Next Page >>
authentication
The Cisco Firewall Services Module (FWSM) for the Cisco Catalyst 6500
Series switches and Cisco 7600 Series routers is affected by the
following vulnerabilities:
* Syslog Message Memory Corruption Denial of Service Vulnerability
* Authentication Proxy Denial of Service Vulnerability
* TACACS+ Authentication Bypass Vulnerability
* Sun Remote Procedure Call (SunRPC) Inspection Denial of Service
Vulnerabilities
* Internet Locator Server (ILS) Inspection Denial of Service
Vulnerability
* WebVPN Datagram Transport Layer Security (DTLS) Denial of Service
Vulnerability
* Crafted TCP Segment Denial of Service Vulnerability
* Crafted Internet Key Exchange (IKE) Message Denial of Service
Vulnerability
* NT LAN Manager version 1 (NTLMv1) Authentication Bypass
Vulnerability
These vulnerabilities are not interdependent; a release that is affected
by one vulnerability is not necessarily affected by the others.
Summary
=======
The Postfix SMTP server has a memory corruption error when the Cyrus
SASL library is used with authentication mechanisms other than PLAIN
and LOGIN (the ANONYMOUS mechanism is unaffected but should not be
enabled for different reasons). See below for instructions to
determine what systems are affected.
Examples of affected Cyrus SASL authentication methods are CRAM-MD5,
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Cisco Security Advisory: SNMP Version 3 Authentication
Vulnerabilities
Document ID: 107408
Advisory ID: cisco-sa-20080610-snmpv3
Multiple vulnerabilities exist in the Cisco ASA 5500 Series Adaptive
Security Appliances and Cisco PIX Security Appliances. This security
advisory outlines details of these vulnerabilities:
* Windows NT Domain Authentication Bypass Vulnerability
* IPv6 Denial of Service Vulnerability
* Crypto Accelerator Memory Leak Vulnerability
Note: These vulnerabilities are independent of each other. A device may
be affected by one vulnerability and not affected by another.
6500 Series ASA Services Module are affected by multiple
vulnerabilities as follows:
* MSN Instant Messenger (IM) Inspection Denial of Service
vulnerability
* TACACS+ Authentication Bypass vulnerability
* Four SunRPC Inspection Denial of Service vulnerabilities
* Internet Locator Service (ILS) Inspection Denial of Service
vulnerability
These vulnerabilities are independent; a release that is affected by
(to get the scripts mentioned by this advisory please get the full
version at http://www.hexale.org/advisories/OCHOA-2010-0209.txt; I did
not include them here to reduce the size of this email)
Windows SMB NTLM Authentication Weak Nonce Vulnerability
Security Advisory
Hernan Ochoa (hernan@gmail.com) - Agustin Azubel (agustin.azubel@gmail.com)
Title: Windows SMB NTLM Authentication Weak Nonce Vulnerability
in a reload of the device or disclosure of confidential information.
This security advisory outlines details of the following
vulnerabilities:
* Erroneous SIP Processing Vulnerabilities
* IPSec Client Authentication Processing Vulnerability
* SSL VPN Memory Leak Vulnerability
* URI Processing Error Vulnerability in SSL VPNs
* Potential Information Disclosure in Clientless VPNs
Note: These vulnerabilities are independent of each other. A device
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Cisco Security Advisory: Authentication Bypass in Cisco Unity
Advisory ID: cisco-sa-20081008-unity
http://www.cisco.com/warp/public/707/cisco-sa-20081008-unity.shtml
Revision 1.0
Vendors contacted: HTC (and MITRE - CVE ID)
-- Vulnerability description:
The default Twitter client (or application) in HTC mobile devices is called HTC Peep. HTC Peep is vulnerable to two different credentials disclosure vulnerabilities during the authentication process against the Twitter service (twitter.com).
During the authentication process, the HTC Peep app establishes an HTTP (TCP/80) connection against the twitter.com servers, sending a few HTTP OAuth-related requests. The first two HTTP GET requests try to gather and make use of an OAuth token: "GET /oauth/request_token" (the response contains the "oauth_token") and "GET /oauth/authorize?oauth_token=...".
