Next Page >>
passwords
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Cisco Security Advisory: Default Passwords in the Application Velocity
System
Advisory ID: cisco-sa-20080123-avs
http://www.cisco.com/warp/public/707/cisco-sa-20080123-avs.shtml
designed to provide you with all the features you need from a webshop.
------------------------------------------------------------------------
Insecure installation instructions
------------------------------------------------------------------------
Besides changing the default password for the admin user and removing
the install.php script, no specific instructions are provided to secure
the installation of FWS. The manual assumes that FWS is installed on a
LAMP server (Linux, Apache, MySQL & PHP). If the ZIP archive is
extracted or the files are uploaded to the document root of the
webserver, the new files and directories will be created based on the
>
> As was explained by my colleague Neel Mehta in his reply, this is not
> a vulnerability.
I must express my disagreement. I consider that if someone can automate
the process of password cracking, exist a security problem. I have
programmed a Python script that implements the process that I explain in
the proof of concept paragraph, and it has allowed me to run thousands
of automated requests and obtain the password of one of my test accounts.
> Gmail has all sorts of additional limits on password brute forcing.
Benchmarking attacks and major security weakness on all recent Windows versions up to Windows 2008
----------------------------------------------------------------------------------------------------
+ Author: Fabien KERBOUCI
+ Version/Date: 27/01/2009
+ Keywords: [ benchmark timing benchmarking attacks Windows runas vulnerability password length ]
Get a more detailed version of this advisory with complete tutorial and video in Haking9 Magazine
of May 2009.
====================================================================================================
Hi Vicente,
As was explained by my colleague Neel Mehta in his reply, this is not
a vulnerability.
Gmail has all sorts of additional limits on password brute forcing.
The confusion here is the difference between "login incorrect" (due to
bad password) and "login incorrect" (due to excessive login attempts).
This protection kicks in after a small number of failed attempts,
after which even correct credentials will not be accepted. You can't
tell the difference in the UI you are using, so it's understandable to
3. *Vulnerability Description*
ManageEngine ADSelfService Plus [1] is a secure, web-based, end-user
password reset management program. This software helps domain users to
perform self service password reset, self service account unlock and
employee self update of personal details (e.g. telephone numbers, etc)
in Microsoft Windows Active Directory. Administrators find it easy to
automate password resets, account unlocks while managing optimizing the
expenses associated with helpdesk calls.
Bugtraq (for end-users). (Not really "to make this public" since the
issue was already discussed in public on john-users.)
Some highlights (excerpts from the longer message below):
"Time running (D:HH:MM) - Keyspace searched - Passwords cracked
0:00:02 - 0.0008% - 6.0%
0:01:00 - 0.025% - 19.5%
0:20:28 - 0.5% - 39.1%
1:16:24 - 1.0% - 47.1%
3:00:48 - 1.8% - 55.2%
- Severity: 4.5/10 (CVSS Base Score)
=============================================
I. VULNERABILITY
-------------------------
Gmail vulnerable to automated password cracking.
II. BACKGROUND
-------------------------
Gmail is Google's free webmail service. It comes with built-in Google
search technology and over 7,300 megabytes of storage (and growing
The Cisco ACE Application Control Engine Module and Cisco ACE 4710
Application Control Engine Cisco ACE Module and Cisco ACE 4710
Application Control Engine contain multiple vulnerabilities that, if
exploited, can could result in any of the following impacts:
* Administrative level access via default user names and passwords
* Privilege escalation
* A denial of service (DoS) condition
Cisco has released free software updates available for affected
customers. Workarounds that mitigate some of the vulnerabilities are
Summary
=======
Tandberg C Series Endpoints and E/EX Personal Video units that are
running software versions prior to TC4.0.0 ship with a root
administrator account that is enabled by default with no password. An
attacker could use this account in order to modify the application
configuration or operating system settings.
