<< Previous Next >>
authentication
TFTP Information Disclosure
An information disclosure vulnerability exists within Cisco
TelePresence endpoint devices that could allow an unauthenticated,
remote attacker to retrieve sensitive authentication and
configuration information. The attacker would need to have the
ability to submit a TFTP GET request via UDP port 69 to the affected
device.
Because the vulnerability is within a UDP based service, the attacker
Advisory: Authentication Bypass in Configuration Import and Export of
ZyXEL ZyWALL USG Appliances
Unauthenticated users with access to the management web interface of
certain ZyXEL ZyWALL USG appliances can download and upload
configuration files, that are applied automatically.
Details
=======
Vulnerability Details
---------------------
As with many modern browsers, Google Chrome implements a password manager to
help users keep track of credentials used on various web sites. It may be used
to store either HTTP authentication credentials or form-based credentials.
The vulnerability surfaces in a situation where a user visits a web page which
includes an embedded object, such as an image, from a third-party site. If an
attacker had control of the third-party web server, he could request credentials
from the user via HTTP authentication. This style of attack has been documented
* CSCsj80609 - Memory Leak Due to TCPFUZZ on Port 2444 (CTLProvider)
CVSS Base Score - 7.8
Access Vector - Network
Access Complexity - Low
Authentication - None
Confidentiality Impact - None
Integrity Impact - None
Availability Impact - Complete
CVSS Temporal Score - 6.4
* CSCsj80609 - Memory Leak Due to TCPFUZZ on Port 2444 (CTLProvider)
CVSS Base Score - 7.8
Access Vector - Network
Access Complexity - Low
Authentication - None
Confidentiality Impact - None
Integrity Impact - None
Availability Impact - Complete
CVSS Temporal Score - 6.4
CSCsj74818 - DNS Response Parsing Stack Overflow
CVSS Base Score - 10.0
Access Vector - Network
Access Complexity - Low
Authentication - None
Confidentiality Impact - Complete
Integrity Impact - Complete
Availability Impact - Complete
CVSS Temporal Score - 8.3
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Cisco Security Advisory: Cisco Video Surveillance IP Gateway and
Services Platform Authentication Vulnerabilities
Advisory ID: cisco-sa-20070905-video
http://www.cisco.com/warp/public/707/cisco-sa-20070905-video.shtml
administrators.
For the administration of the server the same tcp/ip ports are used for the
registration of the out of office call center agents.
In addition there is no real authentication taking place. A tool called
"Tsa_Maintainance.exe" that ships with the product, can be used to view the
debugging functions and status of the call center without any
authentication.
This way every call center agent can monitor the entire call-center,
co-workers, can trace lines, deregister lines, etc...
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Pandora FMS Authentication Bypass and Multiple Input Validation
Vulnerabilities
CVE IDs in this security advisory:
1) Authentication bypass - CVE-2010-4279
2) OS Command Injection - CVE-2010-4278
* CSCtf42005 - Unauthenticated Java Servlet Access
CVSS Base Score - 10
Access Vector - Network
Access Complexity - Low
Authentication - None
Confidentiality Impact - Complete
Integrity Impact - Complete
Availability Impact - Complete
CVSS Temporal Score - 8.3
* CSCtf42008 - Unauthenticated Java Servlet Access
CVSS Base Score - 10
Access Vector - Network
Access Complexity - Low
Authentication - None
Confidentiality Impact - Complete
Integrity Impact - Complete
Availability Impact - Complete
CVSS Temporal Score - 8.3
Unauthorized information access
+------------------------------
A malicious user could read one of the system configuration files.
This configuration file contains user accounts details, including
passwords. Authentication is not required to read this configuration
file and an attacker could perform this attack over either XML RPC or
XML RPC over HTTPS protocol.
* CSCtb83512 ( registered customers only) has been assigned CVE
identifier CVE-2010-0600.
The only ArubaOS component that seems affected by this issue is the
HTTPS WebUI administration interface. ArubaOS is vulnerable only if its
configuration permits WebUI administration interface clients to connect
using either username/password or client certificates. If only one of
the two authentication method is allowed, this issue does not seem to apply.
Check if the following line appears in your configuration:
web-server mgmt-auth username/password certificate
This vulnerability is documented in Cisco Bug IDs CSCtc59231
and CSCtd40661 and has been assigned CVE ID CVE-2010-0140.
User and Password Enumeration in Cisco MeetingTime
The MeetingTime authentication sequence consists of a series of
packets that are transmitted between the client and the Cisco Meeting
Place Audio Server over TCP port 5001. An attacker may be able to
alter the authentication sequence to access sensitive information in
the user database including usernames and passwords.
To determine if SSH is enabled use the "show ip ssh" command, as shown
in the following example:
Router#show ip ssh
SSH Enabled - version 1.99
Authentication timeout: 120 secs; Authentication retries: 3
Minimum expected Diffie Hellman key size : 1024 bits
To determine if the IKE encrypted nonces feature is enabled, use the
"show running-config | include rsa-encr" command as follows:
#
# Product: Snom VoIP/SIP Phones (Snom300, Snom320, Snom360,
# Snom370, Snom820)
# Vendor: snom technology AG
# CVD ID: CVE-2009-1048
# Subject: Authentication Bypass of Snom Phone Web Interface
# Risk: High
# Effect: Remote
# Author: Walter Sprenger
# Date: August 13, 2009
#
>
> Gmail implements a great number of security controls and, most of them
> are not revealed until an attack is conducted or a malicious use of
> the account is done. For example:
> - Use of catpcha for avoiding automated processes (e.g., in the users
> authentication or in the new users sign up).
