21 matches found
EUVD-2020-26395
Malware in sbrugna...
EUVD-2013-4662
Malware in sbrugna...
EUVD-2022-27846
Malicious code in bioql PyPI...
CVE-2022-22703
In Stormshield SSO Agent 2.x before 2.1.1 and 3.x before 3.0.2, the cleartext user password and PSK are contained in the log file of the .exe installer...
CVE-2024-6593 WatchGuard Firebox Single Sign-On Agent Management Interface Authentication Bypass
Incorrect Authorization vulnerability in WatchGuard Authentication Gateway aka Single Sign-On Agent on Windows allows an attacker with network access to execute restricted management commands. This issue affects Authentication Gateway: through 12.10.2...
SonicWall SSO Agent - Directory Services Connector MSI Local Privilege Escalation Vulnerability
A local privilege escalation vulnerability in SonicWall Directory Services Connector Windows MSI client 4.1.21 and earlier versions allows a local low-privileged user to gain system privileges through running the recovery feature. SonicWall strongly advises SonicWall SSO Agent Directory Services...
K51213246: BIG-IP APM AD authentication vulnerability CVE-2021-23008
Security Advisory Description BIG-IP APM AD Active Directory authentication can be bypassed using a spoofed AS-REP Kerberos Authentication Service Response response sent over a hijacked KDC Kerberos Key Distribution Center connection, or from an AD server compromised by an attacker.CVE-2021-23008...
CVE-2022-22703
In Stormshield SSO Agent 2.x before 2.1.1 and 3.x before 3.0.2, the cleartext user password and PSK are contained in the log file of the .exe installer...
CVE-2022-22703
In Stormshield SSO Agent 2.x before 2.1.1 and 3.x before 3.0.2, the cleartext user password and PSK are contained in the log file of the .exe installer...
CVE-2022-22703
In Stormshield SSO Agent 2.x before 2.1.1 and 3.x before 3.0.2, the cleartext user password and PSK are contained in the log file of the .exe installer...
Default credentials
In Stormshield SSO Agent 2.x before 2.1.1 and 3.x before 3.0.2, the cleartext user password and PSK are contained in the log file of the .exe installer...
CVE-2022-22703
In Stormshield SSO Agent 2.x before 2.1.1 and 3.x before 3.0.2, the cleartext user password and PSK are contained in the log file of the .exe installer...
CVE-2022-22703
Stormshield SSO Agent 2.x (before 2.1.1) and 3.x (before 3.0.2) expose cleartext credentials because their installer .exe log files contain the user password and PSK. Root cause: sensitive data is written to log files during installation; impact is exposure of credentials via local logs. The prov...
CVE-2020-5148
SonicWall SSO-agent default configuration uses NetAPI to probe the associated IP's in the network, this client probing method allows a potential attacker to capture the password hash of the privileged user and potentially forces the SSO Agent to authenticate allowing an attacker to bypass firewal...
Default configuration
SonicWall SSO-agent default configuration uses NetAPI to probe the associated IP's in the network, this client probing method allows a potential attacker to capture the password hash of the privileged user and potentially forces the SSO Agent to authenticate allowing an attacker to bypass firewal...
CVE-2020-5148
SonicWall SSO-agent vulnerability CVE-2020-5148 occurs when NetAPI is used as the client probing method. NetAPI probing can allow an attacker to capture the privileged user’s password hash via NetWkstaUserEnum and may force the SSO-Agent to authenticate, potentially bypassing firewall access cont...
CVE-2020-5148
SonicWall SSO-agent default configuration uses NetAPI to probe the associated IP's in the network, this client probing method allows a potential attacker to capture the password hash of the privileged user and potentially forces the SSO Agent to authenticate allowing an attacker to bypass firewal...
SonicWall SSO-Agent NetAPI Vulnerability allows an attacker to force SSO Agent authentication, potentially leading to firewall access control bypass
SonicWall SSO-agent default configuration uses Microsoft NetAPI to probe the associated IP's in the network, this client probing method allows a potential attacker to capture the password hash of the privileged user and potentially forces the SSO Agent to authenticate allowing an attacker to bypa...
CVE-2013-4817
HP IceWall SSO Agent Option 8.0–10.0 contains an unspecified vulnerability that could allow remote attackers to obtain sensitive information via unknown vectors (CVE-2013-4817). The HP Security Bulletin HPSBGN02925 rev.1 lists CVE-2013-4817 alongside related CVEs affecting IceWall SSO and related...
CVE-2013-4819
HP IceWall SSO vulnerability CVE-2013-4819 affects IceWall SSO Agent Option across 8.0–10.0 (including 8.0 Agent Option variants and 10.0 editions). The NVD description notes remote authenticated access could obtain sensitive information via unknown vectors; CVSSv2 base score 3.5 (LOW). The HP se...