Vulnerabilities

6K

Solutions

8K

Contributors

A vulnerability is a weakness which allows an attacker to reduce a system's information assurance. Vulnerability is the intersection of three elements: a system susceptibility or flaw, attacker access to the flaw, and attacker capability to exploit the flaw. To exploit a vulnerability, an attacker must have at least one applicable tool or technique that can connect to a system weakness, known as the attack surface. Vulnerability management is the cyclical practice of identifying, classifying, remediating, and mitigating vulnerabilities. Other vulnerabilities include security risks, security defects and constructs in programming languages that are difficult to use properly.

Share tech news, updates, or what's on your mind.

Sign up to Post

Microsoft Exchange 2016 Vulnerabilities:

We have vulnerabilities for below two points on Exchange 2016.
If we take action and make any changes, does it negative impact on our Exchange servers?
We have total 12 Mailbox Server, 1-WITNESS Server, 1-DAG CLUSTER. Please suggest  on below vulnerabilities.
Need your valuable inputs.

Vulnerabilities:
1) 3DES configuration in registry, & 
2) Disabling “SendExtraRecord” parameters in registry.

SSL Medium Strength Cipher Suites Supported      The remote host supports the use of SSL ciphers that offer medium
strength encryption. Nessus regards medium strength as any encryption
that uses key lengths at least 64 bits and less than 112 bits, or else
that uses the 3DES encryption suite.

Note that it is considerably easier to circumvent medium strength
encryption if the attacker is on the same physical network.

SSL/TLS Protocol Initialization Vector Implementation Information Disclosure Vulnerability (BEAST)      A vulnerability exists in SSL 3.0 and TLS 1.0 that could allow
information disclosure if an attacker intercepts encrypted traffic
served from an affected system.

TLS 1.1, TLS 1.2, and all cipher suites that do not use CBC mode are
not affected.

This plugin tries to establish an SSL/TLS remote connection using an
affected SSL version and cipher suite and then solicits return data.
If returned application data is not fragmented with an empty or
one-byte record, it is likely vulnerable.

OpenSSL uses…
0
Cloud Class® Course: Ruby Fundamentals
LVL 12
Cloud Class® Course: Ruby Fundamentals

This course will introduce you to Ruby, as well as teach you about classes, methods, variables, data structures, loops, enumerable methods, and finishing touches.

We have been hit with ransomware.  Please see the attached screenshot.

The file extensions have been changed to STG.

They hacked into the network, created admin users and made them part of the Admin group, created shares etc.
0
I have tried several things to disable TLS 1.0 on a Windows 7 system.  All the documentation states to add registry keys and reboot.  No matter what  try TLS 1.0 is still reported to be enabled on both the client and the server side of the system.  Here are the registry keys:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Client]
"Enabled"=dword:00000000
"DisabledByDefault"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server]
"Enabled"=dword:00000000
"DisabledByDefault"=dword:00000001

Open in new window

Testing with nmap and openssl both show that TLS 1.0 is still enabled for 3389 (server).  
openssl s_client -connect 192.168.1.1:3389  -tls1
....
SSL-Session:
    Protocol  : TLSv1
    Cipher    : ECDHE-RSA-AES256-SHA

Open in new window

nmap --script ssl-enum-ciphers -p 3389 192.168.1.1
PORT     STATE SERVICE
3389/tcp open  ms-wbt-server
| ssl-enum-ciphers:
|   TLSv1.0:
|     ciphers:
|       TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (secp256r1) - A
|       TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (secp256r1) - A
|       TLS_DHE_RSA_WITH_AES_256_CBC_SHA (dh 2048) - A
.....

Open in new window

Going to https://www.ssllabs.com/ssltest/viewMyClient.html shows TLS 1.0 is still enabled on the client side:
 
Protocols
TLS 1.3	Yes
TLS 1.2	Yes
TLS 1.1	Yes
TLS 1.0	Yes
SSL 3	No
SSL 2	No

Open in new window

0
Secure Mobile DNA
The explosive trends of the increasing number of mobile devices and apps get us in trouble despite the benefits they give. Run through the common threats faced. Tackle them with a strategy to better secure our mobile device and apps against these emerging threats.
0
NESSUS vulnerability Scanner runs every often on my network. I see that All my Windows server 2008 R2, 2012 R2, Windows 8.1. shows the following two vulnerabilities below on the report as HIGH. We do have PCI regulation, we do not manage credit card services by the way.
1) TLS version 1.0 Protocol Detection
2) SSL Version 2 and 3 Protocol Dectection.
All my servers and Computers are patch monthly, so i do not think i am missing any patch. is there a way to fix this? I have a wildcar certificate from godaddy that i can use, so all my computers can talk using that? is this a good option?
Please advise.
Thanks,
0
have a client workstation that suddenly givea a '7-zip access denied' error on any executable but 7-zip is not installed(that i can find)  Malwarebytes scans clean and Vipre Internet Security scans clean.  Administrator/user permissions make no difference.
0
I need to disable the POODLE vulnerability.  I have Centos 7.5 and
OpenSSL 1.0.2k-fips  26 Jan 2017

Open in new window

and I have ran yum update openssl and nothing qualifies.  I added the line
SSLProtocol All -SSLv2 -SSLv3

Open in new window

in
/etc/httpd/conf.d/ssl.conf

Open in new window

- I then restarted httpd.

