Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-1775: Weak Password Policy in trudesk

Weak Password Requirements in GitHub repository polonel/trudesk prior to 1.2.2.

CVE
Open in Source
#git#docker

Description

I would like to let you know about the password management issue.

Proof of Concept

1- Go to your Profile or https://docker.trudesk.io/profile

2- Give a password as simple as 12345678.

You can see you will be password has been changed and there is no strong enforcement.

Impact

This password can easily be cracked using dictionary attack

Fix:

Use complex password management.

References

  • https://nvd.nist.gov/vuln/detail/CVE-2019-14833

Related news

CVE-2023-28069: DSA-2022-258: Dell Streaming Data Platform Security Update for Multiple Third-Party Component Vulnerabilities

Dell Streaming Data Platform prior to 1.4 contains Open Redirect vulnerability. An attacker with privileges same as a legitimate user can phish the legitimate the user to redirect to malicious website leading to information disclosure and launch of phishing attacks.

CVE-2019-14833: Invalid Bug ID

A flaw was found in Samba, all versions starting samba 4.5.0 before samba 4.9.15, samba 4.10.10, samba 4.11.2, in the way it handles a user password change or a new password for a samba user. The Samba Active Directory Domain Controller can be configured to use a custom script to check for password complexity. This configuration can fail to verify password complexity when non-ASCII characters are used in the password, which could lead to weak passwords being set for samba users, making it vulnerable to dictionary attacks.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE