all InfoSec news
Contec CONPROSYS HMI System Login DoS
May 31, 2023, 1:51 p.m. | Jimi Sebree
Tenable Research Advisories www.tenable.com
A denial of service vulnerability exists in Contec CONPROSYS HMI System (CHS) v3.5.2. An unauthenticated remote attacker can exploit it to prevent legitimate users from logging in from the attacker-specified IP addresses for hours if the time zones configured in PHP and PostgreSQL are different. The attacker can repeat the attack to cause login DoS for an extended period of time.
Proof of Concept
Prevent logins from localhost.
Set "date.timezone" to "UTC" in php.ini …
More from www.tenable.com / Tenable Research Advisories
Microsoft Azure Firewall Bypass Vulnerability
6 days, 11 hours ago |
www.tenable.com
Fluent Bit Memory Corruption Vulnerability
3 weeks, 2 days ago |
www.tenable.com
Cross-Site Scripting in WordPress RSS Aggregator Plugin
3 weeks, 5 days ago |
www.tenable.com
Solidus Stored Cross-Site Scripting
3 weeks, 5 days ago |
www.tenable.com
Jobs in InfoSec / Cybersecurity
CyberSOC Technical Lead
@ Integrity360 | Sandyford, Dublin, Ireland
Cyber Security Strategy Consultant
@ Capco | New York City
Cyber Security Senior Consultant
@ Capco | Chicago, IL
Senior Security Researcher - Linux MacOS EDR (Cortex)
@ Palo Alto Networks | Tel Aviv-Yafo, Israel
Sr. Manager, NetSec GTM Programs
@ Palo Alto Networks | Santa Clara, CA, United States
SOC Analyst I
@ Fortress Security Risk Management | Cleveland, OH, United States