The first vulnerability resides in the third HTTP request, a POST request towards the "/oauth/authorize" resource, which contains several parameters, including the Twitter username and password in the clear, making the authentication process vulnerable to eavesdropping attacks:
Multiple vulnerabilities exist in the Cisco ASA 5500 Series Adaptive
Security Appliances and Cisco PIX Security Appliances. This security
advisory outlines the details of these vulnerabilities:
* VPN Authentication Bypass when Account Override Feature is Used
vulnerability
* Crafted HTTP packet denial of service (DoS) vulnerability
* Crafted TCP Packet DoS vulnerability
Hash: SHA1
Aruba Networks Security Advisory
Title: Management User Authentication Bypass Vulnerability When Using
Public Key Based SSH Authentication.
Aruba Advisory ID: AID-42309
Revision: 1.0
Multiple vulnerabilities exist in the Cisco Wireless LAN Controller
(WLC) platforms. This security advisory outlines the details of the
following vulnerabilities:
* Malformed HTTP or HTTPS authentication response denial of service
vulnerability
* SSH connections denial of service vulnerability
* Crafted HTTP or HTTPS request denial of service vulnerability
* Crafted HTTP or HTTPS request unauthorized configuration
modification vulnerability
Advisory: Geo++(R) GNCASTER: Faulty implementation of HTTP Digest
Authentication
During a penetration test, RedTeam Pentesting discovered that the
GNCaster software has multiple bugs in its implementation of HTTP Digest
Authentication.
Details
=======
A malicious user can abuse the feature "Check for mail using POP3" for
realize the automatic process of password cracking.
As you comment, using this feature exist a lock (for 2 hours) for
authentication attempts, and beyond this limit (100 requests) the
message returned by the application does not allow to known if the
analyzed password is correct or not. However, every 2 hours an attacker
could make 100 authentication attempts.
To overcome this limit (100 authentication attempts), it is sufficient
command execution (http://www.milw0rm.com/exploits/8093). As there is a
milw0rm exploit already posted it is likely malicious users are already
exploiting pPIM. I decided to have a closer look at pPIM and, quite
frankly, was horrified by what I found. pPIM contains multiple
vulnerabilities, from version information leakage, to system credential
disclosure, to remote command execution, authentication bypass and cross
site scripting vulnerabilities. Possibly the only class of
vulnerability pPIM is not exposed to is SQL injection as it doesn't
employ any database back end. That said, there seemed to be nothing in
the way of security other than an easily bypassable GET variable check
in the header, present in pPIM. The following is a brief synopsis of my
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Aruba Networks Security Advisory
Title: Aruba Mobility Controller TACACS User Authentication and Cross
Site Scripting Vulnerabilities
Aruba Advisory ID: AID-051408
Revision: 1.0
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
ESA-2010-018: RSA Security Advisory: RSA, The Security Division of EMC, announces a fix for a potential security vulnerability in RSA® Authentication Client when storing secret key objects on an RSA SecurID® 800 Authenticator
RSA Authentication Client 2.0.x, 3.0, and 3.5.x contain a potential vulnerability that could allow the unintended extraction, by a properly authenticated user, of secret (or symmetric) key objects stored on an RSA SecurID 800 Authenticator. This potential vulnerability is corrected in RSA Authentication Client 3.5.3.
Description:
asa(config-pmap-c)# inspect sip my-inspect tls-proxy my-tls-proxy
asa(config)# service-policy global_policy global
The Cisco ASA is also vulnerable when the Cut-Through Proxy for
Network Access feature is used with HTTPS. This feature is enabled
for direct authentication using HTTPS with the "aaa authentication
listener https" command, as shown in the following example:
ASA(config)# aaa authentication listener https inside port 443
Session Initiation Protocol (SIP) Inspection Denial of Service Vulnerability
their advisory: "Cisco Secure ACS EAP Parsing Vulnerability". The
original advisory is available at:
http://www.securityfocus.com/archive/1/495937/30/0/threaded
A specially crafted Remote Authentication Dial In User Service
(RADIUS) Extensible Authentication Protocol (EAP) Message Attribute
packet sent to the Cisco Secure Access Control Server (ACS) can crash
the CSRadius and CSAuth processes of Cisco Secure ACS. Because this
affects CSAuth all authentication requests via RADIUS or TACACS+ will
be affected during exploitation of this vulnerability.
