#auth

pgAdmin 4 uses a file-based session management approach. The session files are saved on disk as pickle objects. When a user performs a request, the value of the session cookie 'pga4_session' is used to retrieve the file, then its content is deserialised, and finally its signature verified. The cookie value is split in 2 parts at the first '!' character. The first part is the session ID (sid), while the second is the session digest. The vulnerability lies in versions of pgAdmin prior to 8.4 where a method loads session files by concatenating the sessions folder - located inside the pgAdmin 4 DATA_DIR - with the session ID. Precisely, the two values are concatenated using the ['os.path.join'] function. It does not set a trusted base-path which should not be escaped

It’s important to be vigilant about tax-related scams any time these deadlines roll around, regardless of what country you’re in, but it’s not like you need to be particularly more skeptical in March and April.

By Deeba Ahmed In June 2023, Xplain, a Swiss IT services provider, fell victim to a cyberattack claimed by the Play ransomware group. This is a post from HackRead.com Read the original post: Xplain Hack Aftermath: Play Ransomware Leaks Sensitive Swiss Government Data

By cyberwire Badge Launches Partner Program to Expand Availability of its Privacy-Enhancing “Enroll Once and Authenticate on Any Device” Software. This is a post from HackRead.com Read the original post: Badge Launches Partner Program for ‘Enroll Once and Authenticate Any Device’ Software

We discuss three of the most common post-compromise tactics that Talos has observed in our threat telemetry and Cisco Talos Incident Response (Talos IR) engagements. These include modifying the device’s firmware, uploading customized/weaponized firmware, and bypassing security measures.

FullCourt Enterprise version 8.2 suffers from multiple cross site scripting vulnerabilities.

NDtaskmatic version 1.0 suffers from a remote SQL injection vulnerability.

GliNet with firmware version 4.x suffers from an authentication bypass vulnerability. Other firmware versions may also be affected.

By Deeba Ahmed Tycoon and Storm-1575 threat actors launched targeted spear phishing attacks to bypass MFA protections, targeting officials at large US school districts. This is a post from HackRead.com Read the original post: Tycoon and Storm-1575 Linked to Phishing Attacks on US Schools

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.1 ATTENTION: Exploitable remotely/low attack complexity Vendor: Chirp Systems Equipment: Chirp Access Vulnerability: Use of Hard-coded Credentials 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to take control and gain unrestricted physical access to systems using the affected product. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Chirp Systems are affected: Chirp Access: All Versions 3.2 Vulnerability Overview 3.2.1 USE OF HARD-CODED CREDENTIALS CWE-798 Chirp Access improperly stores credentials within its source code, potentially exposing sensitive information to unauthorized access. CVE-2024-2197 has been assigned to this vulnerability. A CVSS v3.1 base score of 9.1 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N). 3.3 BACKGROUND CRITICAL INFRASTRUCTURE SECTORS: Commercial Facilities Sector COUNTRIES/AREAS DEPLOYED: Worldwide COMPANY HEADQUARTERS LOCATION...