Security
Headlines
HeadlinesLatestCVEs

Tag

#auth

Elber Signum DVB-S/S2 IRD For Radio Networks 1.999 Authentication Bypass

The device suffers from an authentication bypass vulnerability through a direct and unauthorized access to the password management functionality. The issue allows attackers to bypass authentication by manipulating the set_pwd endpoint that enables them to overwrite the password of any user within the system. This grants unauthorized and administrative access to protected areas of the application compromising the device's system security.

Zero Science Lab
Open in Source
#vulnerability#auth
Countering Voice Fraud in the Age of AI

Caller ID spoofing and AI voice deepfakes are supercharging phone scams. Fortunately, we have tools that help organizations and people protect themselves against the devious combination.

For Service Accounts, Accountability Is Key to Security

Modern networks teem with machine accounts tasked with simple automated tasks yet given too many privileges and left unmonitored. Resolve that situation and you close an attack vector.

GHSA-82jv-9wjw-pqh6: Prototype pollution in emit function

### Summary A prototype pollution in derby can crash the application, if the application author has atypical HTML templates that feed user input into an object key. Attribute keys are almost always developer-controlled, not end-user-controlled, so this shouldn't be an issue in practice for most applications. ### Details ``` emit(context: Context, target: T) { const node = traverseAndCreate(context.controller, this.segments); node[this.lastSegment] = target; this.addListeners(target, node, this.lastSegment); } ``` The emit() function in src/templates/templates.ts is called without sanitizing the variable `this.lastSegment `. The variable `this.lastSegment ` can be set to `__proto__`, and this will pollute the prototype of Javascipt Object (`node['__proto__'] = target`). ### PoC To reproduce this vulnerability, you can adjust the test case `ignores DOM mutations in components\' create()` in `test/dom/ComponentHarness.mocha.js`. ``` it('ignores DOM mutations in components\' ...

Dangerous ICS Malware Targets Orgs in Russia and Ukraine

"Kapeka" and "Fuxnet" are the latest examples of malware to emerge from the long-standing conflict between the two countries.

Active Kubernetes RCE Attack Relies on Known OpenMetadata Vulns

Once attackers have control over a workload in the cluster, they can leverage access for lateral movement both inside the cluster and to external resources.

GHSA-7fpj-9hr8-28vh: Keycloak vulnerable to impersonation via logout token exchange

Keycloak was found to not properly enforce token types when validating signatures locally. An authenticated attacker could use this flaw to exchange a logout token for an access token and possibly gain access to data outside of enforced permissions.

GHSA-c9h6-v78w-52wj: Keycloak vulnerable to session hijacking via re-authentication

A flaw was found in Keycloak. An active keycloak session can be hijacked by initiating a new authentication (having the query parameter prompt=login) and forcing the user to enter his credentials once again. If the user cancels this re-authentication by clicking Restart login, the account takeover could take place as the new session, with a different SUB, will have the same SID as the previous session.

GHSA-j628-q885-8gr5: Keycloak vulnerable to log Injection during WebAuthn authentication or registration

A flaw was found in keycloak 22.0.5. Errors in browser client during setup/auth with "Security Key login" (WebAuthn) are written into the form, send to Keycloak and logged without escaping allowing log injection. Acknowledgements: Special thanks toTheresa Henze for reporting this issue and helping us improve our security.