bug-bounty433
google352
xss348
microsoft280
facebook245
apple171
exploit160
rce156
malware97
account-takeover94
cve88
csrf82
writeup80
bragging-post78
browser77
privilege-escalation67
react59
authentication-bypass57
cloudflare54
dos53
docker51
ssrf51
node50
access-control47
aws47
phishing46
smart-contract45
oauth45
ethereum43
supply-chain43
web342
defi42
sql-injection41
lfi37
idor34
smart-contract-vulnerability32
clickjacking31
web-application31
race-condition31
reverse-engineering31
wordpress30
info-disclosure30
vulnerability-disclosure29
cloud28
burp-suite28
information-disclosure28
solidity27
web-security27
ctf26
responsible-disclosure26
0
7/10
vulnerability
Symantec Messaging Gateway versions ≤10.6.5 contain an authentication bypass in the password reset feature due to encryption of password reset tokens using a hardcoded static key with weak PBEWithMD5AndDES cipher. An attacker can craft a valid administrator session by encrypting the string 'admin:' and passing it as an authorization parameter.
authentication-bypass
hardcoded-credentials
weak-encryption
password-reset-flaw
pbe-with-md5-and-des
symantec-messaging-gateway
token-prediction
appliance-security
web-application
Symantec Messaging Gateway
Artem Kondratenko
Philip Pettersson
SYMSA1461
PBEWithMD5AndDES