Next Page >>
user accounts
and
- you have created a user account with limited privileges (this is
not the default configuration).
Studio is by default shipped with the root user account and no other
user accounts. For this reason, exploitation of the vulnerability
would not yield any gain for an attacker since the attacker would
need to know the credentials of the root user account in order to
launch an attack. If an attacker knows the credentials of the root
user, the attacker will have other avenues to compromise Studio.
Severity: Medium
Product description:
"Identity Manager allows customers to automate the process of creating,
updating, and deleting user accounts across multiple IT systems.
Collectively, this process is known as provisioning (e.g., creating,
updating) and deprovisioning (e.g., deleting). For example, when a new
employee joins a company, Identity Manager will automatically run a
workflow retrieving the necessary approvals to grant the new employee
access. Once these approvals are obtained, Identity Manager will
[+] Management - Organizational Units
Proof of Concept:
=================
This vulnerabilities can be exploited local(persistent) by low privileged user accounts or
by user inter-action (remote) via request force ...
Code Review: Networks Definition
Obviously you have NOT understand a single word!
It is COMPLETELY irrelevant where cached credentials are stored on the
local computer, and I haven't written anything about that.
Logins with local user accounts are authenticated against the resp. SAM,
whereas logins with domain user accounts are authenticated against the
resp. AD. Only if the latter is not available cached credentials are used.
Stefan
The Guest account is surreptitiously added through a lightdm
configuration file, and is not part of the standard user database.
Because its not part of the standard user database, it can't be
disabled through /etc/shadow, nor disable it through familiar tools
such as userdel and usermod. Additionally, the damn account does not
show up in distribution provided tools such as User Accounts applet.
To make matters worse, grepping for guest returns 0 results because
lightdm.conf does not mention one must add the following to disable
the guest account (nothing is required to enable the account):
flaw!
3) Weak default accounts for OS and web interface
Two independent installations have been tested and the same standard
user accounts were found.
The operating system, where voxlog professional comes preinstalled,
has three different accounts with very weak passwords, at least one
of them with local administrative rights.
Overview:
1.vendor description of software
------------------------------------------------
A SSH2 and FTP server for Microsoft windows® that enables system administrators to support multiple protocol access to user accounts. FTPS, SFTP, and HTTPS based file transfers are supported in addition to FTP, Telnet, and Secure Shell access. Sysax Multi Server lets system administrators authenticate users using existing windows user accounts or by creating custom accounts, or a combination of both methods. A convenient web browser based administration interface makes it easy to monitor the status of the server remotely.It is easy to install and does not require advanced IT skills to manage.
2.vulnerability details:
------------------------------------------------
Several Denial of Service vulnerabilities exist in SFTP module of Sysax Multi Server. The unsafe commands include "open","unlink", "mkdir" and etc. .which can not handle overlength strings properly.
If you could log on the server successfully, take the following steps and the Sysax Multi server will crash which would lead to Denial of Service attack:
within the software (such as buffer overflows, etc.). Due to lack of
time no further vulnerabilities could be searched.
1) Unauthenticated access to critical functions
Unauthenticated attackers are e.g. able to create new user accounts
with administrative "Manager" roles. It is possible to exploit the
built-in "salang" scripting language to read/write files on the file
system (e.g. user configuration with MD5 hashes), connect to other
internal systems or execute arbitrary operating system commands.
> The Guest account is surreptitiously added through a lightdm
> configuration file, and is not part of the standard user database.
> Because its not part of the standard user database, it can't be
> disabled through /etc/shadow, nor disable it through familiar tools
> such as userdel and usermod. Additionally, the damn account does not
> show up in distribution provided tools such as User Accounts applet.
>
> To make matters worse, grepping for guest returns 0 results because
> lightdm.conf does not mention one must add the following to disable
> the guest account (nothing is required to enable the account):
>
[+] Management - Organizational Units
Proof of Concept:
=================
This vulnerabilities can be exploited local(persistent) by low privileged user accounts or
by user inter-action (remote) via request force ...