Product Name: Netgear DG632 Router
Vendor: http://www.netgear.com
Date: 15 June, 2009
Author: tom@tomneaves.co.uk <tom@tomneaves.co.uk>
Original URL:
http://www.tomneaves.co.uk/Netgear_DG632_Authentication_Bypass.txt
Discovered: 18 November, 2006
Disclosed: 15 June, 2009
I. DESCRIPTION
Field 1: 10-digit base10 command length field ("0000000027")
Field 2: RPC command ("rxrLogin")
Field 3: Constant Argument Delimiter ("~~")
Field 4: Argument ("administrator")
Vulnerability #1: Authentication Username Overflow
A stack-based buffer overflow exists within the authentication portion
of rxRPC.dll which is accessible via TCP/1900. A sample legitimate
authentication packet resembles the following:
0000000013rxrLogin~~administrator
Multiple vulnerabilities exist in the Cisco TelePresence Manager.
This security advisory outlines the details of the following
vulnerabilities:
* Simple Object Access Protocol (SOAP) Authentication Bypass
* Java Remote Method Invocation (RMI) Command Injection
* Cisco Discovery Protocol Remote Code Execution
Duplicate Issue Identification in Other Cisco TelePresence Advisories
+--------------------------------------------------------------------
CG814WG
Affected versions. Hardware 1.03,
Software V3.9.26 R14 verified,
possibly others
Severity Rating. High
Impact. Authentication bypass,
Cross Site Request Forgery
Attack Vector. Remote without authentication
Solution Status. Upgrade to R15 (by contacting NETGEAR)
CVE reference. Not yet assigned
Oracle is a widely-deployed Database Management System (DBMS) that supports a variety of applications. Many multi-tier applications are designed to use proxy authentication, restricting a middle tier to establish the database connection on behalf of the users. The standard authentication mechanism requires the client, the middle tier in this case, to provide valid credentials in order to authenticate and connect to the DBMS. User sessions are then created through the proxy connection. Oracle TNS protocol messages are used for session setup, authentication and data transfer.
Scope
Imperva’s Application Defense Center (ADC) conducts extensive research on enterprise applications and databases. During its research, the team has identified a vulnerability in Oracle’s proxy authentication and access control mechanism.
Findings
access-list auth-proxy extended permit tcp any any eq www
access-list auth-proxy extended permit tcp any any eq telnet
access-list auth-proxy extended permit tcp any any eq https
!
aaa authentication match auth-proxy inside LOCAL
aaa authentication secure-http-client
aaa authentication listener https inside port https
A configuration affected by this vulnerability will contain the
command aaa authentication secure-http-client or aaa authentication
Summary
=======
Cisco IOS® devices that are configured for Internet Key Exchange
(IKE) protocol and certificate based authentication are vulnerable to
a resource exhaustion attack. Successful exploitation of this
vulnerability may result in the allocation of all available Phase 1
security associations (SA) and prevent the establishment of new IPsec
sessions.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
ESA-2010-017: RSA, The Security Division of EMC, announces a security
update for RSA Authentication Agent 7.0 for Web, which addresses a
potential directory traversal vulnerability
Security Advisory
Updated September 20, 2010
TFTP Information Disclosure
An information disclosure vulnerability exists within Cisco
TelePresence endpoint devices that could allow an unauthenticated,
remote attacker to retrieve sensitive authentication and
configuration information. The attacker would need to have the
ability to submit a TFTP GET request via UDP port 69 to the affected
device.
Because the vulnerability is within a UDP based service, the attacker
Advisory: Authentication Bypass in Configuration Import and Export of
ZyXEL ZyWALL USG Appliances
Unauthenticated users with access to the management web interface of
certain ZyXEL ZyWALL USG appliances can download and upload
configuration files, that are applied automatically.
Details
=======
Next Page>>
|
