Security
Headlines
HeadlinesLatestCVEs

Tag

#auth

1Kosmos Unifies Identity Verification User Journeys Across Web and Mobile Platforms

DARKReading
Open in Source
#web#git#auth#ssl
Many major websites allow users to have weak passwords

A new study that looked at the password requirements of the most popular websites came to a disappointing but not surprising conclusion.

How a Teenage Saudi Hacker Went From Lockpicking to Ransomware

Black Hat speaker and 13-year-old ethical hacker Marco Liberale talks about his interest in cybersecurity, and what opportunities he has in Saudi Arabia.

GHSA-rvx8-p3xp-fj3p: October CMS stored XSS by authenticated backend user with improper configuration

### Impact A user with access to the media manager that stores SVG files could create a stored XSS attack against themselves and any other user with access to the media manager when SVG files are supported. SVG files are supported by default in v3 for convenience; however, this has resulted in multiple mistaken vulnerability reports from security researchers. As per the documentation, if a backend user is not trusted, the advice is to remove the `svg` extension from the list of supported file types. ### Patches The issue has been patched in v3.5.2 by including an SVG sanister. It is enabled by default for new installations but must be enabled for existing sites in the **config/media.php** file. ``` 'clean_vectors' => true, ``` ### Workarounds If you cannot upgrade for this patch, follow the pervious advice and remove `svg` from the supported file types. ### References - https://github.com/octobercms/october/blob/3.x/config/media.php Credits to: - Faris Krivic - Okan Kurtulus ...

GHSA-p8q3-h652-65vx: October CMS safe mode bypass using Twig sandbox escape

### Impact An authenticated backend user with the `editor.cms_pages`, `editor.cms_layouts`, or `editor.cms_partials` permissions who would normally not be permitted to provide PHP code to be executed by the CMS due to `cms.safe_mode` being enabled can write specific Twig code to escape the Twig sandbox and execute arbitrary PHP. This is not a problem for anyone who trusts their users with those permissions to usually write and manage PHP within the CMS by not having `cms.safe_mode` enabled. Still, it would be a problem for anyone relying on `cms.safe_mode` to ensure that users with those permissions in production do not have access to write and execute arbitrary PHP. ### Patches This issue has been patched in v3.4.15. ### Workarounds As a workaround, remove the specified permissions from untrusted users. ### References Credits to: - [Vasiliy Bodrov](https://github.com/whatev3n) ### For more information If you have any questions or comments about this advisory: * Email us at [h...

GHSA-q22j-5r3g-9hmh: October CMS safe mode bypass using Page template injection

### Impact An authenticated backend user with the `editor.cms_pages`, `editor.cms_layouts`, or `editor.cms_partials` permissions who would normally not be permitted to provide PHP code to be executed by the CMS due to `cms.safe_mode` being enabled can craft a special request to include PHP code in the CMS template. This is not a problem for anyone who trusts their users with those permissions to usually write & manage PHP within the CMS by not having `cms.safe_mode` enabled. Still, it would be a problem for anyone relying on `cms.safe_mode` to ensure that users with those permissions in production do not have access to write and execute arbitrary PHP. ### Patches This issue has been patched in v3.4.15. ### Workarounds As a workaround, remove the specified permissions from untrusted users. ### References Credits to: - [Vasiliy Bodrov](https://github.com/whatev3n) ### For more information If you have any questions or comments about this advisory: * Email us at [hello@octobercms....

GHSA-2wmj-46rj-qm2w: ZITADEL Account Takeover via Malicious Host Header Injection

### Impact ZITADEL uses the notification triggering requests Forwarded or X-Forwarded-Host header to build the button link sent in emails for confirming a password reset with the emailed code. If this header is overwritten and a user clicks the link to a malicious site in the email, the secret code can be retrieved and used to reset the users password and take over his account. Accounts with MFA or Passwordless enabled can not be taken over by this attack. ### Patches The patched ZITADEL versions verify, that the auth requests instance is retrieved by the requests original domain (from the Forwarded or X-Forwarded-Host headers if available). If the instance can't be found using the original host or the auth request can't be found within that instance, ZITADEL throws an error. 2.x versions are fixed on >= [2.41.6](https://github.com/zitadel/zitadel/releases/tag/v2.41.6) 2.40.x versions are fixed on >= [2.40.10](https://github.com/zitadel/zitadel/releases/tag/v2.40.10) 2.39.x versio...

Cyberattack on Pennsylvania Water Authority Disrupts OT Gear

The booster station shut off its automated system and moved to a manual system once the alarms sounded the breach.

Zoom Vulnerability Allowed Hackers to Take Over Meetings, Steal Data

By Waqas A critical Zoom Room vulnerability allowed exploiting service accounts for unauthorized tenant access. This is a post from HackRead.com Read the original post: Zoom Vulnerability Allowed Hackers to Take Over Meetings, Steal Data

Google Patches Another Chrome Zero-Day as Browser Attacks Mount

The vulnerability is among a rapidly growing number of zero-day bugs that major browser vendors have reported recently.