#auth

StringEqual in TiXmlDeclaration::Parse in tinyxmlparser.cpp in TinyXML through 2.6.2 has a reachable assertion (and application exit) via a crafted XML document with a '\0' located after whitespace.

A vulnerability was found in Thecosy IceCMS 2.0.1. It has been classified as problematic. Affected is an unknown function of the file /login of the component Captcha Handler. The manipulation leads to improper restriction of excessive authentication attempts. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-247884.

### Impact In Nautobot 1.x and 2.0.x, the URLs `/files/get/?name=...` and `/files/download/?name=...` are used to provide admin access to files that have been uploaded as part of a run request for a Job that has FileVar inputs. Under normal operation these files are ephemeral and are deleted once the Job in question runs. It was reported by @kircheneer that in the default implementation used in Nautobot, as provided by `django-db-file-storage`, these URLs do not by default require any user authentication to access; they should instead be restricted to only users who have permissions to view Nautobot's `FileProxy` model instances. Note that no URL mechanism is provided for listing or traversal of the available file `name` values, so in practice an unauthenticated user would have to guess names to discover arbitrary files for download, but if a user knows the file name/path value, they can access it without authenticating, so we are considering this a vulnerability. ### Patches Fi...

### Impact quiche v. 0.15.0 through 0.19.0 was discovered to be vulnerable to unbounded queuing of path validation messages, which could lead to excessive resource consumption. QUIC path validation ([RFC 9000 Section 8.2](https://datatracker.ietf.org/doc/html/rfc9000#section-8.2)) requires that the recipient of a PATH_CHALLENGE frame responds by sending a PATH_RESPONSE. An unauthenticated remote attacker can exploit the vulnerability by sending PATH_CHALLENGE frames and manipulating the connection (e.g. by restricting the peer's congestion window size) so that PATH_RESPONSE frames can only be sent at the slower rate than they are received, leading to storage of path validation data in an unbounded queue. ### Patches Quiche versions greater than 0.19.0 address this problem. ### References [CVE-2023-6193](https://www.cve.org/CVERecord?id=CVE-2023-6193) [RFC 9000 Section 8.2](https://datatracker.ietf.org/doc/html/rfc9000#section-8.2)

### Impact SAP BTP Security Services Integration Library ([Python] sap-xssec) allows under certain conditions an escalation of privileges. On successful exploitation, an unauthenticated attacker can obtain arbitrary permissions within the application. ### Patches Upgrade to patched version >= 4.1.0 We always recommend to upgrade to the latest released version. ### Workarounds No workarounds ### References https://www.cve.org/CVERecord?id=CVE-2023-50423

### Impact SAP BTP Security Services Integration Library ([Golang] github.com/sap/cloud-security-client-go) allows under certain conditions an escalation of privileges. On successful exploitation, an unauthenticated attacker can obtain arbitrary permissions within the application. ### Patches Upgrade to patched version >= 0.17.0 We always recommend to upgrade to the latest released version. ### Workarounds No workarounds ### References https://www.cve.org/CVERecord?id=CVE-2023-50424

### Impact SAP BTP Security Services Integration Library ([Java] cloud-security-services-integration-library) allows under certain conditions an escalation of privileges. On successful exploitation, an unauthenticated attacker can obtain arbitrary permissions within the application. ### Patches Upgrade to patched version >= 2.17.0 or >= 3.3.0 We always recommend to upgrade to the latest released version. ### Workarounds No workarounds ### References https://www.cve.org/CVERecord?id=CVE-2023-50422

Microsoft has warned that adversaries are using OAuth applications as an automation tool to deploy virtual machines (VMs) for cryptocurrency mining and launch phishing attacks. "Threat actors compromise user accounts to create, modify, and grant high privileges to OAuth applications that they can misuse to hide malicious activity," the Microsoft Threat Intelligence team said in an

** UNSUPPORTED WHEN ASSIGNED **An improper authentication vulnerability [CWE-287] in Fortinet FortiWAN version 5.2.0 through 5.2.1 and version 5.1.1 through 5.1.2 may allow an authenticated attacker to escalate his privileges via HTTP or HTTPs requests with crafted JWT token values.

An authentication bypass vulnerability has been found in Repox, which allows a remote user to send a specially crafted POST request, due to the lack of any authentication method, resulting in the alteration or creation of users.