> - Temporary IP locking in case of detecting unusual application
> activities (e.g., multiple new account creation requests)
> - Temporary account locking in case of detecting unusual use of the
> user account (e.g., when doing multiple consecutive request to the
> same resource).
Gmail implements a great number of security controls and, most of them
are not revealed until an attack is conducted or a malicious use of
the account is done. For example:
- Use of catpcha for avoiding automated processes (e.g., in the users
authentication or in the new users sign up).
- Temporary IP locking in case of detecting unusual application
activities (e.g., multiple new account creation requests)
- Temporary account locking in case of detecting unusual use of the
user account (e.g., when doing multiple consecutive request to the
same resource).
have been assigned the following Common Vulnerabilities and Exposures
(CVE) identifiers:
* CSCsq44516 - CVE-2009-0058
Web authentication is a Layer 3 security feature that causes the
controller to drop IP traffic (except DHCP and DNS related packets)
from a particular client until that client has correctly supplied
a valid username and password. An attacker may use a vulnerability
scanner to cause the device to stop servicing web authentication
or cause a reload of the device. The following error messages may
Versions of the Cisco ACE Device Manager prior to software version
A3(2.1) and Cisco ANM prior software version ANM 2.0 contain directory
traversal vulnerabilities. These vulnerabilities could allow
unauthorized access to ACE operating system and host operating system
files. To exploit these vulnerabilities authentication is required to
initially access either product.
This vulnerability is documented in the following Cisco Bug IDs:
* CSCsv66063
VULNERABILITY IN FACE RECOGNITION AUTHENTICATION MECHANISM
LENOVO-ASUS-TOSHIBA LAPTOPS
1. General Information
Face Recognition feature is provided by Asus, Lenovo and Toshiba as
specialized software that is issued together with their laptops. This
feature is embedded into all laptop families having webcams and supporting
Windows Vista, XP operating system. Owners of laptops benefiting from this
technology do not have to type in their passwords or use their fingerprint
bug reporting procedures
in the Aruba Mobility Controller. A malformed EAP frame causes a process
crash on the Aruba
Mobility Controller causing a temporary DoS condition for new clients
configured to use EAP
authentication. Prior successful security association is not required to
cause this condition.
The Mobility Controller recovers automatically by restarting the
affected process.
The jabber server Openfire (<= version 3.6.0a) contains several serious
vulnerabilities. Depending on the particular runtime environment these
issues can potentially even be used by an attacker to execute code
on operating system level.
1) Authentication bypass
This vulnerability provides an attacker full access to all functions
in the admin webinterface without providing any user credentials.
The Tomcat filter which is responsible for authentication could be
completely circumvented.
The IOS secure shell server is disabled by default. To determine if
SSH is enabled, use the show ip ssh command.
Router#show ip ssh
SSH Enabled - version 2.0
Authentication timeout: 120 secs; Authentication retries: 3
The previous output shows that SSH is enabled on this device and that
the SSH protocol major version that is being supported is 2.0. If the
text "SSH Disabled" is displayed, the device is not vulnerable.
Possible values for the SSH protocol version reported by IOS are:
access-list auth-proxy extended permit tcp any any eq www
access-list auth-proxy extended permit tcp any any eq telnet
access-list auth-proxy extended permit tcp any any eq https
!
aaa authentication match auth-proxy inside LOCAL
aaa authentication secure-http-client
aaa authentication listener https inside port https
A configuration affected by this vulnerability will contain the command
"aaa authentication secure-http-client" or "aaa authentication listener
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
ESA-2010-016: RSA, The Security Division of EMC, releases security hot fix for a potential vulnerability in RSA® Access Manager Agent when working with RSA® Adaptive Authentication
Security Advisory
Updated September 2, 2010
Summary:
- Cross-Site-Request-Forgery (XSRF)
- Session fixation
- Session impersonation
- Remote buffer overflow
- Privilege escalation in two applications
- Missing authentication in configuration panel
- Admin password is delivered in plaintext inside the server response
- Cookies are set for root path, not application path
- Crawler endless loop
CVSSv2 Base Score: 7.1
Access Vector: Network
Access Complexity: Medium
Authentication: None
Confidentiality Impact: None
Integrity Impact: Complete
Availability Impact: None
CVSSv2 Temporal Score: 5.6
Application: Citrix Access Gateway
Versions: Access Gateway Enterprise Edition (up to 9.2-49.8)
Access Gateway Standard & Advanced Edition (prior to 5.0)
Severity: High
Author: George D. Gal <ggal (at) vsecurity (dot) com>
Vendor Status: Updated Software Released, NT4 Authentication Removed [2]
CVE Candidate: CVE-2010-4566
Reference: http://www.vsecurity.com/resources/advisory/20101221-1/
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Advisory # 2:
TITLE
Dot1X Wireless User Authentication Bypass Vulnerability when EAP-TLS
Dot1X local termination is enabled on WLAN.
SUMMARY
<<Previous Next>>
|