Resolving this default password issue does not require a software
upgrade and can be changed or disabled by a configuration command for
Advisory: IceWarp WebMail Server: Client-Side Specification of "Forgot
Password" eMail Content
During a penetration test, RedTeam Pentesting discovered that the emails
sent by the IceWarp WebMail Server when using the "Forgot Password"
function are generated on the client side. Furthermore, the server
expands certain keywords in these emails to users' full names, usernames
and passwords. This allows for advanced social engineering attacks and
the potential disclosure of usernames and passwords.
Release Date: 2008/09/12
Last Modified: 2008/09/12
Author: Stefan Esser [stefan.esser[at]sektioneins.de]
Application: Wordpress <= 2.6.1
Severity: MySQL column truncation allows resetting the passwords of
wordpress users to random strings. Combined with weaknesses
in PHP's PRNG this allows determining the admin password.
Risk: High
Vendor Status: Vendor has released Wordpress 2.6.2 which fixes this issue
Reference: http://www.sektioneins.de/advisories/SE-2008-05.txt
www.sektioneins.de
-= Security Advisory =-
Advisory: PunBB Blind Password Recovery Vulnerability
Release Date: 2008/02/20
Last Modified: 2008/02/20
Author: Stefan Esser [stefan.esser[at]sektioneins.de]
Application: PunBB <= 1.2.16
=======
Cisco Media Experience Engine (MXE) 5600 devices that are running
Cisco Media Processing Software releases prior to 1.2 ship with a
root administrator account that is enabled by default with a default
password. An unauthorized user could use this account to modify the
software configuration and operating system settings or gain complete
administrative control of the device. A software upgrade is not
required to resolve this vulnerability. Customers can change the root
account password by issuing a configuration command on affected
engines. The workarounds detailed in this document provide
is only about 32768 possible filenames and therefore simple bruteforce
can reveal valid path to uploaded file.
###############################################################################
7. Admin Password Reset Vulnerability
###############################################################################
Reason: using of "rand()" function, which has known weaknesses
Preconditions:
1. Windows platform
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Cisco Security Advisory: Cisco Secure Access Control System Unauthorized
Password Change Vulnerability
Advisory ID: cisco-sa-20110330-acs
Revision 1.0
1. By default, IMail allows Internet Guest Account to have "Full Control" to the following registry key,
including its subkeys and values. As well as the default IMail directory:
HKEY_LOCAL_MACHINE\SOFTWARE\Ipswitch\IMail
C:\Program Files\Ipswitch\IMail\
2. The IMail password decryption algorithm implemented in IMailsec.dll is also reversible.
0x03 : Vendor Communication
1/21/2010 - IMail vendor contacted
1/26/2010 - Got a reply from the vendor (product development manager) for more vulnerability clarification.
2) Description
Sun Identity Manager facilitates centralized identity provisioning for
variety of application and platforms. Its web interface allows end users
to request password change. To handle such requests the system has to
manipulate account databases on the target resources. In the case of
*NIX-based systems the management server remotely logs in to a target
server and issues a series of shell command, using send-expect technique.
The system allows users to submit passwords containing control
> Total lines read 1000000000 Unique lines written 697066573
Here's some further analysis of the 1 billion sample used as a training
set along with a separate 1 million sample used as a test set:
Applying the 697 million unique passwords (from the 1 billion sample
above) as a wordlist (6 GB file size) to crack another 1 million of
pwgen'ed passwords cracks 418168 of them (41.8%). For a uniform
distribution (which is not the case), this would correspond to total
keyspace size of about 1.67 billion passwords (between 30 and 31 bits).
