Vulnerabilities

6K

Solutions

8K

Contributors

A vulnerability is a weakness which allows an attacker to reduce a system's information assurance. Vulnerability is the intersection of three elements: a system susceptibility or flaw, attacker access to the flaw, and attacker capability to exploit the flaw. To exploit a vulnerability, an attacker must have at least one applicable tool or technique that can connect to a system weakness, known as the attack surface. Vulnerability management is the cyclical practice of identifying, classifying, remediating, and mitigating vulnerabilities. Other vulnerabilities include security risks, security defects and constructs in programming languages that are difficult to use properly.

Share tech news, updates, or what's on your mind.

Sign up to Post

Microsoft Exchange 2016 Vulnerabilities:

We have vulnerabilities for below two points on Exchange 2016.
If we take action and make any changes, does it negative impact on our Exchange servers?
We have total 12 Mailbox Server, 1-WITNESS Server, 1-DAG CLUSTER. Please suggest  on below vulnerabilities.
Need your valuable inputs.

Vulnerabilities:
1) 3DES configuration in registry, & 
2) Disabling “SendExtraRecord” parameters in registry.

SSL Medium Strength Cipher Suites Supported      The remote host supports the use of SSL ciphers that offer medium
strength encryption. Nessus regards medium strength as any encryption
that uses key lengths at least 64 bits and less than 112 bits, or else
that uses the 3DES encryption suite.

Note that it is considerably easier to circumvent medium strength
encryption if the attacker is on the same physical network.

SSL/TLS Protocol Initialization Vector Implementation Information Disclosure Vulnerability (BEAST)      A vulnerability exists in SSL 3.0 and TLS 1.0 that could allow
information disclosure if an attacker intercepts encrypted traffic
served from an affected system.

TLS 1.1, TLS 1.2, and all cipher suites that do not use CBC mode are
not affected.

This plugin tries to establish an SSL/TLS remote connection using an
affected SSL version and cipher suite and then solicits return data.
If returned application data is not fragmented with an empty or
one-byte record, it is likely vulnerable.

OpenSSL uses…
0
Cloud Class® Course: Ruby Fundamentals
LVL 12
Cloud Class® Course: Ruby Fundamentals

This course will introduce you to Ruby, as well as teach you about classes, methods, variables, data structures, loops, enumerable methods, and finishing touches.

I have tried several things to disable TLS 1.0 on a Windows 7 system.  All the documentation states to add registry keys and reboot.  No matter what  try TLS 1.0 is still reported to be enabled on both the client and the server side of the system.  Here are the registry keys:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Client]
"Enabled"=dword:00000000
"DisabledByDefault"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server]
"Enabled"=dword:00000000
"DisabledByDefault"=dword:00000001

Open in new window

Testing with nmap and openssl both show that TLS 1.0 is still enabled for 3389 (server).  
openssl s_client -connect 192.168.1.1:3389  -tls1
....
SSL-Session:
    Protocol  : TLSv1
    Cipher    : ECDHE-RSA-AES256-SHA

Open in new window

nmap --script ssl-enum-ciphers -p 3389 192.168.1.1
PORT     STATE SERVICE
3389/tcp open  ms-wbt-server
| ssl-enum-ciphers:
|   TLSv1.0:
|     ciphers:
|       TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (secp256r1) - A
|       TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (secp256r1) - A
|       TLS_DHE_RSA_WITH_AES_256_CBC_SHA (dh 2048) - A
.....

Open in new window

Going to https://www.ssllabs.com/ssltest/viewMyClient.html shows TLS 1.0 is still enabled on the client side:
 
Protocols
TLS 1.3	Yes
TLS 1.2	Yes
TLS 1.1	Yes
TLS 1.0	Yes
SSL 3	No
SSL 2	No

Open in new window

0
NESSUS vulnerability Scanner runs every often on my network. I see that All my Windows server 2008 R2, 2012 R2, Windows 8.1. shows the following two vulnerabilities below on the report as HIGH. We do have PCI regulation, we do not manage credit card services by the way.
1) TLS version 1.0 Protocol Detection
2) SSL Version 2 and 3 Protocol Dectection.
All my servers and Computers are patch monthly, so i do not think i am missing any patch. is there a way to fix this? I have a wildcar certificate from godaddy that i can use, so all my computers can talk using that? is this a good option?
Please advise.
Thanks,
0
have a client workstation that suddenly givea a '7-zip access denied' error on any executable but 7-zip is not installed(that i can find)  Malwarebytes scans clean and Vipre Internet Security scans clean.  Administrator/user permissions make no difference.
0
I need to disable the POODLE vulnerability.  I have Centos 7.5 and
OpenSSL 1.0.2k-fips  26 Jan 2017

