Fortinet FortiClient VPN Credential Disclosure

Fortinet FortiClient VPN Credential Disclosure

FortiClient stores the VPN authentication credentials in a configuration file (on Linux or Mac OSX) or in registry (on Windows). The credentials are encrypted but can still be recovered since the decryption key is hardcoded in the program and the same on all installations. Above all, the aforementioned storage is world readable, which actually lays […]

The post Fortinet FortiClient VPN Credential Disclosure appeared first on MondoUnix.

Linux mincore() Kernel Heap Page Disclosure

Linux mincore() Kernel Heap Page Disclosure

Linux mincore() discloses uninitialized kernel heap pages. When __walk_page_range() is used on a VM_HUGETLB VMA, callbacks from the mm_walk structure are only invoked for present pages. However, do_mincore() assumes that it will always get callbacks for all pages in the range passed to walk_page_range(), and when this assumption is violated, sys_mincore() copies uninitialized memory from […]

The post Linux mincore() Kernel Heap Page Disclosure appeared first on MondoUnix.

Oracle Java SE Wv8u131 Information Disclosure

Oracle Java SE Wv8u131 Information Disclosure

Oracle Java SE installs a protocol handler in the registry as “HKEY_CLASSES_ROOTjnlpShellOpenCommandDefault” ‘C:Program FilesJavajre1.8.0_131binjp2launcher.exe” -securejws “%1″‘. This can allow allow an attacker to launch remote jnlp files with little user interaction. A malicious jnlp file containing a crafted XML XXE attack can be leveraged to disclose files, cause a denial of service or trigger SSRF. […]

The post Oracle Java SE Wv8u131 Information Disclosure appeared first on MondoUnix.