SektionEins GmbH
www.sektioneins.de
-= Security Advisory =-
Advisory: MyBB Password Reset Weak Random Numbers Vulnerability
Release Date: 2010/04/13
Last Modified: 2010/04/13
Author: Stefan Esser [stefan.esser[at]sektioneins.de]
Application: MyBB <= 1.4.11
Windows 7 is soon to be released. Translation that means no one is
investing any resources into an operating system that is just hanging
around long enough for the RTM of Windows 7 to be installed on
netbooks. Every version of XP professional that I've touched in the
last three years on HP machines did prompt you for a password. Again,
this is not a vulnerability of the operating system but an
implementation issue that has been around since 2004.
Configuring Windows 7 for a Limited User Account:
http://unixwiz.net/techtips/win7-limited-user.html
Introduction
------------
LSrunasE [1] and Supercrypt [2] are utilities used to run
commands under a different user account within Windows batch
scripts. Passwords are encrypted using strong cryptography.
Due to insecure use of the RC4 algorithm, the encryption can
be trivially broken.
company assumed they would be revoking our license/contract as way to
quell the issue.
CERT - Assigned VU#120593
+Subject
Meridian Prolog Manager Username and Plain Text Password Disclosure
+Version
All Prolog Manager Versions (2007, 7.5 and pre 7.5 versions)
+Impact
A quick reminder that the Call for Papers for Passwords^11 ends on
Sunday, April 17. We have already accepted and announced some of the
speakers, with more to come.
We are still interested in talks, especially within some narrow areas:
1. Hybrid-wordlist-mangling ruleset construction logic for tools like
JtR, *hashcat and others
2. Mobile device password bypass, such as forensics tools to extract MS
Summary
=======
Cisco Network Registrar Software Releases prior to 7.2 contain a
default password for the administrative account. During the initial
installation, users are not forced to change this password, allowing
it to persist after the installation. An attacker who is aware of
this vulnerability could authenticate with administrative privileges
and arbitrarily change the configuration of Cisco Network Registrar.
Hello Susan!
If Microsoft did it, than it's good. But better for my opinion to do such as
in Windows XP Professional - not to disable admin account by default, but to
make password of default admin account similar to password of first admin
(during installation process). Because if default admin account will be
enabled later (with empty password) and will forget to set new password,
than it'll be much worse.
I'm not using Vista, so I can't check this issue on any of my computers. And
on a fresh test install of Plesk 8.6.0 both on OpenSUSE 10.3 x86_64 and
using psa autoinstaller.
(1) If SHORTNAMES=1 is active for smtp_psa or smtps_psa in xinetd, QMAIL
will accept ANY correctly base64 encoded username which begins with a
valid shortname or equals a valid password during AUTH LOGIN
authentication. This is only fixed by completely removing SHORTNAMES=1
from smtp(s)_psa, simply setting it to 0 has no effect.
Steps to reproduce:
http://www.tux.org/~peterw/
Background:
Apache web server supports three different algorithms for
"encrypted" passwords for HTTP Basic authentication:
- Unix-style crypt() passwords: uses a 12 bit salt (4096
possible values) and only the first 8 characters of the
cleartext password are used
- SHA hashes: no salt; any given password can have only one
{SHA} representation
> versions 7.1 and 7.2. I discovered that a design flaw that was
> previously unknown in Finesse will allow a level 0 user to escalate
> their privilege to level 15. I believe the vulnerability may originate
> in the local authentication service, thus not being possible to
> exploit when Radius and TACACS is implemented. Implementing AAA in any
> other way that keeps the passwords locally defined seems to have no
> affect on the vulnerability. I have been able to repeatedly bypass the
> privilege-exec login both locally, through the console and remotely,
> through a telnet connection. After many attempts I have found that the
> SSH service does not seem to suffer from the vulnerability.
>
0x1AC on the stack using wsprintfW, however no string length checks are
performed. By sending an overly long username as part of the first
authentication request, an exploitable condition is reached.
Vulnerability 2: Authentication Password Overflow
Another stack-based buffer overflow exists within the authentication
portion of rxRPC.dll which is accessible via TCP/1900. A sample
legitimate authentication request with a password resembles the
following:
Next Page>>
|