Yet when I run my cert against https://www.ssllabs.com free ssl checker I still show a POODLE vulnerability.

Please tell me how to get rid of this vulnerability.

Thanks,
0
Can anyone please help?I have wasted almost a day on this,...Codebase I am working on has been analyzed by Checkmarks(i.e Its a tool which scan code for any security  issues), and it came back with a report containing a "Stored XSS" issue. The issue states:

Method retrieveDataTagsNames at line 47 of Correspondence
Template/sf/claims/api/correspondence/template/data/DataTagsNamesDao.java gets data from the database,
for the query element. This element’s value then flows through the code without being properly filtered or
encoded and is eventually displayed to the user in method retrieveDataTagsNamesDetails at line 52 of
Correspondence Template/sf/claims/api/correspondence/template/service/DataTagsNamesRestController.java.
This may enable a Stored Cross-Site-Scripting attack.

Code  for DataTagsNamesDao.java:-

public class DataTagsNamesDao {
    private static final Logger LOGGER = LoggerFactory.getLogger(DataTagsNamesDao.class);

    @Autowired
    private NamedParameterJdbcTemplate jdbcTemplate;

    @Autowired
    private Sql retrieveDataTagsNames;

    /**
     * This method retrieves data tags names and values  from a DB2
     * sequence object.
     * 
     * @return String (data tags names and values)
     */
    @Transactional(readOnly = true)
    public List<DataTagsNames> retrieveDataTagsNames(String templateId) {
	
	try {
	    return jdbcTemplate.query(retrieveDataTagsNames.getSql(),new MapSqlParameterSource().addValue("templateId", templateId) 

Open in new window

0
Good Afternoon,

We had a security audit of our entire network and were provided with a report of all potential vulnerabilities.
Working through these, we came across a list of users with the "allowed to be delegated to a service" vulnerability.

I've had a good search on google and ran the below powershell commands but I cannot seem to find anything regarding "These administrative accounts are allowed to be delegated to a service" on the users accounts and nothing is being returned from the powershell commands.

Get-ADUser -LdapFilter "(userAccountControl:1.2.840.113556.1.4.803:=524288)" | %{$_.DistinguishedName}

Open in new window

Get-aduser -ldapfilter "(&(userAccountControl:1.2.840.113556.1.4.803:=16777216)(msDS-AllowedToDelegateTo=*))" | %{$_.DistinguishedName}

Open in new window

Get-aduser -LdapFilter "(&(!(|(userAccountControl:1.2.840.113556.1.4.803:=524288)(userAccountControl:1.2.840.113556.1.4.803:=16777216)))(msDS-AllowedToDelegateTo=*))" | %{$_.DistinguishedName}

Open in new window

Get-aduser -LdapFilter "(&(userAccountControl:1.2.840.113556.1.4.803:=16777216)(!(msDS-AllowedToDelegateTo=*)))" | %{$_.DistinguishedName}

Open in new window


Does anyone know what "These administrative accounts are allowed to be delegated to a service" is?
Any why this is set when the accounts aren't even administrators?

Many thanks!
0
Customer has a watchguard T10 firebox firewall for a pos system.  The POS server connects directly to the trusted network port. no other computers connect to that network.  

Customer wants to setup an access point for wifi.  The watchguard has a 3rd port.  I want to activate it as a second network and allow wireless devices to access the internet.  

The watchguard firewall does not have built in wifi.  We purchased an access point that we plan to connect to the 3rd port.

This is a restaurant, there are no office pc's or network printers.

Need suggestions on policy's, the device has contenfilter subscriptions.  I want to enforce them on the 3rd port too if possible.
0
ON-DEMAND: 10 Easy Ways to Lose a Password
LVL 1
ON-DEMAND: 10 Easy Ways to Lose a Password

Learn about the methods that hackers use to lift real, working credentials from even the most security-savvy employees in this on-demand webinar. We cover the importance of multi-factor authentication and how these solutions can better protect your business!

I installed AIX 7.1 there is no application installed ,i upgraded java 5 to 7 .
When i run Nessus scan i am getting sslv2 and sslv3 detection vulnerability .
0
I installed AIX 7.1 there is no application installed ,i upgraded java 5 to 7 .
When i run Nessus scan i am getting sslv2 and sslv3 detection vulnerability .
0
How to block RFC 1918 and create object-groups and use that object-groups to block any udp traffic inbound to the external interface on a WatchGuard Firebox (M200)?
0
Are 32 bit computers at a higher risk of Anti-Virus, Malware or Ransomware infections?

We have a few left and I need to know if I should trash them ASAP.
0
As we do not know the various subnets/VLANs in the network and all the devices on it,
is there a feature in Nessus scanner that will 'auto discover or crawl' to get all subnets
& IP addresses?  What's this feature called in Nessus?

It will help give an inventory (hardware type and OS versions ie fingerprinting)
0
Hi,

I need assistance how I can disable / close network discovery on LAN for Servers and all Clients please.


Regards
Asif
0
Hi, i am having an issue with IIS 10 and my PCI DSS Scanning.

I keep getting the below feedback. However in the release notes for IIS 10 it said you can block this information by going in to the configuration editor > system.webserver > Security > request filtering and changing "RemoveServerHeader" to True.  I have done this for the default web site and Exchange Back end.

However the results still come back the same, i know i can use URLrewrite or some other method, however if its now built in to IIS 10 i would like to try and figure out why it wont work.

Thanks in advance for any help.

"Web Server HTTP Header Information Disclosure"
"Server type : Microsoft IIS"
"Server version : 10.0"
"Source : Microsoft-IIS/10.0"
0
sql and php vulnerabilities
0
Hi,

My company have some VM which running IIS web server on Windows OS. Based on BitSight - Web Server Vulnerabilities.

My tasks are assigned as follow.

Services require to reverted back
2. Where to disable SSLv2 and SSLv3 protocol, the Diffie-Hellman encryption length also require to use 2048bit
3. How to update those outdated IIS server

Ps advice me accordingly as i've never done this before as require by our Cyber team.

If there is any best practice to perform hardening, ps advice and share for my knowledge.

Tks.

Lcuky
0
Top Threats of Q1 & How to Defend Against Them
LVL 1
Top Threats of Q1 & How to Defend Against Them

WEBINAR: Join WatchGuard CTO and our Threat Research Team on Aug. 2nd to hear the findings from our Q1 Internet Security Report! Learn more about the top threats detected in the first quarter and how you can defend your business against them!

I'm trying to connect a Watchguard T30 to an AP320 through a Cisco Catalyst 2960.

I'm able to set up trunking on the Cisco so that I can see the AP320 through the controller, however when I connect to the WLAN I get no DHCP address, and I can't get online even when I hard code the IP. Based on some logging information I've seen on the Watchguard, it almost looks as though the Cisco switch is sending packets to the wrong gateway address.

It looks like when a device was requesting an IP on the VLAN 192.168.5.1/24 subnet that request was sent to the lan 192.168.1.1 gateway.

I'm extremely new to Cisco so it's entirely possible I'm missing something obvious, but when the VLAN's are set up on the router and then trunking is configured for those VLAN's on the Cisco, is there a place where you need to specify what Gateway to use for each trunk?
0
We have a Linux server and after it was scanned for any security vulnerabilities, we got one about "SSH Weak Algorithms Supported".  I tried to make a change to the ssh_config file under /etc/ssh/ to remove the support for any "arcfour" algorithm, but after another scan, it is still showing that this vulnerability exists.  Can anyone tell me exactly what I need to change?  This is my line in the ssh_config file:

 Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc

Thanks in advance!
- Christian
0
We have a Watchguard M200 firewall that we would like to limit inbound/outbound bandwidth to 20Mbps on our External (WAN) interface. Our ISP allows for 40Mbps total bandwidth. I've gone into Traffic Management and changed the interface to limit bandwidth to 20Mbps but this only seems to apply to upstream outbound traffic. Inbound traffic is still coming in at the fulll 40Mbps. Is it possible to also limit inbound traffic to 20Mbps?

Thank you
0
I currently have a Watchguard Firebox in place and have recently purchased a Cisco Catalyst 2960 to server as our primary switch. Our Watchguard currently manages our WAP's (also Watchguard) which have a private and public wifi network which is segmented through the use of VLAN's.

I'm extremely new to Cisco and I'm trying to determine how I would go about configuring the ports on the switch to pass along all VLAN traffic which should allow the WAP's to continue functioning.
0
How can i solve Allowed Null Session Active ,Windows vulnerability on  server 2012 R2,
CVE ID: CVE-2002-1117, CVE-2000-1200
0
I have a query on missing security updates on Windows servers. I have done some MBSA (baseline security analyser) scans of some database servers, and it flags in a few cases rather old updates, e.g. MS016-057 (critical) as "missing and are not approved by your system administrator". Rather than flag this immediately as risk to the technical support team, do more recent MS security updates ever superseded or have a cumulative effect whereby these older missing updates are no longer relevant or required. or is it a case than if MBSA says they are missing, they need to be installed, regardless of all the newer updates released more recently which in most cases had been applied.
0

Vulnerabilities

6K

Solutions

8K

Contributors

A vulnerability is a weakness which allows an attacker to reduce a system's information assurance. Vulnerability is the intersection of three elements: a system susceptibility or flaw, attacker access to the flaw, and attacker capability to exploit the flaw. To exploit a vulnerability, an attacker must have at least one applicable tool or technique that can connect to a system weakness, known as the attack surface. Vulnerability management is the cyclical practice of identifying, classifying, remediating, and mitigating vulnerabilities. Other vulnerabilities include security risks, security defects and constructs in programming languages that are difficult to use properly.