CVE-2023-33371

Control ID IDSecure 4.7.26.0 and prior uses a hardcoded cryptographic key in order to sign and verify JWT session tokens, allowing attackers to sign arbitrary session tokens and bypass authentication. ...

Continue Reading

CVSS3 - CRITICAL

CVSS2 - HIGH

CVE-2023-33372

Connected IO v2.1.0 and prior uses a hard-coded username/password pair embedded in their device's firmware used for device communication using MQTT. An attacker who gained access to these credentials ...

Continue Reading

CVSS3 - CRITICAL

CVSS2 - HIGH

CVE-2023-3518

HashiCorp Consul and Consul Enterprise 1.16.0 when using JWT Auth for service mesh incorrectly allows/denies access regardless of service identities. Fixed in 1.16.1.Read More ...

Continue Reading
CVE-2023-3518

HashiCorp Consul and Consul Enterprise 1.16.0 when using JWT Auth for service mesh incorrectly allows/denies access regardless of service identities. Fixed in 1.16.1.Read More ...

Continue Reading
CVE-2023-3518

HashiCorp Consul and Consul Enterprise 1.16.0 when using JWT Auth for service mesh incorrectly allows/denies access regardless of service identities. Fixed in 1.16.1.Read More ...

Continue Reading
Denial Of Service (DoS)

pocketmine/pocketmine-mp is vulnerable to Denial Of Service (DoS). The vulnerability exists in due to the `netresearch/jsonmapper` dependency due to improper mappings of JSON arrays and objects onto s ...

Continue Reading
2023 OWASP Top-10 Series: API2:2023 Broken Authentication

Welcome to the 3rd post in our weekly series on the new [2023 OWASP API Security Top-10]() list, with a particular focus on security practitioners. This post will focus on [API2:2023 Broken Authentica ...

Continue Reading
CVE-2023-33372

Connected IO v2.1.0 and prior uses a hard-coded username/password pair embedded in their device's firmware used for device communication using MQTT. An attacker who gained access to these credentials ...

Continue Reading

Back to Main

Subscribe for the latest news: