Next Page >>
password
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Cisco Security Advisory: Default Passwords in the Application Velocity
System
Advisory ID: cisco-sa-20080123-avs
http://www.cisco.com/warp/public/707/cisco-sa-20080123-avs.shtml
>
> As was explained by my colleague Neel Mehta in his reply, this is not
> a vulnerability.
I must express my disagreement. I consider that if someone can automate
the process of password cracking, exist a security problem. I have
programmed a Python script that implements the process that I explain in
the proof of concept paragraph, and it has allowed me to run thousands
of automated requests and obtain the password of one of my test accounts.
> Gmail has all sorts of additional limits on password brute forcing.
Benchmarking attacks and major security weakness on all recent Windows versions up to Windows 2008
----------------------------------------------------------------------------------------------------
+ Author: Fabien KERBOUCI
+ Version/Date: 27/01/2009
+ Keywords: [ benchmark timing benchmarking attacks Windows runas vulnerability password length ]
Get a more detailed version of this advisory with complete tutorial and video in Haking9 Magazine
of May 2009.
====================================================================================================
3. *Vulnerability Description*
ManageEngine ADSelfService Plus [1] is a secure, web-based, end-user
password reset management program. This software helps domain users to
perform self service password reset, self service account unlock and
employee self update of personal details (e.g. telephone numbers, etc)
in Microsoft Windows Active Directory. Administrators find it easy to
automate password resets, account unlocks while managing optimizing the
expenses associated with helpdesk calls.
designed to provide you with all the features you need from a webshop.
------------------------------------------------------------------------
Insecure installation instructions
------------------------------------------------------------------------
Besides changing the default password for the admin user and removing
the install.php script, no specific instructions are provided to secure
the installation of FWS. The manual assumes that FWS is installed on a
LAMP server (Linux, Apache, MySQL & PHP). If the ZIP archive is
extracted or the files are uploaded to the document root of the
webserver, the new files and directories will be created based on the
Summary
=======
Tandberg C Series Endpoints and E/EX Personal Video units that are
running software versions prior to TC4.0.0 ship with a root
administrator account that is enabled by default with no password. An
attacker could use this account in order to modify the application
configuration or operating system settings.
Resolving this default password issue does not require a software
upgrade and can be changed or disabled by a configuration command for
Hi Vicente,
As was explained by my colleague Neel Mehta in his reply, this is not
a vulnerability.
Gmail has all sorts of additional limits on password brute forcing.
The confusion here is the difference between "login incorrect" (due to
bad password) and "login incorrect" (due to excessive login attempts).
This protection kicks in after a small number of failed attempts,
after which even correct credentials will not be accepted. You can't
tell the difference in the UI you are using, so it's understandable to
=======
Cisco Media Experience Engine (MXE) 5600 devices that are running
Cisco Media Processing Software releases prior to 1.2 ship with a
root administrator account that is enabled by default with a default
password. An unauthorized user could use this account to modify the
software configuration and operating system settings or gain complete
administrative control of the device. A software upgrade is not
required to resolve this vulnerability. Customers can change the root
account password by issuing a configuration command on affected
engines. The workarounds detailed in this document provide
- Severity: 4.5/10 (CVSS Base Score)
=============================================
I. VULNERABILITY
-------------------------
Gmail vulnerable to automated password cracking.
II. BACKGROUND
-------------------------
Gmail is Google's free webmail service. It comes with built-in Google
search technology and over 7,300 megabytes of storage (and growing
www.sektioneins.de
-= Security Advisory =-
Advisory: PunBB Blind Password Recovery Vulnerability
Release Date: 2008/02/20
Last Modified: 2008/02/20
Author: Stefan Esser [stefan.esser[at]sektioneins.de]
Application: PunBB <= 1.2.16
Advisory: IceWarp WebMail Server: Client-Side Specification of "Forgot
Password" eMail Content
During a penetration test, RedTeam Pentesting discovered that the emails
sent by the IceWarp WebMail Server when using the "Forgot Password"
function are generated on the client side. Furthermore, the server
expands certain keywords in these emails to users' full names, usernames
and passwords. This allows for advanced social engineering attacks and
the potential disclosure of usernames and passwords.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Cisco Security Advisory: Cisco Secure Access Control System Unauthorized
Password Change Vulnerability
Advisory ID: cisco-sa-20110330-acs
Revision 1.0
is only about 32768 possible filenames and therefore simple bruteforce
can reveal valid path to uploaded file.
###############################################################################
7. Admin Password Reset Vulnerability
###############################################################################
Reason: using of "rand()" function, which has known weaknesses
Preconditions:
1. Windows platform
1. By default, IMail allows Internet Guest Account to have "Full Control" to the following registry key,
including its subkeys and values. As well as the default IMail directory:
HKEY_LOCAL_MACHINE\SOFTWARE\Ipswitch\IMail
C:\Program Files\Ipswitch\IMail\
2. The IMail password decryption algorithm implemented in IMailsec.dll is also reversible.
0x03 : Vendor Communication
1/21/2010 - IMail vendor contacted
1/26/2010 - Got a reply from the vendor (product development manager) for more vulnerability clarification.
Windows 7 is soon to be released. Translation that means no one is
investing any resources into an operating system that is just hanging
around long enough for the RTM of Windows 7 to be installed on
netbooks. Every version of XP professional that I've touched in the
last three years on HP machines did prompt you for a password. Again,
this is not a vulnerability of the operating system but an
implementation issue that has been around since 2004.
Configuring Windows 7 for a Limited User Account:
http://unixwiz.net/techtips/win7-limited-user.html
SektionEins GmbH
www.sektioneins.de
-= Security Advisory =-
Advisory: MyBB Password Reset Weak Random Numbers Vulnerability
Release Date: 2010/04/13
Last Modified: 2010/04/13
Author: Stefan Esser [stefan.esser[at]sektioneins.de]
Application: MyBB <= 1.4.11
Hello Susan!
If Microsoft did it, than it's good. But better for my opinion to do such as
in Windows XP Professional - not to disable admin account by default, but to
make password of default admin account similar to password of first admin
(during installation process). Because if default admin account will be
enabled later (with empty password) and will forget to set new password,
than it'll be much worse.
I'm not using Vista, so I can't check this issue on any of my computers. And
on a fresh test install of Plesk 8.6.0 both on OpenSUSE 10.3 x86_64 and
using psa autoinstaller.
(1) If SHORTNAMES=1 is active for smtp_psa or smtps_psa in xinetd, QMAIL
will accept ANY correctly base64 encoded username which begins with a
valid shortname or equals a valid password during AUTH LOGIN
authentication. This is only fixed by completely removing SHORTNAMES=1
from smtp(s)_psa, simply setting it to 0 has no effect.
Steps to reproduce:
0x1AC on the stack using wsprintfW, however no string length checks are
performed. By sending an overly long username as part of the first
authentication request, an exploitable condition is reached.
Vulnerability 2: Authentication Password Overflow
Another stack-based buffer overflow exists within the authentication
portion of rxRPC.dll which is accessible via TCP/1900. A sample
legitimate authentication request with a password resembles the
following:
Release Date: 2008/09/12
Last Modified: 2008/09/12
Author: Stefan Esser [stefan.esser[at]sektioneins.de]
Application: Wordpress <= 2.6.1
Severity: MySQL column truncation allows resetting the passwords of
wordpress users to random strings. Combined with weaknesses
in PHP's PRNG this allows determining the admin password.
Risk: High
Vendor Status: Vendor has released Wordpress 2.6.2 which fixes this issue
Reference: http://www.sektioneins.de/advisories/SE-2008-05.txt
Public disclosure: 03/2008
PART I - COMPROMISING USER’S ACCOUNT
Explanation:
When user already has session and he/she clicks on that link (from email), the exploit code will be automatically executed. User’s email address is changed without his/her notice. At the same time, his/her current email address, first and last name, and current encrypted password (in User Information page) is logged by a remote server side script.