Open in new window

and I have ran yum update openssl and nothing qualifies.  I added the line
SSLProtocol All -SSLv2 -SSLv3

Open in new window

in
/etc/httpd/conf.d/ssl.conf

Open in new window

- I then restarted httpd.

Yet when I run my cert against https://www.ssllabs.com free ssl checker I still show a POODLE vulnerability.

Please tell me how to get rid of this vulnerability.

Thanks,
0
Can anyone please help?I have wasted almost a day on this,...Codebase I am working on has been analyzed by Checkmarks(i.e Its a tool which scan code for any security  issues), and it came back with a report containing a "Stored XSS" issue. The issue states:

Method retrieveDataTagsNames at line 47 of Correspondence
Template/sf/claims/api/correspondence/template/data/DataTagsNamesDao.java gets data from the database,
for the query element. This element’s value then flows through the code without being properly filtered or
encoded and is eventually displayed to the user in method retrieveDataTagsNamesDetails at line 52 of
Correspondence Template/sf/claims/api/correspondence/template/service/DataTagsNamesRestController.java.
This may enable a Stored Cross-Site-Scripting attack.

Code  for DataTagsNamesDao.java:-

public class DataTagsNamesDao {
    private static final Logger LOGGER = LoggerFactory.getLogger(DataTagsNamesDao.class);

    @Autowired
    private NamedParameterJdbcTemplate jdbcTemplate;

    @Autowired
    private Sql retrieveDataTagsNames;

    /**
     * This method retrieves data tags names and values  from a DB2
     * sequence object.
     * 
     * @return String (data tags names and values)
     */
    @Transactional(readOnly = true)
    public List<DataTagsNames> retrieveDataTagsNames(String templateId) {
	
	try {
	    return jdbcTemplate.query(retrieveDataTagsNames.getSql(),new MapSqlParameterSource().addValue("templateId", templateId) 

Open in new window

0
Good Afternoon,

We had a security audit of our entire network and were provided with a report of all potential vulnerabilities.
Working through these, we came across a list of users with the "allowed to be delegated to a service" vulnerability.

I've had a good search on google and ran the below powershell commands but I cannot seem to find anything regarding "These administrative accounts are allowed to be delegated to a service" on the users accounts and nothing is being returned from the powershell commands.

Get-ADUser -LdapFilter "(userAccountControl:1.2.840.113556.1.4.803:=524288)" | %{$_.DistinguishedName}

Open in new window

Get-aduser -ldapfilter "(&(userAccountControl:1.2.840.113556.1.4.803:=16777216)(msDS-AllowedToDelegateTo=*))" | %{$_.DistinguishedName}

Open in new window

Get-aduser -LdapFilter "(&(!(|(userAccountControl:1.2.840.113556.1.4.803:=524288)(userAccountControl:1.2.840.113556.1.4.803:=16777216)))(msDS-AllowedToDelegateTo=*))" | %{$_.DistinguishedName}

Open in new window

Get-aduser -LdapFilter "(&(userAccountControl:1.2.840.113556.1.4.803:=16777216)(!(msDS-AllowedToDelegateTo=*)))" | %{$_.DistinguishedName}

Open in new window


Does anyone know what "These administrative accounts are allowed to be delegated to a service" is?
Any why this is set when the accounts aren't even administrators?

Many thanks!
0
Customer has a watchguard T10 firebox firewall for a pos system.  The POS server connects directly to the trusted network port. no other computers connect to that network.  

Customer wants to setup an access point for wifi.  The watchguard has a 3rd port.  I want to activate it as a second network and allow wireless devices to access the internet.  

The watchguard firewall does not have built in wifi.  We purchased an access point that we plan to connect to the 3rd port.

This is a restaurant, there are no office pc's or network printers.

