Searching user valid crypt software vulnerabilities

CRYPTOCard CryptoAdmin for PalmOS uses weak enc

CryptoAdmin | encryption | CRYPTOCard | generate | attacker | cracking | number | access | allows | tokens | PalmOS | user's | valid | after | which | store | PT-1 | uses | file | weak | PDB | PIN |

CRYPTOCard CryptoAdmin for PalmOS uses weak encryption to store a user's PIN number, which allows an attacker with access to the .PDB file to generate valid PT-1 tokens after cracking the PIN.


Serv-U FTP Server allows remote attackers to by

anti-hammering | attackers | logging | feature | bypass | Server | Serv-U | allows | remote | first | valid | user | its | FTP |

Serv-U FTP Server allows remote attackers to bypass its anti-hammering feature by first logging on as a valid user (possibly anonymous) and then attempting to guess the passwords of other users.


POP3 Server for Ipswitch IMail 7.04 and earlier

Ipswitch | Server | IMail | POP3 |

POP3 Server for Ipswitch IMail 7.04 and earlier generates different responses to valid and invalid user names, which allows remote attackers to determine users on the system.


The login for Hosting Controller 1.1 through 1.

Controller | through | Hosting | login |

The login for Hosting Controller 1.1 through 1.4.1 returns different error messages when a valid or invalid user is provided, which allows remote attackers to determine the existence of valid usernames and makes it easier to conduct a brute force attack.


The System Request menu in IBM AS/400 allows lo

accounts | viewing | Request | allows | object | System | USRPRF | AS/400 | valid | local | users | names | type | menu | list | user | IBM |

The System Request menu in IBM AS/400 allows local users to list valid user accounts by viewing the object names that are type USRPRF.


The default configuration of University of Wash

configuration | Washington | University | default | daemon | IMAP |

The default configuration of University of Washington IMAP daemon (wu-imapd), when running on a system that does not allow shell access, allows a local user with a valid IMAP account to read arbitrary files as that user.


Lotus Domino 5.0.8 web server returns different

Domino | Lotus |

Lotus Domino 5.0.8 web server returns different error messages when a valid or invalid user is provided in HTTP requests, which allows remote attackers to determine valid user names and makes it easier to conduct brute force attacks.


The authentication module for Apache 2.0.40 thr

authentication | Apache | module |

The authentication module for Apache 2.0.40 through 2.0.45 on Unix does not properly handle threads safely when using the crypt_r or crypt functions, which allows remote attackers to cause a denial of service (failed Basic authentication with valid usernames and passwords) when a threaded MPM is used.


The key validation code in GnuPG before 1.2.2 d

validation | before | GnuPG | code | key |

The key validation code in GnuPG before 1.2.2 does not properly determine the validity of keys with multiple user IDs and assigns the greatest validity of the most valid user ID, which prevents GnuPG from warning the encrypting user when a user ID does not have a trusted path.


Novell iChain 2.2 before Support Pack 1 uses a

non-existent | usernames | attackers | password | guessing | timeout | conduct | Support | shorter | remote | easier | Novell | before | iChain | brute | force | guess | valid | which | makes | uses | Pack | than | user |

Novell iChain 2.2 before Support Pack 1 uses a shorter timeout for a non-existent user than a valid user, which makes it easier for remote attackers to guess usernames and conduct brute force password guessing.


The /.inlook/.crypt file for inlook 0.7.3 and e

/inlook/crypt | inlook | file |

The /.inlook/.crypt file for inlook 0.7.3 and earlier is installed with world readable permissions, which allows local users to obtain user POP3 credentials.


The POP3 server in IBM iSeries AS/400 returns d

different | attackers | determine | messages | iSeries | returns | exists | remote | AS/400 | server | allows | which | error | valid | POP3 | user | IDs | not | IBM |

The POP3 server in IBM iSeries AS/400 returns different error messages when the user exists or not, which allows remote attackers to determine valid user IDs on the server.


Parlano MindAlign 5.0 and later versions allows

vulnerability | Enumeration" | attackers | MindAlign | versions | Parlano | unknown | vectors | allows | remote | "User | valid | users | later | list | via | aka |

Parlano MindAlign 5.0 and later versions allows remote attackers to list valid users via unknown vectors, aka the "User Enumeration" vulnerability.


login.asp in Ringtail CaseBook 6.1.0 displays d

CaseBook | Ringtail | loginasp |

login.asp in Ringtail CaseBook 6.1.0 displays different error messages depending on whether a user exists or not, which allows remote attackers to determine valid usernames.


Mail Management Agent (MAILMA) (aka Mail Manage

Management | Agent | Mail |

Mail Management Agent (MAILMA) (aka Mail Management Server) in Rockliffe MailSite 7.0.3.1 and earlier generates different responses depending on whether or not a username is valid, which allows remote attackers to enumerate valid usernames via user requests to TCP port 106.


Adobe Document Server for Reader Extensions 6.0

Extensions | different | attackers | depending | identify | messages | Document | provides | invalid | attacks | whether | remote | allows | easily | during | Reader | Server | brute | Adobe | force | error | which | valid | more | user | log | IDs | via |

Adobe Document Server for Reader Extensions 6.0, during log on, provides different error messages depending on whether the user ID is valid or invalid, which allows remote attackers to more easily identify valid user IDs via brute force attacks.


Dispatch.cgi/_user/uservCard/ in SiteScape Foru

Dispatchcgi/_user/uservCard/ | responses | different | attackers | usernames | enumerate | SiteScape | generates | possibly | earlier | remote | allows | valid | Forum | way |

Dispatch.cgi/_user/uservCard/ in SiteScape Forum 7.2 and possibly earlier generates different responses in a way that allows remote attackers to enumerate valid usernames.


User interface inconsistency in Workgroup Manag

inconsistency | Workgroup | interface | Manager | Apple | User | Mac |

User interface inconsistency in Workgroup Manager in Apple Mac OS X 10.4 through 10.4.7 appears to allow administrators to change the authentication type from crypt to ShadowHash passwords for accounts in a NetInfo parent, when such an operation is not actually supported, which could result in less secure password management than intended.


The FTP server in Apple Mac OS X 10.4.8 and ear

server | Apple | Mac | FTP |

The FTP server in Apple Mac OS X 10.4.8 and earlier, when FTP Access is enabled, will crash when a login failure occurs with a valid user name, which allows remote attackers to cause a denial of service (crash) and enumerate valid usernames.


Microsoft Windows Server 2003, when time restri

Microsoft | Windows | Server |

Microsoft Windows Server 2003, when time restrictions are in effect for user accounts, generates different error messages for failed login attempts with a valid user name than for those with an invalid user name, which allows context-dependent attackers to determine valid Active Directory account names.


Software vulnerabilities results 1 to 20 of 2025     
Page: 12345...102