all InfoSec news
Contec CONPROSYS HMI System Login DoS
May 31, 2023, 1:51 p.m. | Jimi Sebree
Tenable Research Advisories www.tenable.com
A denial of service vulnerability exists in Contec CONPROSYS HMI System (CHS) v3.5.2. An unauthenticated remote attacker can exploit it to prevent legitimate users from logging in from the attacker-specified IP addresses for hours if the time zones configured in PHP and PostgreSQL are different. The attacker can repeat the attack to cause login DoS for an extended period of time.
Proof of Concept
Prevent logins from localhost.
Set "date.timezone" to "UTC" in php.ini …
More from www.tenable.com / Tenable Research Advisories
Arcserve Unified Data Protection 9.2 Multiple Vulnerabilities
1 month, 2 weeks ago |
www.tenable.com
Jobs in InfoSec / Cybersecurity
Social Engineer For Reverse Engineering Exploit Study
@ Independent study | Remote
Offensive Security Engineer
@ Ivanti | United States, Remote
Senior Security Engineer I
@ Samsara | Remote - US
Senior Principal Information System Security Engineer
@ Chameleon Consulting Group | Herndon, VA
Junior Detections Engineer
@ Kandji | San Francisco
Data Security Engineer/ Architect - Remote United States
@ Stanley Black & Decker | Towson MD USA - 701 E Joppa Rd Bg 700