459 matches found
Authentication flaw
A vulnerability in Web Authentication WebAuth clients for the Cisco Wireless LAN Controller WLC and Aironet Access Points running Cisco IOS Software could allow an unauthenticated, adjacent attacker to bypass authentication and pass traffic. The vulnerability is due to incorrect implementation of...
CVE-2018-0250
A vulnerability in Central Web Authentication CWA with FlexConnect Access Points APs for Cisco Aironet 1560, 1810, 1810w, 1815, 1830, 1850, 2800, and 3800 Series APs could allow an authenticated, adjacent attacker to bypass a configured FlexConnect access control list ACL. The vulnerability is du...
CVE-2018-0247
A vulnerability in Web Authentication WebAuth clients for the Cisco Wireless LAN Controller WLC and Aironet Access Points running Cisco IOS Software could allow an unauthenticated, adjacent attacker to bypass authentication and pass traffic. The vulnerability is due to incorrect implementation of...
CVE-2018-0250
A vulnerability in Central Web Authentication CWA with FlexConnect Access Points APs for Cisco Aironet 1560, 1810, 1810w, 1815, 1830, 1850, 2800, and 3800 Series APs could allow an authenticated, adjacent attacker to bypass a configured FlexConnect access control list ACL. The vulnerability is du...
CVE-2018-0247
The CVE-2018-0247 entry describes an authentication bypass in Web Authentication (WebAuth) clients used by Cisco IOS on Cisco Aironet Access Points and Wireless LAN Controllers (WLCs). Affected configurations require: AP in FlexConnect NAT mode, WLAN in central switching (unique IP per client), A...
CVE-2018-0247
A vulnerability in Web Authentication WebAuth clients for the Cisco Wireless LAN Controller WLC and Aironet Access Points running Cisco IOS Software could allow an unauthenticated, adjacent attacker to bypass authentication and pass traffic. The vulnerability is due to incorrect implementation of...
Cisco Aironet Access Points Central Web Authentication FlexConnect Client ACL Bypass Vulnerability
A vulnerability in Central Web Authentication CWA with FlexConnect Access Points APs for Cisco Aironet 1560, 1810, 1810w, 1815, 1830, 1850, 2800, and 3800 Series APs could allow an authenticated, adjacent attacker to bypass a configured FlexConnect access control list ACL. The vulnerability is du...
Secure Web with PAC File unable to authenticate fails with http 407 error
While evaluating XenMobile with Secure Web with PAC File,Webproxy after reading the PAC file request Authentication, but it seems that Secure Web does not provide authentication. Therefore we get an Authentication failure from the Webproxy on the webpage of the Proxy within Secure Web. MDX Settin...
UBUNTU-CVE-2018-5113
The "browser.identity.launchWebAuthFlow" function of WebExtensions is only allowed to load content over "https:" but this requirement was not properly enforced. This can potentially allow privileged pages to be loaded by the extension. This vulnerability affects Firefox 58...
OpenJDK: use of global credentials for HTTP/SPNEGO (JGSS, 8186600)
The JGSS component of OpenJDK ignores the value of the javax.security.auth.useSubjectCredsOnly property when using HTTP/SPNEGO authentication and always uses global credentials. It was discovered that this could cause global credentials to be unexpectedly used by an untrusted Java application...
Stack overflow
Stack-based buffer overflow in the ejupdatevariables function in router/httpd/web.c on ASUS routers when using software from https://github.com/RMerl/asuswrt-merlin allows web authenticated attackers to execute code via a request that updates a setting. In ejupdatevariables, the length of the...
CVE-2018-5721
Stack-based buffer overflow in the ejupdatevariables function in router/httpd/web.c on ASUS routers when using software from https://github.com/RMerl/asuswrt-merlin allows web authenticated attackers to execute code via a request that updates a setting. In ejupdatevariables, the length of the...
CVE-2018-5721
Stack-based buffer overflow in the ejupdatevariables function in router/httpd/web.c on ASUS routers when using software from https://github.com/RMerl/asuswrt-merlin allows web authenticated attackers to execute code via a request that updates a setting. In ejupdatevariables, the length of the...
CVE-2017-16743
An Improper Authorization issue was discovered in PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, and 48xxx Series products running firmware Version 1.0 to 1.32. A remote unauthenticated attacker may be able to craft special HTTP requests allowing an attacker to bypass web-service authentication allowing t...
Authentication flaw
authlogin.php in Cacti before 1.0.0 allows remote authenticated users who use web authentication to bypass intended access restrictions by logging in as a user not in the cacti database, because the guest user is not considered. NOTE: this vulnerability exists because of an incomplete fix for...
CVE-2016-10700
authlogin.php in Cacti before 1.0.0 allows remote authenticated users who use web authentication to bypass intended access restrictions by logging in as a user not in the cacti database, because the guest user is not considered. NOTE: this vulnerability exists because of an incomplete fix for...
CVE-2016-10700
authlogin.php in Cacti before 1.0.0 allows remote authenticated users who use web authentication to bypass intended access restrictions by logging in as a user not in the cacti database, because the guest user is not considered. NOTE: this vulnerability exists because of an incomplete fix for...
CVE-2016-10700
authlogin.php in Cacti before 1.0.0 allows remote authenticated users who use web authentication to bypass intended access restrictions by logging in as a user not in the cacti database, because the guest user is not considered. NOTE: this vulnerability exists because of an incomplete fix for...
CVE-2016-10700
CVE-2016-10700 affects Cacti prior to 1.0.0, where auth_login.php lets remote authenticated users bypass access restrictions by logging in as a non-existent user (guest not counted), tied to an incomplete fix for CVE-2016-2313. Public sources in connected documents confirm the vulnerability and n...
CVE-2016-10700
authlogin.php in Cacti before 1.0.0 allows remote authenticated users who use web authentication to bypass intended access restrictions by logging in as a user not in the cacti database, because the guest user is not considered. NOTE: this vulnerability exists because of an incomplete fix for...