Password reset – Computer Security Articles

Millions of accounts affected in latest Facebook hack

September 28, 2018 admin access tokens, big breaches, breach, cybercrime, data breach, Facebook, Facebook breach, facebook hack, Password reset, social media, social networks, View As, vulnerabilities, Vulnerability

Credit to Author: Malwarebytes Labs| Date: Fri, 28 Sep 2018 19:39:11 +0000

Facebook announced earlier today that its social network had been breached, resulting in 40 million accounts that were directly impacted. Learn more as the Facebook breach story develops.

Categories:

Cybercrime

Tags: access tokens big breaches breach data breach facebook Facebook breach facebook hack password reset social media social networks View As vulnerabilities vulnerability

MalwareBytes Security

Is two-factor authentication (2FA) as secure as it seems?

September 14, 2018 admin 101, 2fa, biometrics, brute force, Facebook, fake login, FYI, mfa, multi-factor authentication, Password reset, phishing, Social engineering, third-party login, totp, two-factor authentication

Credit to Author: Pieter Arntz| Date: Fri, 14 Sep 2018 15:00:00 +0000

Two factor authentication (2fa) was introduced to enhance login security, but does it always work as advertised? Or can it be bypassed?

Categories:

Tags: 2fa biometrics brute force facebook fake login mfa multi-factor authentication password reset phishing Social Engineering third-party login totp two-factor authentication

Independent Securiteam

SSD Advisory – Coredy CX-E120 Repeater Multiple Vulnerabilities

December 4, 2017 admin Password reset, Remote Command Execution, SecuriTeam Secure Disclosure, Unauthenticated Action

Credit to Author: SSD / Maor Schwartz| Date: Mon, 04 Dec 2017 09:37:02 +0000

Vulnerabilities Summary The following advisory describes two (2) vulnerabilities found in Coredy CX-E120 Repeater. The Coredy CX-E120 WiFi Range Extender is “a network device with multifunction, which can be using for increasing the distance of a WiFi network by boosting the existing WiFi signal and enhancing the overall signal quality over long distances. An extender … Continue reading SSD Advisory – Coredy CX-E120 Repeater Multiple Vulnerabilities

Independent Securiteam

SSD安全公告–Ametys CMS未经身份验证

November 14, 2017 admin Chinese Translation, Password reset, SecuriTeam Secure Disclosure, Unauthenticated Action

Credit to Author: SSD / Maor Schwartz| Date: Tue, 14 Nov 2017 12:10:25 +0000

漏洞概要下面我们将描述在Ametys CMS 4.0.2版本中发现的密码重置漏洞。 Ametys是一个免费的开源内容管理系统（CMS），它基于JSR-170存储内容，有公开的小工具和一个面向xml的框架。漏洞提交者一位独立的安全研究人员—何塞·路易斯（Jose Luis），向Beyond Security的SSD报告了该漏洞。厂商响应 Ametys已经发布了修补该漏洞的补丁-Ametys CMS 4.0.3 获取更多细节：https://issues.ametys.org/browse/RUNTIME-2582 漏洞详细信息由于对用户的输入没有进行充分的检查，导致未经验证的用户可以执行未授权的管理操作。 Ametys CMS仅在Web请求中包含/cms/时才检查授权。这样，我们就可以重置任何用户的密码，包括管理员用户。漏洞证明通过发送以下POST请求，我们可以获得用户列表： [crayon-5a0b6be0a435a552881165/] 然后，服务器将响应如下： [crayon-5a0b6be0a4362693871138/] 从服务器的响应中可以获取到字段“populationId”和“login”的值，这些值将会用于下一个请求。现在，我们需要执行另一个请求来更改admin用户的密码： [crayon-5a0b6be0a4366202170605/] 执行这个请求后，服务器将响应： [crayon-5a0b6be0a436a547248671/] 现在，你可以使用密码MYNEWPASSWORD以管理员身份登录系统。

Independent Securiteam

SSD Advisory – Ametys CMS Unauthenticated Password Reset

November 7, 2017 admin Password reset, SecuriTeam Secure Disclosure, Unauthenticated Action

Credit to Author: SSD / Maor Schwartz| Date: Tue, 07 Nov 2017 09:23:50 +0000

Vulnerability Summary The following advisory describes a password reset vulnerability found in Ametys CMS version 4.0.2 Ametys is “a free and open source content management system (CMS) written in Java. It is based on JSR-170 for content storage, Open Social for gadget rendering and a XML oriented framework.” Credit An independent security researcher, Jose Luis, … Continue reading SSD Advisory – Ametys CMS Unauthenticated Password Reset