all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

How I Exploited A VPN To PWN A Company

Add to bookmarks
July 25, 2022, 12:33 p.m. | Dhanesh Dodia

Hacker Noon - cybersecurity hackernoon.com

TL; DR
The following are the vulnerabilities chained during an RTO:
1. Pre-Auth Arbitrary File Reading - CVE-2019–11510
2. Post-Auth Cross-Site Scripting - CVE-2019–11507
3. Post-Auth(admin) Command Injection - CVE-2019–11539
4. Missing Brute Force Prevention on Authentication
5. Weak Password Policy

Read All

cloud security cybersecurity ethical hacking hackernoon-top-story information security information technology mitre-attandck red team vpn

Visit resource

More from hackernoon.com / Hacker Noon - cybersecurity

The Noonification: Leetcode: Two-sum an Intuitive Approach (4/23/2024) 1 day, 21 hours ago | hackernoon.com
computing cybersecurity fastapi hackernoon +8
Enhancing Password Security and Recovery with Next.js 14 and NextAuth.js 2 days, 1 hour ago | hackernoon.com
authentication cybersecurity email front-end-development +16
Game of Threats: Winning Strategies for Proactive Cyber Defense 2 days, 5 hours ago | hackernoon.com
amp anomaly-based-hunting arsenal att +34
6 GitHub Repos for DevSecOps in 2024 2 days, 21 hours ago | hackernoon.com
build building can cybersecurity +16
The Journey into Digital Forensics: Exploring Career Opportunities (Revealing Insights) 1 week ago | hackernoon.com
applications breaches career career advice +34
Xiid SealedTunnel: Unfazed By Yet Another Critical Firewall Vulnerability (CVE-2024-3400) 1 week ago | hackernoon.com
access access rights common vulnerability scoring system critical +29
Waiting for Your Tax Refund? Don't Fall for These Scams 1 week ago | hackernoon.com
account cybersecurity debt don +19
GenAI - Soon to Be Great for Automating Dumb Attacks 1 week, 1 day ago | hackernoon.com
ai-cyber-attack ai risks attacks cyber +16
The Noonification: UX Considerations for Better Multi-Factor Authentication (4/12/2024) 1 week, 5 days ago | hackernoon.com
100-days-of-ai apache-apisix authentication cybersecurity +11

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

SOC 2 Manager, Audit and Certification

@ Deloitte | US and CA Multiple Locations
View on infosec-jobs.com

Cyber Systems Administration

@ Peraton | Washington, DC, United States
View on infosec-jobs.com

Android Security Engineer, Public Sector

@ Google | Reston, VA, USA
View on infosec-jobs.com

Lead Electronic Security Engineer, CPP - Federal Facilities - Hybrid

@ Black & Veatch | Denver, CO, US
View on infosec-jobs.com

Profissional Sênior de Compliance & Validação em TI - Montes Claros (MG)

@ Novo Nordisk | Montes Claros, Minas Gerais, BR
View on infosec-jobs.com

Principal Engineer, Product Security Engineering

@ Google | Sunnyvale, CA, USA
View on infosec-jobs.com
View more jobs