authentication bypass – Page 3

VU#475445: Multiple SAML libraries may allow authentication bypass via incorrect XML canonicalization and DOM traversal

Posted on February 27, 2018 by CERT

Multiple SAML libraries may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature,allowing the attack to potentially bypass authentication to SAML service providers. Continue reading VU#475445: Multiple SAML libraries may allow authentication bypass via incorrect XML canonicalization and DOM traversal→

Lenovo Patches Networking OS Vulnerability Dating Back to 2004

Posted on January 16, 2018 by Tom Spring

A bug in Lenovo’s Enterprise Networking Operating System could allow an attacker to launch an authentication bypass attack. Continue reading Lenovo Patches Networking OS Vulnerability Dating Back to 2004→

Apple Fixes MacOS High Sierra Root Access Vulnerability

Posted on November 29, 2017 by Lucian Constantin

Apple has released an emergency fix for an embarrassing vulnerability that allowed people to access the highest privileges account on Mac computers without a password. The vulnerability was disclosed by a user Tuesday on Twitter. He noticed that when p… Continue reading Apple Fixes MacOS High Sierra Root Access Vulnerability→

Cisco Fixes DoS, Authentication Bypass Vulnerabilities, OSPF Bug

Posted on August 3, 2017 by Chris Brook

Cisco fixed two high severity vulnerabilities in two products this week that could have let an attacker trigger a denial of service condition or bypass local authentication. Continue reading Cisco Fixes DoS, Authentication Bypass Vulnerabilities, OSPF Bug→

Siemens Patches Authentication Bypass Flaw in SiPass Server

Posted on July 14, 2017 by Michael Mimoso

Siemens patches four vulnerabilities, including a critical authentication bypass flaw, in its SiPass integrated access control server. Continue reading Siemens Patches Authentication Bypass Flaw in SiPass Server→

FreeRADIUS Update Resolves Authentication Bypass

Posted on May 30, 2017 by Chris Brook

Developers behind FreeRADIUS, an open source implementation of the networking protocol RADIUS, are encouraging users to update to address an authentication bypass found in the server. Continue reading FreeRADIUS Update Resolves Authentication Bypass→

The hijacking flaw that lurked in Intel chips is worse than anyone thought

Posted on May 6, 2017 by Dan Goodin

Patch for severe authentication bypass bug won’t be available until next week. Continue reading The hijacking flaw that lurked in Intel chips is worse than anyone thought→

Cisco Patches Authentication Bypass in Cisco Prime Home

Posted on February 3, 2017 by Michael Mimoso

Cisco patched a critical remote authentication bypass vulnerability in its Prime Home remote management tool used by service providers. Continue reading Cisco Patches Authentication Bypass in Cisco Prime Home→

Cisco Patches Authentication Bypass in Cisco Prime Home

Posted on February 3, 2017 by Michael Mimoso