Code Review: Networks Definition
A XSS vulnerability has been found within HP System Management; Arising
from insufficient input filtering.
By using a specially-crafted link, and tricking the victim into clicking
on it, an attacker can perform malicious attacks such as the following:
- Hijack user accounts by stealing the victim's cookies that are
assigned to the victim's browser by the vulnerable website
- Hijack user accounts by injecting a "fake" html form on the html
rendered by the victim's web browser
XSS vulnerabilities have been found within HP System Management; Arising
from insufficient input filtering.
By using a specially-crafted link, and tricking the victim into clicking
on it, an attacker can perform malicious attacks such as the following:
- Hijack user accounts by stealing the victim's cookies that are
assigned to the victim's browser by the vulnerable website
- Hijack user accounts by injecting a "fake" html form on the html
rendered by the victim's web browser
Details:
========
Multiple persistent Input Validation vulnerabilities are detected on Barracudas CudaTel Phone Application v3.0.028.001.
Local low privileged user accounts can implement/inject malicious script code to manipulate modules via persistent context
requests. When exploited by an authenticated user, the identified vulnerabilities can result in information disclosure via error,
session hijacking, access to available phone line services, manipulated persistent context execution out of the auto route listings.
Vulnerable Module(s):
[+] Automated Attendants
recognition to bypass the authentication mechanism.
Performing tests on laptops with 1.3 Megapixel camera produced by Lenovo -
Asus - Toshiba, using the Bypass Model above with special photos or videos
of some users, we have been able to pass the User Authentication Based on
Face Recognition and log into user accounts on Windows Vista without
difficulty.
All the applications tested are of their latest versions and are set to
Highest Security Level.
- Lenovo Veriface III
> The vulnerability is aggravated due Gmail allows weak passwords to be
> used by the users. So, Gmail accepts password using only one character
> (e.g. "aaaaaaaa") or dictionary words (e.g. "pentagon" or "computer").
>
> The abuse of this functionality permits an attacker to do thousands of
> authentication requests during a day over one user account, so if the
> user is using a weak password is a matter of time to guess to have
> access to the mail account.
>
> IV. PROOF OF CONCEPT
> -------------------------
========================================================================
Severity
Users who are serious about securing their data and communication
against a threat model that includes others gaining access to their
machines (either through hardware seizure or multiple user accounts)
should change their passphrases and scrub their disks.
=========================================================================
Affected Versions
The vulnerability is aggravated due Gmail allows weak passwords to be
used by the users. So, Gmail accepts password using only one character
(e.g. "aaaaaaaa") or dictionary words (e.g. "pentagon" or "computer").
The abuse of this functionality permits an attacker to do thousands of
authentication requests during a day over one user account, so if the
user is using a weak password is a matter of time to guess to have
access to the mail account.
IV. PROOF OF CONCEPT
-------------------------
>> The vulnerability is aggravated due Gmail allows weak passwords to be
>> used by the users. So, Gmail accepts password using only one character
>> (e.g. "aaaaaaaa") or dictionary words (e.g. "pentagon" or "computer").
>>
>> The abuse of this functionality permits an attacker to do thousands of
>> authentication requests during a day over one user account, so if the
>> user is using a weak password is a matter of time to guess to have
>> access to the mail account.
>>
>> IV. PROOF OF CONCEPT
>> -------------------------
a specially crafted TeX formula to execute arbitrary TeX functions,
potentially reading any file accessible to the web server user, leading
to a loss of privacy. (CVE-2009-1171, MSA-09-0009)
Johannes Kuhn discovered that Moodle did not correctly validate user
permissions when attempting to switch user accounts. An authenticated
remote attacker could switch to any other Moodle user, leading to a loss
of privacy. (MSA-08-0003)
Hanno Boeck discovered that unconfigured Moodle instances contained
XSS vulnerabilities. An unauthenticated remote attacker could exploit
gain root privileges.
Background
==========
Shadow is a set of tools to deal with user accounts.
