Security
Headlines
HeadlinesLatestCVEs

Latest News

GHSA-qj5r-2r5p-phc7: Keycloak-services SMTP Inject Vulnerability

A vulnerability was found in Keycloak-services. Special characters used during e-mail registration may perform SMTP Injection and unexpectedly send short unwanted e-mails. The email is limited to 64 characters (limited local part of the email), so the attack is limited to very shorts emails (subject and little data, the example is 60 chars). This flaw's only direct consequence is an unsolicited email being sent from the Keycloak server. However, this action could be a precursor for more sophisticated attacks.

ghsa
Open in Source
#vulnerability#auth
Hacker Accesses Millions of IMDataCenter Records from Exposed AWS Bucket

Florida firm IMDataCenter exposed 38GB of sensitive data including names, emails and ownership info. At least one hacker accessed and downloaded the files.

GHSA-8q6v-474h-whgg: The Thinbus Javascript Secure Remote Password (SRP) Client Generates Fewer Bits of Entropy Than Intended

### Impact A protocol compliance bug in thinbus-srp-npm versions prior to 2.0.1 causes the client to generate a fixed 252 bits of entropy instead of the intended bit length of the safe prime (defaulted to 2048 bits). RFC 5054 states in section [2.5.4 Client Key Exchange ](https://datatracker.ietf.org/doc/html/rfc5054#section-2.5.4) > The client key exchange message carries the client's public value (A). The client calculates this value as A = g^a % N, where a is a random number that SHOULD be at least 256 bits in length. The client public value is being generated from a private value that is 4 bits below the specification. This reduces the protocol's designed security margin it is now practically exploitable. The servers full sized 2048 bit random number is used to create the shared session key and password proof. ### Patches The issue is fixed in versions >= 2.0.1 ### Workarounds It is possible to patch a legacy version: ```javascript // WRONG var hexLength = this.toHe...

GHSA-q82r-2j7m-9rv4: github.com/go-acme/lego/v4/acme/api does not enforce HTTPS

## Summary It was discovered that the github.com/go-acme/lego/v4/acme/api package (thus the lego library and the lego cli as well) don't enforce HTTPS when talking to CAs as an ACME client. ## Details Unlike the http-01 challenge which solves an ACME challenge over unencrypted HTTP, the ACME protocol requires HTTPS when a client communicates with the CA to performs ACME functions. This is stated in 6.1 of RFC 8555: [https://datatracker.ietf.org/doc/html/rfc8555#section-6.1](https://datatracker.ietf.org/doc/html/rfc8555#section-6.1) > Each ACME function is accomplished by the client sending a sequence > of HTTPS requests to the server [[RFC2818](https://datatracker.ietf.org/doc/html/rfc2818)], carrying JSON messages > [[RFC8259](https://datatracker.ietf.org/doc/html/rfc8259)]. Use of HTTPS is REQUIRED. Each subsection of [Section 7](https://datatracker.ietf.org/doc/html/rfc8555#section-7) > below describes the message formats used by the function and the > order in which messages ...

GHSA-52f5-9888-hmc6: tmp allows arbitrary temporary file / directory write via symbolic link `dir` parameter

### Summary `tmp@0.2.3` is vulnerable to an Arbitrary temporary file / directory write via symbolic link `dir` parameter. ### Details According to the documentation there are some conditions that must be held: ``` // https://github.com/raszi/node-tmp/blob/v0.2.3/README.md?plain=1#L41-L50 Other breaking changes, i.e. - template must be relative to tmpdir - name must be relative to tmpdir - dir option must be relative to tmpdir //<-- this assumption can be bypassed using symlinks are still in place. In order to override the system's tmpdir, you will have to use the newly introduced tmpdir option. // https://github.com/raszi/node-tmp/blob/v0.2.3/README.md?plain=1#L375 * `dir`: the optional temporary directory that must be relative to the system's default temporary directory. absolute paths are fine as long as they point to a location under the system's default temporary directory. Any directories along the so specified path must exist, otherwise a ENOENT error will be...

Attackers Exploit Critical Trend Micro Apex One Zero-Day Flaw

Two critical vulnerabilities affect the security vendor's management console, one of which is under active exploitation. The company has updated cloud-based products but won't have a patch for its on-premises version until mid-August.

The Role of Security Policies in Shaping Organisational Culture and Risk Awareness

Organisational culture, as we know it, isn’t built overnight. It takes shape over time through decisions, habits and…

What CMMC 3.0 Really Means for Government Contractors

The ultimate goal of CMMC 3.0 is not just compliance — it's resilience.

Weight loss scams, or why &#8216;Jodie Foster&#8217; wants me to lose weight

Weight loss scams prey on insecurities, and scammers are abusing celebrities and fake news sites to deceive people.

Phishers Abuse Microsoft 365 to Spoof Internal Users

The "Direct Send" feature simplifies internal message delivery for trusted systems, and the campaign successfully duped both Microsoft Defender and third-party secure email gateways.