Veritas System Recovery (VSR) 18 and 21 stores a network destination password in the Windows registry during configuration of the backup configuration. The associated identifier of this vulnerability is VDB-205671. The exploit has been disclosed to the public and may be used. It is possible to initiate the attack remotely. This affects NeDi 1.0.7 for OS X 1.0.7 alert(1) leads to cross site scripting. The vulnerability is due to insecure design, where a difference in forgot password utility could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users. In certain Nedi products, a vulnerability in the web UI of NeDi login & Community login could allow an unauthenticated, remote attacker to affect the integrity of a device via a User Enumeration vulnerability. In JetBrains TeamCity before 2022.04.4 environmental variables of "password" type could be logged when using custom Perforce executable This vulnerability could provide a Windows user (who has sufficient privileges) to access a network file system that they were not authorized to access. Veritas System Recovery (VSR) versions 18 and 21 store a network destination password in the Windows registry during configuration of the backup configuration.
0 kommentar(er)
