Tag
#auth
Omdia Principal Analyst Hollie Hennessy says that until a promising new set of regulations around the world comes online, connected device security entails a shared responsibility among consumers, enterprises, and manufacturers.
Gentoo Linux Security Advisory 202411-1 - A vulnerability has been discovered in Neat VNC, which can lead to authentication bypass. Versions greater than or equal to 0.8.1 are affected.
Red Hat Security Advisory 2024-8906-03 - A new release is now available for Red Hat Satellite 6.16 for RHEL 8 and 9. Issues addressed include bypass, denial of service, memory leak, remote SQL injection, and traversal vulnerabilities.
Global Blockchain Scams Surge on BASE and Across Networks, Trugard Labs Reports.
The mobile device maker continues to investigate IntelBroker's claims of another high-profile data breach, with the cybercriminal group posting on BreachForums internal data allegedly stolen from Nokia through a third-party contractor.
UnoPim 0.1.3 and below is vulnerable to Cross Site Scripting (XSS) in the Create User function. The vulnerability allows attackers to perform XSS in SVG file extension, which can be used to stealing cookies.
INTERPOL with global law enforcement and Group-IB, successfully dismantled a vast network of malicious IP addresses and servers.…
### Summary Authentication method confusion allows logging in as the built-in root user from an external service. The built-in root user is generated in a weak manner, cannot be disabled, and has universal access. ### Details Until CodeChecker version 6.24.1 there was an auto-generated super-user account that could not be disabled. The attacker needs to know only the username of the root user. This root user is unconditionally assigned superuser permissions. Which means that if any user via any service logs in with the root user's username, they will unconditionally have superuser permissions on the CodeChecker instance. The name of the user name can be found in `root.user` file in the CodeChecker configuration directory. You can check if you are impacted by checking the existence of this user in the external authentication services (e.g. LDAP, PAM etc.). ### Impact This vulnerability allows an attacker who can create an account on an enabled external authentication service, to l...
### Summary Authentication bypass occurs when the API URL ends with Authentication, Configuration or ServerInfo. This bypass allows superuser access to all API endpoints other than Authentication. These endpoints include the ability to add, edit, and remove products, among others. ### Details All endpoints, apart from the /Authentication is affected by the vulnerability. The vulnerability allows unauthenticated users to access all API functionality. You can look for the following pattern in the logs to check if the vulnerabilty was exploited:  Note that the url starts with v and contains a valid CodeChecker endpoint, but it ends in `Authentication`, `Configuration` or `ServerInfo` and it was made by an `Anonymous` user. ### Impact This authentication bypass allows querying, adding, changing, and deleting Products contained on the CodeChecker server, without authentication, by an anonymous user....
Fixes security vulnerability that allowed for server side code to be executed by a <script> tag ### Impact Consumers of the NPM package `happy-dom` ### Patches The security vulnerability has been patched in v15.10.1 ### Workarounds No easy workarounds to my knowledge ### References [#1585](https://github.com/capricorn86/happy-dom/issues/1585)