2022-24044

A vulnerability has been identified in Desigo DXR2 All versions V01.21.142.5-22, Desigo PXC3 All versions V01.21.142.4-18, Desigo PXC4 All versions V02.20.142.10-10884, Desigo PXC5 All versions V02.20.142.10-10884. The login functionality of the application does not employ any countermeasures...

7.5CVSS5.5AI score0.00844EPSS
Exploits0References2
NVD
NVD
added 2022/05/20 1:15 p.m.23 views

CVE-2022-24044

A vulnerability has been identified in Desigo DXR2 All versions V01.21.142.5-22, Desigo PXC3 All versions V01.21.142.4-18, Desigo PXC4 All versions V02.20.142.10-10884, Desigo PXC5 All versions V02.20.142.10-10884. The login functionality of the application does not employ any countermeasures...

7.5CVSS0.00844EPSS
Exploits0References1
OSV
OSV
added 2022/05/20 1:15 p.m.6 views

CVE-2022-24044

A vulnerability has been identified in Desigo DXR2 All versions V01.21.142.5-22, Desigo PXC3 All versions V01.21.142.4-18, Desigo PXC4 All versions V02.20.142.10-10884, Desigo PXC5 All versions V02.20.142.10-10884. The login functionality of the application does not employ any countermeasures...

7.5CVSS5.7AI score0.00844EPSS
Exploits0References1
Prion
Prion
added 2022/05/20 1:15 p.m.14 views

Design/Logic Flaw

A vulnerability has been identified in Desigo DXR2 All versions V01.21.142.5-22, Desigo PXC3 All versions V01.21.142.4-18, Desigo PXC4 All versions V02.20.142.10-10884, Desigo PXC5 All versions V02.20.142.10-10884. The login functionality of the application does not employ any countermeasures...

5CVSS7.5AI score0.00844EPSS
Exploits0References1Affected Software4
Kitploit
Kitploit
added 2022/05/12 12:30 p.m.31 views

SSOh-No - User Enumeration And Password Spraying Tool For Testing Azure AD

This tool is designed to enumerate users, password spray and perform brute force attacks against any organisation that utilises Azure AD or O365. Generally, this endpoint provides extremely verbose errors which can be leveraged to enumerate users and validate their passwords via brute...

7.5AI score
Exploits0References1
Cvelist
Cvelist
added 2022/05/10 9:46 a.m.19 views

CVE-2022-24044

A vulnerability has been identified in Desigo DXR2 All versions V01.21.142.5-22, Desigo PXC3 All versions V01.21.142.4-18, Desigo PXC4 All versions V02.20.142.10-10884, Desigo PXC5 All versions V02.20.142.10-10884. The login functionality of the application does not employ any countermeasures...

7.5AI score0.00844EPSS
Exploits0References1
CVE
CVE
added 2022/05/10 9:46 a.m.71 views

CVE-2022-24044

The CVE-2022-24044 entry affects Siemens Desigo DXR2, PXC3, PXC4 and PXC5 controllers. Root cause: the login functionality lacks protection against Password Spraying/Credential Stuffing, enabling an attacker to enumerate valid usernames and then perform targeted login attempts to gain access to a...

7.5CVSS7.2AI score0.00844EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder