EUVD-2025-208693

Non-working logout functionality in Truesec’s LAPSWebUI before version 2.4 allows an attacker with access to a workstation to escalate their privileges via disclosure of local admin password...

CVE-2025-15554

Browser caching of LAPS passwords in Truesec’s LAPSWebUI before version 2.4 allows an attacker with access to a workstation to escalate their privileges via disclosure of local admin passwords...

CVE-2025-15554 Admin Passwords Cached by Browsers in Truesec LAPSWebUI

Browser caching of LAPS passwords in Truesec’s LAPSWebUI before version 2.4 allows an attacker with access to a workstation to escalate their privileges via disclosure of local admin passwords...

EUVD-2010-0948

Malware in sbrugna...

SUSE CVE-2011-0685

The Delete Private Data feature in Opera before 11.01 does not properly implement the "Clear all email account passwords" option, which might allow physically proximate attackers to access an e-mail account via an unattended workstation...

CVE-2022-31697

The vCenter Server contains an information disclosure vulnerability due to the logging of credentials in plaintext. A malicious actor with access to a workstation that invoked a vCenter Server Appliance ISO operation Install/Upgrade/Migrate/Restore can access plaintext passwords used during that...

CVE-2022-31697

The vCenter Server contains an information disclosure vulnerability due to the logging of credentials in plaintext. A malicious actor with access to a workstation that invoked a vCenter Server Appliance ISO operation Install/Upgrade/Migrate/Restore can access plaintext passwords used during that...

CVE-2020-9403

In PACTware before 4.1 SP6 and 5.x before 5.0.5.31, passwords are stored in a recoverable format, and may be retrieved by any user with access to the PACTware workstation...

CVE-2012-3452

gnome-screensaver 3.4.x before 3.4.4 and 3.5.x before 3.5.4, when multiple screens are used, only locks the screen with the active focus, which allows physically proximate attackers to bypass screen locking and access an unattended workstation...

SAP GUI (SAPGUI) — DLL hijacking

Application: SAP GUI Versions Affected: 6.4 — 7.2 Vendor URL: Bugs: DLL hijacking Exploits: YES Reported: 24.08.2010 Vendor response: 26.08.2010 Date of Public Advisory: 09.03.2011 CVE-number: Author: Alexey Sintsov, Alexandr Polyakov Description SAP Front End applications SAPGui.exe are vulnerab...

CVE-2010-0732

gdk/gdkwindow.c in GTK+ before 2.18.5, as used in gnome-screensaver before 2.28.1, performs implicit paints on windows of type GDKWINDOWFOREIGN, which triggers an X error in certain circumstances and consequently allows physically proximate attackers to bypass screen locking and access an...

CVE-2010-0923

Race condition in workspace/krunner/lock/lockdlg.cc in the KRunner lock module in kdebase in KDE SC 4.4.0 allows physically proximate attackers to bypass KScreenSaver screen locking and access an unattended workstation by pressing the Enter key at a certain time, related to multiple forked...

CVE-2009-4642

gnome-screensaver 2.26.1 relies on the gnome-session D-Bus interface to determine session idle time, even when an Xfce desktop such as Xubuntu or Mythbuntu is used, which allows physically proximate attackers to access an unattended workstation on which screen locking had been intended...

Проблемы с MS ActiveSync (locked workstation access)

Можно получить доступ к заблокированной рабочей станции...

ActiveSync can access a locked workstation w/o unlocking

Microsoft was notified on 3/28/2001, you may use my name when publishing this. I cannot register on your site, so I am trying the general e-mail addresses. Platforms tested: =================================================== Microsoft Windows 2000 Professional build 2195 w/ SP1 Microsoft...