Need suggestions on policy's, the device has contenfilter subscriptions.  I want to enforce them on the 3rd port too if possible.
0
I installed AIX 7.1 there is no application installed ,i upgraded java 5 to 7 .
When i run Nessus scan i am getting sslv2 and sslv3 detection vulnerability .
0
I installed AIX 7.1 there is no application installed ,i upgraded java 5 to 7 .
When i run Nessus scan i am getting sslv2 and sslv3 detection vulnerability .
0
ON-DEMAND: 10 Easy Ways to Lose a Password
LVL 1
ON-DEMAND: 10 Easy Ways to Lose a Password

Learn about the methods that hackers use to lift real, working credentials from even the most security-savvy employees in this on-demand webinar. We cover the importance of multi-factor authentication and how these solutions can better protect your business!

How to block RFC 1918 and create object-groups and use that object-groups to block any udp traffic inbound to the external interface on a WatchGuard Firebox (M200)?
0
Hi, i am having an issue with IIS 10 and my PCI DSS Scanning.

I keep getting the below feedback. However in the release notes for IIS 10 it said you can block this information by going in to the configuration editor > system.webserver > Security > request filtering and changing "RemoveServerHeader" to True.  I have done this for the default web site and Exchange Back end.

However the results still come back the same, i know i can use URLrewrite or some other method, however if its now built in to IIS 10 i would like to try and figure out why it wont work.

Thanks in advance for any help.

"Web Server HTTP Header Information Disclosure"
"Server type : Microsoft IIS"
"Server version : 10.0"
"Source : Microsoft-IIS/10.0"
0
Hi,

My company have some VM which running IIS web server on Windows OS. Based on BitSight - Web Server Vulnerabilities.

My tasks are assigned as follow.

Services require to reverted back
2. Where to disable SSLv2 and SSLv3 protocol, the Diffie-Hellman encryption length also require to use 2048bit
3. How to update those outdated IIS server

Ps advice me accordingly as i've never done this before as require by our Cyber team.

If there is any best practice to perform hardening, ps advice and share for my knowledge.

Tks.

Lcuky
0
We have a Linux server and after it was scanned for any security vulnerabilities, we got one about "SSH Weak Algorithms Supported".  I tried to make a change to the ssh_config file under /etc/ssh/ to remove the support for any "arcfour" algorithm, but after another scan, it is still showing that this vulnerability exists.  Can anyone tell me exactly what I need to change?  This is my line in the ssh_config file:

 Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc

Thanks in advance!
- Christian
0
We have a Watchguard M200 firewall that we would like to limit inbound/outbound bandwidth to 20Mbps on our External (WAN) interface. Our ISP allows for 40Mbps total bandwidth. I've gone into Traffic Management and changed the interface to limit bandwidth to 20Mbps but this only seems to apply to upstream outbound traffic. Inbound traffic is still coming in at the fulll 40Mbps. Is it possible to also limit inbound traffic to 20Mbps?

Thank you
0
Hi, when i was trying to create  a new user account in bugzillla (from GUI) it says "A confirmation email has been sent containing a link to continue creating an account. The link will expire if an account is not created within 3 days". But i have not received any confirmation email. facing this issue from several days. i am able to receive mails earlier but encountering issue now. we are using smtp port 465.
0
I am having an issue accessing a secure ftp web site from a network.  The network uses a watchguard xtm 25 appliance and then runs Server 2008 R2 as the network server.  The workstations are all Windows 7 Pro.

The URL is https://oebsftp.ontarioenergyboard.ca.  This should bring me to a log in page, but instead the following message

The message from IE 11 is as follows:

This page can’t be displayed


Turn on TLS 1.0, TLS 1.1, and TLS 1.2 in Advanced settings and try connecting to https://oebsftp.ontarioenergyboard.ca  again. If this error persists, it is possible that this site uses an unsupported protocol or cipher suite such as RC4 (link for the details), which is not considered secure. Please contact your site administrator.

Fire fox give the following:
Secure Connection Failed

The connection to oebsftp.ontarioenergyboard.ca was interrupted while the page was loading.

    The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
    Please contact the website owners to inform them of this problem.
Often the Ontario energy board upload sites are designed for IE only.

I do not see anything in the Watchguard appliance but may be overlooking something.

