CVE-2023-51772
https://notcve.org/view.php?id=CVE-2023-51772
One Identity Password Manager before 5.13.1 allows Kiosk Escape. This product enables users to reset their Active Directory passwords on the login screen of a Windows client. It launches a Chromium based browser in Kiosk mode to provide the reset functionality. The escape sequence is: wait for a session timeout, click on the Help icon, observe that there is a browser window for the One Identity website, navigate to any website that offers file upload, navigate to cmd.exe from the file explorer window, and launch cmd.exe as NT AUTHORITY\SYSTEM. One Identity Password Manager anterior a 5.13.1 permite Kiosk Escape. • https://sec-consult.com/vulnerability-lab/advisory/kiosk-escape-privilege-escalation-one-identity-password-manager-secure-password-extension https://www.oneidentity.com/products/password-manager • CWE-613: Insufficient Session Expiration •
CVE-2023-48654 – One Identity Password Manager Kiosk Escape Privilege Escalation
https://notcve.org/view.php?id=CVE-2023-48654
One Identity Password Manager before 5.13.1 allows Kiosk Escape. This product enables users to reset their Active Directory passwords on the login screen of a Windows client. It launches a Chromium based browser in Kiosk mode to provide the reset functionality. The escape sequence is: go to the Google ReCAPTCHA section, click on the Privacy link, observe that there is a new browser window, navigate to any website that offers file upload, navigate to cmd.exe from the file explorer window, and launch cmd.exe as NT AUTHORITY\SYSTEM. One Identity Password Manager anterior a 5.13.1 permite Kiosk Escape. • https://sec-consult.com/vulnerability-lab/advisory/kiosk-escape-privilege-escalation-one-identity-password-manager-secure-password-extension https://www.oneidentity.com/products/password-manager •
CVE-2023-4003 – One Identity Password Manager version 5.9.7.1 - Unauthenticated physical access privilege escalation
https://notcve.org/view.php?id=CVE-2023-4003
One Identity Password Manager version 5.9.7.1 - An unauthenticated attacker with physical access to a workstation may upgrade privileges to SYSTEM through an unspecified method. CWE-250: Execution with Unnecessary Privileges. One Identity Password Manager versión 5.9.7.1: un atacante no autenticado con acceso físico a una estación de trabajo puede actualizar los privilegios a SISTEMA mediante un método no especificado. CWE-250: Ejecución con privilegios innecesarios. • https://www.gov.il/en/Departments/faq/cve_advisories • CWE-250: Execution with Unnecessary Privileges •
CVE-2022-38725
https://notcve.org/view.php?id=CVE-2022-38725
An integer overflow in the RFC3164 parser in One Identity syslog-ng 3.0 through 3.37 allows remote attackers to cause a Denial of Service via crafted syslog input that is mishandled by the tcp or network function. syslog-ng Premium Edition 7.0.30 and syslog-ng Store Box 6.10.0 are also affected. Un desbordamiento de enteros en el analizador RFC3164 en One Identity syslog-ng 3.0 a 3.37 permite a atacantes remotos provocar una Denegación de Servicio a través de una entrada syslog manipulada que es mal manejada por el tcp o la función de red. syslog-ng Premium Edition 7.0.30 y syslog-ng Store Box 6.10.0 también se ven afectados. • https://github.com/wdahlenburg/CVE-2022-38725 https://github.com/syslog-ng/syslog-ng/security/advisories/GHSA-7932-4fc6-pvmc https://lists.balabit.hu/pipermail/syslog-ng https://lists.debian.org/debian-lts-announce/2023/02/msg00043.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J3TZ7U2GQTAHVHJXSSEHQS5D2Q5T6SZB https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QU36HCM3VZYANUYFC6XFYEYJEKQPA2Q7 https://security.gentoo.org/glsa/ • CWE-190: Integer Overflow or Wraparound •
CVE-2020-7962
https://notcve.org/view.php?id=CVE-2020-7962
An issue was discovered in One Identity Password Manager 5.8. An attacker could enumerate valid answers for a user. It is possible for an attacker to detect a valid answer based on the HTTP response content, and reuse this answer later for a password reset on a chosen password. The enumeration is possible because, within the HTTP response content, WRONG ID is only returned when the answer is incorrect. Se detectó un problema en One Identity Password Manager versión 5.8. • https://cxsecurity.com/issue/WLB-2020050185 • CWE-203: Observable Discrepancy •