lundi 24 juin 2019   -   18 : 18 : 17  

Dernières alertes de sécurité

Cisco Identity Services Engine Privileged Account Sensitive Information Disclosure Vulnerability

> date : 2019-06-23 00:32:49
> lien : https://tools.cisco.com/security/center/content/CiscoSecurit...

A vulnerability in the Admin portal of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to obtain confidential information for privileged accounts. The vulnerability is due to the improper handling of confidential information. An attacker could exploit this vulnerability by logging into the web interface on a vulnerable system. An exploit could allow an attacker to obtain confidential information for privileged accounts. This information could then be used to impersonate or negatively impact the privileged account on the affected system. There are no workarounds that address this vulnerability. This advisory is available at the following link:

Offline Cryptographic Attacks Targeting the Wi-Fi Protected Access 2 Protocol

> date : 2019-06-22 00:32:52
> lien :
https://tools.cisco.com/security/center/content/CiscoSecurit...

On August 4, 2018, Jens Steube from the Hashcat project published an article introducing a new method to obtain cryptographic information from wireless traffic that can then be used by an attacker to attempt the offline recovery of the preshared key (PSK) used to secure a Wi-Fi network. Both the Wi-Fi Protected Access (WPA) and the Wi-Fi Protected Access 2 (WPA2) protocols are known to be susceptible to offline cryptographic attacks when a PSK is used as an authentication mechanism. This is not a new vulnerability or a new attack against these protocols. This is a new vector that allows an attacker to obtain the information required to attempt an offline attack against the PSK. This new method is different from the existing attacks against the PSK because it does not require an attacke [...]

Cisco Industrial Network Director Cross-Site Request Forgery Vulnerability

> date : 2019-06-21 00:33:06
> lien : https://tools.cisco.com/security/center/content/CiscoSecurit...

A vulnerability in the web-based management interface of Cisco Industrial Network Director (IND) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF protections for the web-based management interface of the affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a malicious link. A successful exploit could allow the attacker to use a web browser and the privileges of the user to perform arbitrary actions on an affected device. For more information about CSRF attacks and potential mitigations, see Understanding [...]

Cisco Unified Communications Manager IM&P Service, Cisco TelePresence VCS, and Cisco Expressway Series Denial of Service Vulnerability

> date : 2019-06-21 00:33:06
> lien :
https://tools.cisco.com/security/center/content/CiscoSecurit...

A vulnerability in the authentication service of the Cisco Unified Communications Manager IM and Presence (Unified CM IM&P) Service, Cisco TelePresence Video Communication Server (VCS), and Cisco Expressway Series could allow an unauthenticated, remote attacker to cause a service outage for users attempting to authenticate, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient controls for specific memory operations. An attacker could exploit this vulnerability by sending a malformed Extensible Messaging and Presence Protocol (XMPP) authentication request to an affected system. A successful exploit could allow the attacker to cause an unexpected restart of the authentication service, preventing users from successfully authenticating. E [...]

| page 1 | page suivante |


 

  Sécurité



  Classement

Selon le comparatif phwinfo.com, Ironie.org est 3ème au classement des mutualisés !

   

  Nouvelles

Consulter les dernières actualités de plus de 300 sources d'informations différentes.

  news.ironie.org

connected from address localhost (127.0.0.1:57880)
using CCBot/2.0 (https://commoncrawl.org/faq/)
served for Ironie.org by Debian GNU/Linux