Affected packages
=================
-------------------------------------------------------------------
- ------------------
The TANDBERG Video Communication Server is a Linux-based appliance which
supports the interoperation of a plethora of video and voice communications
devices. The VCS provides a web-based management interface implemented in PHP
which allows administrators to perform a wide variety of actions, including
configuration of the device, management of user accounts, firmware updates,
along with number of other items.
Vulnerability Details
- ---------------------
to be defined on the internal identity store.
This vulnerability cannot be used to change the password for the
following types of users accounts:
* User accounts that are defined on external identity stores such
as a Lightweight Directory Access Protocol (LDAP) server, a
Microsoft Active Directory server, an RSA SecurID server, or an
external RADIUS server
* System administrator accounts for the Cisco Secure ACS server
itself that have been configured through the web-based interface
Problem Description:
A vulnerability has been found and corrected in libuser:
libuser before 0.57 uses a cleartext password value of (1) !! or (2) x
for new LDAP user accounts, which makes it easier for remote attackers
to obtain access by specifying one of these values (CVE-2011-0002).
Packages for 2009.0 are provided as of the Extended Maintenance
Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490
The appliance ships with a default login of admin/accellion. To reduce the risk of remote attack, this account is not allowed to login over Secure Shell. The implementation of this security check has a flaw and
it is still possible to configure an out-of-box Accellion appliance remotely through SSH, simply by executing a shell without a TTY: (ssh admin@target 'sh')
4. Static Passwords for Privileged User Accounts
The secure shell daemon is running by default and the system is configured with static passwords for a number of root-equivalent accounts. It is possible to crack these passwords and gain access to any Accellion system with the secure shell daemon exposed. The scope of our research did not provide time to crack these passwords, but it's a just a question of resource allocation. These accounts include "soggycat","sdadmin", and the "root" user account itself.
5. Remote Access via Stale SSH Authorized Keys
The vulnerability described in this document can be eliminated by logging in to
the affected WCS and changing the default password for the administrative Linux
root account to a strong password chosen by the user.
Refer to the Managing User Accounts chapter of the Cisco Wireless Control
System Configuration Guide for more information about changing administrative
accounts.
Obtaining Fixed Software
========================
* Services Platform/Integrated Services Platform Default
Authentication Vulnerability:
Cisco Video Surveillance Services Platform and Integrated Services
Platform devices ship with default passwords for the sypixx and
root user accounts. Users are not able to change these passwords
due to application requirements. Users with knowledge of the
default passwords may be able to gain interactive shell access with
administrative privileges to vulnerable devices. This issue is
documented in Cisco Bug ID CSCsj34681.
- ------------------
The TANDBERG Video Communication Server is a Linux-based appliance which
supports the interoperation of a plethora of video and voice communications
devices. The VCS provides a web-based management interface implemented in PHP
which allows administrators to perform a wide variety of actions, including
configuration of the device, management of user accounts, firmware updates,
along with number of other items.
Vulnerability Details
- ---------------------
More Details
============
The administrative interface of the Owl Intranet Engine allows users in
the "Administrators" group to edit user accounts over the "Users&Groups"
tab. If a user is selected for editing, all account information is
shown. In this overview, the password field is filled with the MD5 hash
value of the old user password, as can be seen in the HTML sources.
This allows users with administrative access to the Owl Intranet Engine
to see the password hashes of every user.
Released: 2/1/2008
There exists a vulnerability in The Everything Development Engine that
allows a user to inject their own SQL to modify a SELECT query, leading
to information disclosure, XSS, or privilege escalation. What's more,
passwords are stored in the database as plaintext, making user accounts
very easily compromised.
In some versions of the software I have encountered, the following proof
of concept will display a corresponding username and password in the
"core" field and "reputation" field on the page, respectively.
Debian-specific: no
CVE Id(s) : CVE-2007-5373
Debian Bug : 445582
Don Armstrong discovered that ldapscripts, a suite of tools to manipulate
user accounts in LDAP, sends the password as a command line argument when
calling LDAP programs, which may allow a local attacker to read this password
from the process listing.
For the stable distribution (etch), this problem has been fixed in version
1.4-2etch1.
Next Page>>
|
