16 matches found
EUVD-2019-13414
Malware in sbrugna...
EUVD-2019-13415
Malware in sbrugna...
The vulnerability of the DRIVER of the Information Protection System against unauthorized access—StratOS NT—allows a intruder to gain access to filesystem objects.
The vulnerability of the Data Protection System’s driver for unauthorized access, Strash NT, is related to the lack of access control over file system objects. Exploiting this vulnerability allows a malicious actor, operating locally, to gain access to file system objects by replacing the...
CVE-2019-3783 Cloud Foundry Stratos Deploys With Public Default Session Store Secret
Cloud Foundry Stratos, versions prior to 2.3.0, deploys with a public default session store secret. A malicious user with default session store secret can brute force another user's current Stratos session, and act on behalf of that user...
CVE-2019-3784 Cloud Foundry Stratos contains a Session Collision Vulnerability
Cloud Foundry Stratos, versions prior to 2.3.0, contains an insecure session that can be spoofed. When deployed on cloud foundry with multiple instances using the default embedded SQLite database, a remote authenticated malicious user can switch sessions to another user with the same session id...
CVE-2019-3783
The CVE-2019-3783 entry affects Cloud Foundry Stratos prior to 2.3.0, where a public default session store secret can be brute-forced to hijack another user’s Stratos session and act on their behalf. Root cause: use of a public default session secret in deployed Stratos instances. Impact: attacke...
CVE-2019-3784
CVE-2019-3784 affects Cloud Foundry Stratos prior to version 2.3.0 . The issue is an insecure session that can be spoofed when hosted on Cloud Foundry with multiple instances using the default embedded SQLite database, allowing a remote authenticated attacker to switch sessions to another user sh...
Default configuration
Cloud Foundry Stratos, versions prior to 2.3.0, deploys with a public default session store secret. A malicious user with default session store secret can brute force another user's current Stratos session, and act on behalf of that user...
CVE-2019-3784
Cloud Foundry Stratos, versions prior to 2.3.0, contains an insecure session that can be spoofed. When deployed on cloud foundry with multiple instances using the default embedded SQLite database, a remote authenticated malicious user can switch sessions to another user with the same session id...
CVE-2019-3783
Cloud Foundry Stratos, versions prior to 2.3.0, deploys with a public default session store secret. A malicious user with default session store secret can brute force another user's current Stratos session, and act on behalf of that user...
Design/Logic Flaw
Cloud Foundry Stratos, versions prior to 2.3.0, contains an insecure session that can be spoofed. When deployed on cloud foundry with multiple instances using the default embedded SQLite database, a remote authenticated malicious user can switch sessions to another user with the same session id...
CVE-2019-3784
Cloud Foundry Stratos, versions prior to 2.3.0, contains an insecure session that can be spoofed. When deployed on cloud foundry with multiple instances using the default embedded SQLite database, a remote authenticated malicious user can switch sessions to another user with the same session id...
CVE-2019-3783
Cloud Foundry Stratos, versions prior to 2.3.0, deploys with a public default session store secret. A malicious user with default session store secret can brute force another user's current Stratos session, and act on behalf of that user...
CVE-2019-3783: Stratos Deploys With Public Default Session Store Secret | Cloud Foundry
Severity High Vendor Cloud Foundry Foundation Affected Cloud Foundry Products and Versions Stratos All versions prior to 2.3.0 Description Cloud Foundry Stratos, versions prior to 2.3.0, deploys with a public default session store secret. A malicious user with default session store secret can bru...
CVE-2019-3784: Stratos contains a Session Collision Vulnerability | Cloud Foundry
Severity High Vendor Cloud Foundry Foundation Affected Cloud Foundry Products and Versions Stratos All versions prior to 2.3.0 Description Cloud Foundry Stratos, versions prior to 2.3.0, contains an insecure session that can be spoofed. When deployed on cloud foundry with multiple instances using...
Threat Roundup for October 19 to October 26
Today, Talos is is publishing a glimpse into the most prevalent threats we've observed between Oct. 19 and Oct. 26. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral...