bug-bounty508
xss281
rce125
bragging-post118
account-takeover106
open-source94
google92
authentication-bypass85
csrf85
exploit79
privilege-escalation77
stored-xss74
facebook73
access-control66
web-security65
microsoft65
reflected-xss63
ai-agents63
cve62
input-validation51
writeup49
ssrf49
defi48
sql-injection48
smart-contract48
cross-site-scripting47
privacy47
malware46
tool46
information-disclosure45
ethereum44
api-security43
web-application39
phishing39
llm37
automation36
burp-suite36
opinion35
vulnerability-disclosure35
web334
smart-contract-vulnerability33
responsible-disclosure33
html-injection33
apple32
idor32
machine-learning32
oauth31
infrastructure31
lfi31
waf-bypass31
0
7/10
vulnerability
Symantec Messaging Gateway contains an authentication bypass vulnerability in its password reset feature that uses weak static encryption (PBEWithMD5AndDES with hardcoded key) to protect tokens formatted as 'username:password'. An attacker can encrypt 'admin:' and pass it as the authorization parameter to gain valid administrator session access.
authentication-bypass
password-reset
encryption-weakness
hardcoded-key
pbe-with-md5-and-des
token-manipulation
appliance-vulnerability
symantec-messaging-gateway
get-parameter-injection
session-hijacking
Symantec Messaging Gateway
Artem Kondratenko
Philip Pettersson
SYMSA1461
PBEWithMD5AndDES
SMG 10.6.5