The attacker reads all these information in a log file.
After that, he gets a new user password sent to his email address by using Lost Password form.
With victim’s username and password, the attacker has full permission on that account and does whatever he wants.
Upon finishing his works, he changes back user’s initial email address and encrypted password.
PWDumpX v1.4 now dumps domain password cache (if available), LSA
secrets, password hashes, and password history hashes (if available).
==========
Usage: PWDumpX [-clph] <hostname | ip input file> <username> <password>
[-clpha] -- optional argument
<hostname | ip input file> -- required argument
<username> -- required argument
> versions 7.1 and 7.2. I discovered that a design flaw that was
> previously unknown in Finesse will allow a level 0 user to escalate
> their privilege to level 15. I believe the vulnerability may originate
> in the local authentication service, thus not being possible to
> exploit when Radius and TACACS is implemented. Implementing AAA in any
> other way that keeps the passwords locally defined seems to have no
> affect on the vulnerability. I have been able to repeatedly bypass the
> privilege-exec login both locally, through the console and remotely,
> through a telnet connection. After many attempts I have found that the
> SSH service does not seem to suffer from the vulnerability.
>
Advisory-ID: 200905111
Discovery Date: 3.23.2009
Release Date: 5.11.2009
Affected Applications: A-A-S 2.0.48 and possibly older versions
Class: XSRF (Cross Site Request Forgery) Arbitrary Command Execution,
Undocumented Default Password, Insecure Password Storage
Status: Vendor informed. No fix available
Vendor: Klinzmann
Vendor URL: http://www.klinzmann.name/a-a-s/index_en.html
Advisory URL: http://www.syhunt.com/advisories/?id=aas-multiple
The Cisco ACE Application Control Engine Module and Cisco ACE 4710
Application Control Engine Cisco ACE Module and Cisco ACE 4710
Application Control Engine contain multiple vulnerabilities that, if
exploited, can could result in any of the following impacts:
* Administrative level access via default user names and passwords
* Privilege escalation
* A denial of service (DoS) condition
Cisco has released free software updates available for affected
customers. Workarounds that mitigate some of the vulnerabilities are
www.sektioneins.de
-= Security Advisory =-
Advisory: Joomla Weak Random Password Reset Token Vulnerability
Release Date: 2008/09/11
Last Modified: 2008/09/11
Author: Stefan Esser [stefan.esser[at]sektioneins.de]
Application: Joomla <= 1.5.7
On 12/08/08 23:59, Jan Minář wrote:
> Vim: Netrw: FTP User Name and Password Disclosure
>
> 1. SUMMARY
>
> Product : Vim -- Vi IMproved
> Versions : Tested with Vim 7.1.266, 7.2, autoload/netrw.vim v131, v109
> Impact : Credentials disclosure
> Wherefrom: Remote
> Original : http://www.rdancer.org/vulnerablevim-netrw-credentials-dis.html
* International support
* Cross platform capability
* Widget and Extension support
Vulnerability Details:
Minimo includes a password manager feature that allows users to store
user/password information of sites they visit. There are two ways this
feature can be abused. First, the action of any form can be changed
dynamically via JavaScript, which could be introduced into a site via a
cross-site scripting (XSS)bug. Second, the form fields can be
automatically filled in without user interaction. As a result, a XSS bug
Summary
=======
Cisco Network Registrar Software Releases prior to 7.2 contain a
default password for the administrative account. During the initial
installation, users are not forced to change this password, allowing
it to persist after the installation. An attacker who is aware of
this vulnerability could authenticate with administrative privileges
and arbitrarily change the configuration of Cisco Network Registrar.
Advisory: Owl Intranet Engine: Information Disclosure and Unsalted Password Hashes
The Owl Intranet Engine uses no salting in the password hashing
procedure. Furthermore, users in the "Administrators" group are able to
see the MD5 password hashes of every user using the web interface.
Details
=======
Next Page>>
|
