Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2023-0519PUBLISHED: 2023-01-26Cross-site Scripting (XSS) - Stored in GitHub repository modoboa/modoboa prior to 2.0.4.
CVE-2023-0493PUBLISHED: 2023-01-26Improper Neutralization of Equivalent Special Elements in GitHub repository btcpayserver/btcpayserver prior to 1.7.5.
CVE-2022-46967PUBLISHED: 2023-01-26An access control issue in Revenue Collection System v1.0 allows unauthenticated attackers to view the contents of /admin/DBbackup/ directory.
CVE-2022-46966PUBLISHED: 2023-01-26Revenue Collection System v1.0 was discovered to contain a SQL injection vulnerability at step1.php.
CVE-2023-0455PUBLISHED: 2023-01-26Unrestricted Upload of File with Dangerous Type in GitHub repository unilogies/bumsys prior to v1.0.3-beta.
User Rank: Strategist
4/24/2014 | 9:47:52 AM
Such an attacker is likely to log in with stolen credentials from an abnormal location at an unusual time. Restricting user's individual access to the network by physical location (workstation or device, IP range, department, floor, building...) and setting usage/connection time limits helps organizations avoid these credentials-based attacks.
In addition by preventing concurrent logins network vulnerability is significantly reduced. This limits users to only one possible connection at any one instant making it impossible for any rogue user to use valid credentials at the same time as their legitimate owner, wherever they are based.
Our solution UserLock ensures unauthorized access is no longer possible for Windows based infrastructures - even when credentials are compromised. It stops malicious users seamlessly using valid credentials.
We blog further about internal security breaches from password based attacks here: http://www.isdecisions.com/blog/it-security/internal-security-breaches-from-password-based-attacks/