Tanium TanOS 安全漏洞

Tanium TanOS is a proprietary operating system developed by the American company Tanium. Tanium TanOS has a security vulnerability that stems from the insertion of sensitive information into log files. This vulnerability may allow attackers with access to TanOS’ syslog output to obtain the...

EUVD-2016-9069

Malware in sbrugna...

Okta On-Premises Provisioning Agent 日志信息泄露漏洞

Okta On-Premises Provisioning Agent is a software from Okta USA that automates the creation, update and deletion of Otka user accounts in a local environment. A log information disclosure vulnerability exists in Okta On-Premises Provisioning Agent version 2.3.0 and prior versions, which originate...

Cisco AsyncOS 安全漏洞

Cisco AsyncOS is an operating system for Cisco devices from Cisco USA. A security vulnerability exists in Cisco AsyncOS, which stems from a flaw in the password generation algorithm that allows an authenticated, local attacker to generate temporary passwords and gain root privileges...

How to Securely Onboard New Employees Without Sharing Temporary Passwords

The initial onboarding stage is a crucial step for both employees and employers. However, this process often involves the practice of sharing temporary first-day passwords, which can expose organizations to security risks. Traditionally, IT departments have been cornered into either sharing...

Nebari 安全漏洞

Nebari is an open source data science platform from nebari-dev open source. A security vulnerability exists in Nebari version 2024.4.1 and earlier, which stems from allowing the printing of temporary Keycloft root passwords...

GHSA-9V64-447R-WCH6 Moodle Temporary Passwords are Brute Force-able

The generatepassword function in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 does not provide a sufficient number of possible temporary passwords, which allows remote attackers to obtain access via a brute-force attack...

Moodle Temporary Passwords are Brute Force-able

The generatepassword function in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 does not provide a sufficient number of possible temporary passwords, which allows remote attackers to obtain access via a brute-force attack...

AppSec concerns: UUID generation

During static analysis, one of the things the application security team checks for is strong random number generation for security sensitive contexts. We see weaknesses in this space quite often for temporary passwords and session identifiers, but an increasingly common variant is for universally...

CVE-2016-8221

Privilege Escalation in Lenovo XClarity Administrator earlier than 1.2.0, if LXCA is used to manage rack switches or chassis with embedded input/output modules IOMs, certain log files viewable by authenticated users may contain passwords for internal administrative LXCA accounts with temporary...

Design/Logic Flaw

The generatepassword function in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 does not provide a sufficient number of possible temporary passwords, which allows remote attackers to obtain access via a brute-force attack...

CVE-2014-7845

The generatepassword function in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 does not provide a sufficient number of possible temporary passwords, which allows remote attackers to obtain access via a brute-force attack...

Symantec LiveUpdate Administrator Security Bypass (CVE-2014-1644)

A security policy bypass vulnerability exists in Symantec LiveUpdate Administrator. The vulnerability is due to a failure to validate temporary passwords when processing a user account password reset. A remote unauthenticated attacker could exploit this vulnerability by sending a malicious reques...