Information disclosure vulnerability in Android App 'IIJ SmartKey' versions prior to 2.1.4 allows an attacker to obtain a one-time password issued by the product under certain conditions.ĭelta Electronics InfraSuite Device Master versions 00.00.01a and prior allow unauthenticated users to trigger the WriteConfiguration method, which could allow an attacker to provide new values for user configuration files such as UserListInfo.xml. To revert to the original behaviour, the administrator would therefore need to set these configuration parameter: -allow-remote-access=true -random-web-admin-password=false Note also that the h2 webconsole is never available in production mode, so these safeguards are only to ensure that the webconsole is secured by default also in prototype mode. The password is printed to the log, as "webAdminPass: xxx" (where "xxx") is the password. As an additional safeguard, the new '-random-web-admin-password' configuration parameter (enabled by default) requires that the administrator use a randomly generated password to use the console. As of 2.0.0-M8, this can now be done using the '-allow-remote-access' configuration property the web console will be unavailable without setting this configuration. It was felt that it is safer to require the developer to explicitly enable this capability.
When running in prototype mode, the h2 webconsole module (accessible from the Prototype menu) is automatically made available with the ability to directly query the database. Password Storage Application v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Setup page.Ī missing authentication for a critical function vulnerability in Fortinet FortiSOAR 6.4.0 - 6.4.4 and 7.0.0 - 7.0.3 and 7.2.0 allows an attacker to disclose information via logging into the database using a privileged account without a password. Password recovery vulnerability in SICK SIM2x00 (ARM) Partnumber 10926902 with firmware version 1.2.0 as soon as possible.Īn access control issue in the password reset page of IP-COM EW9 V15.11.0.14(9732) allows unauthenticated attackers to arbitrarily change the admin password. Password recovery vulnerability in SICK SIM1012 Partnumber 1098146 with firmware version = 2.2.0 as soon as possible. The impact could vary depending on the compiler and processor architecture. This can be triggered by arbitrary local users with access to Sudo by entering a password of seven characters or fewer. Sudo 1.8.0 through 1.9.12, with the crypt() password backend, contains a plugins/sudoers/auth/passwd.c array-out-of-bounds error that can result in a heap-based buffer over-read. NOTE: this only affects an "unsupported, production-like configuration." Changing the boot device configuration with these packages removes password protection from the managed libvirt XML domain. An issue was discovered in OpenStack Sushy-Tools through 0.21.0 and VirtualBMC through 2.2.2.
0 kommentar(er)
