bug-bounty512
xss283
rce131
bragging-post118
account-takeover106
google102
open-source94
authentication-bypass85
exploit85
csrf85
privilege-escalation81
facebook75
stored-xss74
microsoft72
access-control66
web-security65
cve65
ai-agents63
reflected-xss63
malware52
writeup51
input-validation51
ssrf50
sql-injection48
smart-contract48
defi48
cross-site-scripting47
privacy47
tool46
information-disclosure45
ethereum44
api-security43
phishing41
cloudflare40
web-application39
apple37
llm37
burp-suite36
automation36
opinion35
vulnerability-disclosure35
web334
dos34
html-injection33
oauth33
responsible-disclosure33
smart-contract-vulnerability33
machine-learning32
idor32
lfi31
0
7/10
vulnerability
Symantec Messaging Gateway contains an authentication bypass vulnerability in its password reset feature that uses weak static encryption (PBEWithMD5AndDES with hardcoded key) to protect tokens formatted as 'username:password'. An attacker can encrypt 'admin:' and pass it as the authorization parameter to gain valid administrator session access.
authentication-bypass
password-reset
encryption-weakness
hardcoded-key
pbe-with-md5-and-des
token-manipulation
appliance-vulnerability
symantec-messaging-gateway
get-parameter-injection
session-hijacking
Symantec Messaging Gateway
Artem Kondratenko
Philip Pettersson
SYMSA1461
PBEWithMD5AndDES
SMG 10.6.5