There are no known workarounds for this issue. As a result of this issue unauthenticated users may gain access to the system. The reason for this is that while an error is thrown in the `authenticateJaasUser` method it is swallowed without propagating the error. In the event a system is using Java Authentication and Authorization Service (JAAS) authentication and that system is given a configuration which contains an error, the authentication for the system will fail open and allow an attacker to login using any username and password. Ruckus Wireless Admin through 10.4 allows Remote Code Execution via an unauthenticated HTTP GET Request, as demonstrated by a /forms/doLogin?login_username=admin&password=password$(curl substring.ĭataHub is an open-source metadata platform. This issue is patched in 25.0.3 No workaround is available. A user can configure a very long password, consuming more resources on password validation than desired. Versions 25.0.0 and above, prior to 25.0.3, are subject to Uncontrolled Resource Consumption. Nextcloud is an Open Source private cloud software. In Epiphany (aka GNOME Web) through 43.0, untrusted web content can trick users into exfiltrating passwords, because autofill occurs in sandboxed contexts.
0 Comments
Leave a Reply. |