The server uses SEP 14.0 for both anti-virus and Firewall

As a separate issue, email using Outlook 2013 cannot use ssl either
0
Regarding CVE-2018-0151 and apologies if this seems like a newb question but....

Is it still advisable to disable UDP port 18999 if your not using the the Adaptive QoS for Dynamic Multipoint VPN (DMVPN) feature?  Or should we only be concerned with this if the feature set is enabled and in use?  Our network engineers are clamoring over the fact that they would have to disable the port on over 600 devices in order to address this given we're not utilizing the feature.

Thanks in advance
0
We have a WatchGuard M300. We currently have an internet connection that is too small for our needs. Our issue is the upload speed is capped at 20Mbps. With the M300 can we add a second internet connection and have our internet traffic divided evenly between these two connections?
0
Cloud Class® Course: Microsoft Windows 7 Basic
LVL 12
Cloud Class® Course: Microsoft Windows 7 Basic

This introductory course to Windows 7 environment will teach you about working with the Windows operating system. You will learn about basic functions including start menu; the desktop; managing files, folders, and libraries.

We have several locations. Each location has several DNS servers, all replicating to each other. In DNS we have several Conditional Forwarders. At all locations except one I can ping and RDP into any of the servers in the Conditional Forwarders list. However in one of the locations I am unable to ping to any of the Conditional Forwarder IPs. All locations are connected using a Watchguard firewall using a VPN. When I do a tracert from the location that is unable to get to any of the Conditional Forwarder locations, it goes to the local DNS server, then out to local ISP DNS server. I have been reading and searching for articles that might help however I am unable to find a solution.
0
Hi All

This is not a question as such im looking for information ideas on how i can pass VLAN's across a ipsec VPN tunnel

Ive got 16 VLANS that is hosted at one site located a few hundred kilometers away from my secondary site and i want to be able to push the vlans from the main site to the secondary site and then be able to distriube those via a switch at the remote site

The sites currently will be connected via either Sonicwalls or WatchGuard UTM Appliances

Any help or suggestions on this would be greatly appreciated
0
I have a dell poweredge r620 that is running some windows server guests (hypervisor is ESXi 6.5 build 7388607).  I was under the impression that the combination of the hypervisor build and the latest bios would take care of it, but running some scripts from GitHub on the hypervisor and the speculationcontrolsettings report on the guests would lead me to believe there is still some work to do.  Both report the vulnerabilities still exist.

When upgrading the hypervisor I used command line "esxcli software vib update path\esxi650-20171201.zip" to get to the build number listed above.  Can any experts out there give me an idea of what I could be overlooking?
0
Hello Experts,

I have got XTM 26 series watchguard Firewall in the company. We are now in the phase of upgrading internet bandwidth from 20 Mbps to 100 Mbps.  According to service provider, I have to setup firewall for traffic shaping but I am not sure watchguard support it or not?

Parameters to configure on firewall are; Shaping Rate, Shaping burst, Extended burst.


I do not want to go with other option of adding a router before the firewall, as it may stops all applications running in branch office.

Can anybody help me with?
0
I'm about to apply WannaCry patch for my customer environment.

I know it will disable SMBv1 on server and their implication likes AD replication and login issue.
I wonder if there is any special procedure or pre/post action to follow after install the patches so I can minimize the impact and tackle the root cause in short time.

thanks
0
I come across the following link

https://stackoverflow.com/questions/41487621/authorization-in-spring-web-application-custom-filter-vs-servelt-filter-vs-acce

Custom Filter OR Servlet Filter or AccessDecisionVoter

Need to provide access to user after login to the pages or actions based on certain conditions (user is active or user expiration date is over or user doesn't have any orders) and looking for a custom spring security. In the above which one would be suitable in this case and need a good code snippet to achieve it.
0

Vulnerabilities

6K

Solutions

8K

Contributors

A vulnerability is a weakness which allows an attacker to reduce a system's information assurance. Vulnerability is the intersection of three elements: a system susceptibility or flaw, attacker access to the flaw, and attacker capability to exploit the flaw. To exploit a vulnerability, an attacker must have at least one applicable tool or technique that can connect to a system weakness, known as the attack surface. Vulnerability management is the cyclical practice of identifying, classifying, remediating, and mitigating vulnerabilities. Other vulnerabilities include security risks, security defects and constructs in programming languages that are difficult to use properly.