![]() ![]() When a valid Windows logon was found, a distinct response would be generated. ![]() In affected versions if a Windows user was registered in tgstation-server (TGS), an attacker could discover their username by brute-forcing the login endpoint with an invalid password. TGstation is a toolset to manage production BYOND servers. This account can then be used to achieve remote code execution. This configuration contains the Patrol account password, encrypted with a default AES key. The agent's configuration can be remotely queried. Server-side validation should be implemented to prevent this vulnerability.Īn issue was discovered in BMC Patrol before 22.1.00. ![]() As of time of publication, a patch is not available. While this vulnerability can potentially allow an attacker to execute arbitrary code on the user's browser, the impact is limited as it requires user interaction to trigger the vulnerability. In versions 1.7.42 and prior, the "/forgot_password" page has a self-reflected cross-site scripting vulnerability that can be exploited by injecting a script into the "email" parameter of the request. Grav is a flat-file content management system. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |