Control ID IDSecure 4.7.26.0 and prior uses a hardcoded cryptographic key in order to sign and verify JWT session tokens, allowing attackers to sign arbitrary session tokens and bypass authentication. ...
Continue ReadingAugust 15, 2023
Connected IO v2.1.0 and prior uses a hard-coded username/password pair embedded in their device's firmware used for device communication using MQTT. An attacker who gained access to these credentials ...
Continue ReadingAugust 15, 2023
HashiCorp Consul and Consul Enterprise 1.16.0 when using JWT Auth for service mesh incorrectly allows/denies access regardless of service identities. Fixed in 1.16.1.Read More ...
Continue ReadingAugust 15, 2023
HashiCorp Consul and Consul Enterprise 1.16.0 when using JWT Auth for service mesh incorrectly allows/denies access regardless of service identities. Fixed in 1.16.1.Read More ...
Continue ReadingAugust 11, 2023
HashiCorp Consul and Consul Enterprise 1.16.0 when using JWT Auth for service mesh incorrectly allows/denies access regardless of service identities. Fixed in 1.16.1.Read More ...
Continue ReadingAugust 09, 2023
pocketmine/pocketmine-mp is vulnerable to Denial Of Service (DoS). The vulnerability exists in due to the `netresearch/jsonmapper` dependency due to improper mappings of JSON arrays and objects onto s ...
Continue ReadingAugust 08, 2023
Welcome to the 3rd post in our weekly series on the new [2023 OWASP API Security Top-10]() list, with a particular focus on security practitioners. This post will focus on [API2:2023 Broken Authentica ...
Continue ReadingAugust 05, 2023
Connected IO v2.1.0 and prior uses a hard-coded username/password pair embedded in their device's firmware used for device communication using MQTT. An attacker who gained access to these credentials ...
Continue ReadingAugust 04, 2023
Back to Main