Powered by Deep Web Technologies
Note: This page contains sample records for the topic "authentication bypass vulnerability" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


1

V-057: eXtplorer "ext_find_user()" Authentication Bypass Vulnerability |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

V-057: eXtplorer "ext_find_user()" Authentication Bypass V-057: eXtplorer "ext_find_user()" Authentication Bypass Vulnerability V-057: eXtplorer "ext_find_user()" Authentication Bypass Vulnerability December 28, 2012 - 6:00am Addthis December 28 2012 - 6:00am PROBLEM: eXtplorer "ext_find_user()" Authentication Bypass Vulnerability PLATFORM: eXtplorer 2.x ABSTRACT: A vulnerability has been reported in eXtplorer, which can be exploited by malicious people to bypass certain security restrictions. REFERENCE LINKS: Secunia Advisory SA51636 eXtplorer 2.1.3 Security Release IMPACT ASSESSMENT: Medium DISCUSSION: eXtplorer was notified of a problem within the authentication system of eXtplorer Versions 2.1.2, 2.1.1, 2.1.0 and 2.1.0RC5 that have been found to be vulnerable to an authentication bypass bug.

2

T-594: IBM solidDB Password Hash Authentication Bypass Vulnerability |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

94: IBM solidDB Password Hash Authentication Bypass 94: IBM solidDB Password Hash Authentication Bypass Vulnerability T-594: IBM solidDB Password Hash Authentication Bypass Vulnerability April 4, 2011 - 6:08am Addthis PROBLEM: A vulnerability has been reported in IBM solidDB, which can be exploited by malicious people to bypass certain security restrictions. PLATFORM: IBM solidDB 4.x - IBM solidDB 6.x ABSTRACT: This vulnerability could allow remote attackers to execute arbitrary code on vulnerable installations of IBM solidDB. Authentication is not required to exploit this vulnerability. REFERENCE LINKS: IBM Security Alert Secunia Advisory: SA44030 ZDI Advisory: ZDI-11-115 IBM solidDB Support IMPACT ASSESSMENT: Medium Discussion: The specific flaw exists within the solid.exe process which listens by default on TCP ports 1315, 1964 and 2315. The authentication protocol

3

V-236: MediaWiki CentralAuth Extension Authentication Bypass Vulnerability  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

6: MediaWiki CentralAuth Extension Authentication Bypass 6: MediaWiki CentralAuth Extension Authentication Bypass Vulnerability V-236: MediaWiki CentralAuth Extension Authentication Bypass Vulnerability September 6, 2013 - 4:36am Addthis PROBLEM: A vulnerability has been reported in the CentralAuth extension for MediaWiki, which can be exploited by malicious people to bypass certain security restrictions. PLATFORM: MediaWiki CentralAuth Extension ABSTRACT: A vulnerability has been reported in the CentralAuth extension for MediaWik REFERENCE LINKS: Secunia Advisory SA54723 IMPACT ASSESSMENT: Medium DISCUSSION: The vulnerability is caused due to an error when handling auto-logins and can be exploited to bypass the authentication mechanism by providing a valid username within the "centralauth_User" cookie. IMPACT:

4

V-057: eXtplorer "ext_find_user()" Authentication Bypass Vulnerability |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

7: eXtplorer "ext_find_user()" Authentication Bypass 7: eXtplorer "ext_find_user()" Authentication Bypass Vulnerability V-057: eXtplorer "ext_find_user()" Authentication Bypass Vulnerability December 28, 2012 - 6:00am Addthis PROBLEM: eXtplorer "ext_find_user()" Authentication Bypass Vulnerability PLATFORM: eXtplorer 2.x ABSTRACT: A vulnerability has been reported in eXtplorer, which can be exploited by malicious people to bypass certain security restrictions. REFERENCE LINKS: Secunia Advisory SA51636 eXtplorer 2.1.3 Security Release IMPACT ASSESSMENT: Medium DISCUSSION: eXtplorer was notified of a problem within the authentication system of eXtplorer Versions 2.1.2, 2.1.1, 2.1.0 and 2.1.0RC5 that have been found to be vulnerable to an authentication bypass bug. IMPACT: An error within the "ext_find_user()" function in users.php can be

5

V-103: RSA Authentication Agent Lets Remote Users Bypass Authentication  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

3: RSA Authentication Agent Lets Remote Users Bypass 3: RSA Authentication Agent Lets Remote Users Bypass Authentication Requirements V-103: RSA Authentication Agent Lets Remote Users Bypass Authentication Requirements March 4, 2013 - 12:27am Addthis PROBLEM: RSA Authentication Agent Lets Remote Users Bypass Authentication Requirements PLATFORM: RSA Authentication Agent 7.1, 7.1.1 for Microsoft Windows ABSTRACT: A vulnerability was reported in RSA Authentication Agent. REFERENCE LINKS: RSA SecurCare SecurityTracker Alert ID: 1028230 CVE-2013-0931 IMPACT ASSESSMENT: Medium DISCUSSION: On systems configured for Quick PIN Unlock, the system will request a PIN instead of a full Passcode when the session is activated from an active screensaver after the Quick PIN Unlock timeout has expired. RSA Authentication Agent on Windows Vista, Windows 7, Windows 2008, and

6

T-646: Debian fex authentication bypass | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

6: Debian fex authentication bypass 6: Debian fex authentication bypass T-646: Debian fex authentication bypass June 14, 2011 - 3:45pm Addthis PROBLEM: The vulnerability is caused due to the application not properly verifying the existence of "auth-ID" when uploading files and can be exploited to bypass the authentication mechanism. PLATFORM: Debian fex ABSTRACT: Debian security discovered that fex, a web service for transferring very large, files, is not properly validating authentication IDs. While the service properly validates existing authentication IDs, an attacker who is not specifying any authentication ID at all, can bypass the authentication procedure. reference LINKS: DSA-2259-1 fex Secunia Advisory SA44940 Debian Security Advisory DSA-2259-1 fex-20110610.tar Vulnerability Report: Debian GNU/Linux 6.0

7

V-103: RSA Authentication Agent Lets Remote Users Bypass Authenticatio...  

Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

RSA Authentication Agent Lets Remote Users Bypass Authentication Requirements March 4, 2013 - 12:27am Addthis PROBLEM: RSA Authentication Agent Lets Remote Users Bypass...

8

U-061: RSA Adaptive Authentication Bugs Let Remote Users Bypass Certain  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

1: RSA Adaptive Authentication Bugs Let Remote Users Bypass 1: RSA Adaptive Authentication Bugs Let Remote Users Bypass Certain Security Controls U-061: RSA Adaptive Authentication Bugs Let Remote Users Bypass Certain Security Controls December 14, 2011 - 8:17am Addthis PROBLEM: RSA Adaptive Authentication Bugs Let Remote Users Bypass Certain Security Controls. PLATFORM: 6.0.2.1 SP1 Patch 2 and SP1 Patch 3 6.0.2.1 SP2 and SP2 Patch 1 6.0.2.1 SP3 ABSTRACT: A remote user may be able to bypass certain security controls. reference LINKS: SecurityTracker Alert ID: 1026420 Security Focus: ESA-2011-036 IMPACT ASSESSMENT: Medium Discussion: Two vulnerabilities were reported in RSA Adaptive Authentication (On-Premise). A remote user may be able to bypass certain security controls. A remote user can send specially crafted data elements to affect the Device

9

U-234: Oracle MySQL User Login Security Bypass Vulnerability | Department  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

234: Oracle MySQL User Login Security Bypass Vulnerability 234: Oracle MySQL User Login Security Bypass Vulnerability U-234: Oracle MySQL User Login Security Bypass Vulnerability August 14, 2012 - 7:00am Addthis PROBLEM: Oracle MySQL User Login Security Bypass Vulnerability PLATFORM: Version(s): prior to 5.1.63 and 5.5.25 are vulnerable. ABSTRACT: Oracle MySQL is prone to a security bypass vulnerability Attackers can exploit this issue to bypass certain security restrictions. REFERENCE LINKS: http://www.securityfocus.com/bid/53911/discuss CVE-2012-2122 IMPACT ASSESSMENT: Medium Discussion: Security researchers have released details about a vulnerability in the MySQL server that could allow potential attackers to access MySQL databases without inputting proper authentication credentials.The vulnerability is identified as CVE-2012-2122 and was addressed in MySQL 5.1.63 and 5.5.25 in

10

U-188: MySQL User Login Security Bypass and Unspecified Vulnerability |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

8: MySQL User Login Security Bypass and Unspecified 8: MySQL User Login Security Bypass and Unspecified Vulnerability U-188: MySQL User Login Security Bypass and Unspecified Vulnerability June 12, 2012 - 7:00am Addthis PROBLEM: A security issue and vulnerability have been reported in MySQL PLATFORM: MySQL 5.x ABSTRACT: An error when verifying authentication attempts can be exploited to bypass the authentication mechanism. Reference LINKS: Original Advisory CVE-2012-2122 Secunia Advisory 49409 IMPACT ASSESSMENT: High Discussion: Successful exploitation of this vulnerability requires MySQL to be built on a system with a library that allows "memcmp()" to return a value outside of the -128 through 127 range (e.g. sse-optimized glibc). NOTE: Vendor binaries are reportedly not affected. The security issue is reported in versions prior to 5.1.63 and 5.5.25.

11

V-017: Apache Tomcat Security Bypass and Denial of Service Vulnerabilities  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

7: Apache Tomcat Security Bypass and Denial of Service 7: Apache Tomcat Security Bypass and Denial of Service Vulnerabilities V-017: Apache Tomcat Security Bypass and Denial of Service Vulnerabilities November 6, 2012 - 6:00am Addthis PROBLEM: Apache Tomcat Security Bypass and Denial of Service Vulnerabilities PLATFORM: Apache Tomcat 5.x Apache Tomcat 6.x Apache Tomcat 7.x ABSTRACT: Two vulnerabilities were reported in Apache Tomcat REFERENCE LINKS: Apache.org Apache Tomcat Denial of Service Apache Tomcat DIGEST authentication weaknesses Secunia Advisory SA51138 CVE-2012-2733 CVE-2012-3439 IMPACT ASSESSMENT: Medium DISCUSSION: A weakness and a vulnerability have been reported in Apache Tomcat, which can be exploited by malicious people to bypass certain security restrictions and cause a DoS (Denial of Service). 1) An error within the "parseHeaders()" function

12

V-077: Barracuda SSL VPN Bug Lets Remote Users Bypass Authentication |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

7: Barracuda SSL VPN Bug Lets Remote Users Bypass 7: Barracuda SSL VPN Bug Lets Remote Users Bypass Authentication V-077: Barracuda SSL VPN Bug Lets Remote Users Bypass Authentication January 25, 2013 - 6:00am Addthis PROBLEM: A vulnerability was reported in Barracuda SSL VPN. PLATFORM: The vulnerability has been verified to exist in Barracuda SSL VPN version 2.2.2.203 ABSTRACT: A remote user can gain administrative access to the target system. REFERENCE LINKS: SecurityTracker Alert ID: 1028039 Barracuda Networks Advisory IMPACT ASSESSMENT: High DISCUSSION: A remote user can set a specially crafted Java system property (via 'setSysProp.jsp') to bypass access restrictions and gain access to the API functionality. This can be exploited to download configuration files, download database dumps, shutdown the system, and set new administrative

13

Nemesis: Preventing Authentication & Access Control Vulnerabilities in Web Applications  

E-Print Network (OSTI)

Nemesis: Preventing Authentication & Access Control Vulnerabilities in Web Applications Michael web applications. Authentication attacks occur when a web application authenticates users unsafely, granting access to web clients that lack the ap- propriate credentials. Access control attacks occur when

Sabatini, David M.

14

U-246: Tigase XMPP Dialback Protection Bypass Vulnerability | Department of  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

6: Tigase XMPP Dialback Protection Bypass Vulnerability 6: Tigase XMPP Dialback Protection Bypass Vulnerability U-246: Tigase XMPP Dialback Protection Bypass Vulnerability August 28, 2012 - 7:00am Addthis PROBLEM: Tigase XMPP Dialback Protection Bypass Vulnerability PLATFORM: Tigase 5.x ABSTRACT: A vulnerability has been reported in Tigase, which can be exploited by malicious people to bypass certain security restrictions. reference LINKS: XMPP Standards Foundation Secunia Advisory SA50362 tigase.org CVE-2012-4670 IMPACT ASSESSMENT: Medium Discussion: The vulnerability is caused due to an error within the XMPP protocol implementation, which does not properly verify the "Verify Response" and "Authorization Response" messages. This can be exploited to spoof a domain and bypass the Dialback protection.

15

U-244: McAfee Email Gateway Lets Remote Users Bypass Authentication and  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

44: McAfee Email Gateway Lets Remote Users Bypass Authentication 44: McAfee Email Gateway Lets Remote Users Bypass Authentication and Conduct Cross-Site Scripting and Directory Traversal Attacks U-244: McAfee Email Gateway Lets Remote Users Bypass Authentication and Conduct Cross-Site Scripting and Directory Traversal Attacks August 27, 2012 - 7:00am Addthis PROBLEM: McAfee Email Gateway Lets Remote Users Bypass Authentication and Conduct Cross-Site Scripting and Directory Traversal Attacks PLATFORM: McAfee Email Gateway (MEG) 7.0.0 and 7.0.1 (MEG 6.7.x is NOT affected.) McAfee Email and Web Security (EWS) 5.6 Patch 3 and earlier McAfee Email and Web Security (EWS) 5.5 Patch 6 and earlier ABSTRACT: Several vulnerabilities were reported in McAfee Email Gateway. reference LINKS: McAfee Security Bulletin ID: SB10026 SecurityTracker Alert ID: 1027444

16

U-244: McAfee Email Gateway Lets Remote Users Bypass Authentication and  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

4: McAfee Email Gateway Lets Remote Users Bypass Authentication 4: McAfee Email Gateway Lets Remote Users Bypass Authentication and Conduct Cross-Site Scripting and Directory Traversal Attacks U-244: McAfee Email Gateway Lets Remote Users Bypass Authentication and Conduct Cross-Site Scripting and Directory Traversal Attacks August 27, 2012 - 7:00am Addthis PROBLEM: McAfee Email Gateway Lets Remote Users Bypass Authentication and Conduct Cross-Site Scripting and Directory Traversal Attacks PLATFORM: McAfee Email Gateway (MEG) 7.0.0 and 7.0.1 (MEG 6.7.x is NOT affected.) McAfee Email and Web Security (EWS) 5.6 Patch 3 and earlier McAfee Email and Web Security (EWS) 5.5 Patch 6 and earlier ABSTRACT: Several vulnerabilities were reported in McAfee Email Gateway. reference LINKS: McAfee Security Bulletin ID: SB10026 SecurityTracker Alert ID: 1027444

17

T-674: Drupal Secure Password Hashes Module Security Bypass Vulnerability |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

74: Drupal Secure Password Hashes Module Security Bypass 74: Drupal Secure Password Hashes Module Security Bypass Vulnerability T-674: Drupal Secure Password Hashes Module Security Bypass Vulnerability July 22, 2011 - 3:00pm Addthis PROBLEM: Drupal Secure Password Hashes Module Security Bypass Vulnerability PLATFORM: Drupal Secure Password Hashes 6.X-1.0 Drupal Secure Password Hashes 5.X-1.4 ABSTRACT: The Secure Password Hashes module for Drupal is prone to a security-bypass vulnerability. reference LINKS: Drupal Homepage SA-CONTRIB-2011-026 - Secure Password Hashes (phpass) - Multiple Vulnerabilities IMPACT ASSESSMENT: Medium Discussion: This module uses the PHPass hashing library to try to store users hashed passwords securely. The module sets a fixed string for the 'pass' column in the {users} database column but does not replace the pass attribute of the account

18

V-106: Citrix Access Gateway Unspecified Security Bypass Vulnerability |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

6: Citrix Access Gateway Unspecified Security Bypass 6: Citrix Access Gateway Unspecified Security Bypass Vulnerability V-106: Citrix Access Gateway Unspecified Security Bypass Vulnerability March 7, 2013 - 6:00am Addthis PROBLEM: A vulnerability has been reported in Citrix Access Gateway PLATFORM: Standard Edition 5.0.x prior to 5.0.4.223524. Versions 4.5.x and 4.6.x are not affected by this vulnerability ABSTRACT: A vulnerability has been reported in Citrix Access Gateway, which can be exploited by malicious people to bypass certain security restrictions. REFERENCE LINKS: Secunia Advisory SA52479 Security Tracker Alert ID 1028255 com/id/1028255 CVE-2013-2263 Citrix Knowledge Center IMPACT ASSESSMENT: High DISCUSSION: The vulnerability could allow an unauthenticated user to gain access to network resources. IMPACT:

19

V-237: TYPO3 Security Bypass Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

V-237: TYPO3 Security Bypass Vulnerabilities V-237: TYPO3 Security Bypass Vulnerabilities V-237: TYPO3 Security Bypass Vulnerabilities September 9, 2013 - 6:00am Addthis PROBLEM: Some vulnerabilities have been reported in TYPO3 PLATFORM: TYPO3 6.x ABSTRACT: TYPO3 comes with the possibility to restrict editors to certain file actions (copy, delete, move etc.) and to restrict these actions to be performed in certain locations REFERENCE LINKS: Secunia Advisory SA54717 Security Focus ID 62257 IMPACT ASSESSMENT: Medium DISCUSSION: 1) Some errors when handling file actions can be exploited to bypass file action permission restrictions and e.g. create or read arbitrary files within or outside the webroot. 2) An error when validating file names within the file renaming functionality can be exploited to bypass the denied file extensions check

20

Current Projects: Product Authenticity Tags - Vulnerability Assessment Team  

NLE Websites -- All DOE Office Websites (Extended Search)

Product Authenticity Tags Product Authenticity Tags VAT Projects Introducing the VAT Adversarial Vulnerability Assessments Safety Tags & Product Counterfeiting Election Security Spoofing GPS Defeating Existing Tamper-Indicating Seals Specialty Field Tools & Sampling Tools Insider Threat Mitigation Drug Testing Security Microprocessor Prototypes The Journal of Physical Security Vulnerability Assessments Vulnerability Assessments Insanely Fast µProcessor Shop Insanely Fast µProcessor Shop Seals About Seals Applications of Seals Common Myths about Tamper Indicating Seals Definitions Findings and Lessons Learned New Seals Types of Seals Seals References Selected VAT Papers Selected VAT Papers Selected Invited Talks Self-Assessment Survey Security Maxims Devil's Dictionary of Security Terms Argonne's VAT (brochure)

Note: This page contains sample records for the topic "authentication bypass vulnerability" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


21

V-005: ModSecurity Multipart Message Parsing Security Bypass Vulnerability  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

5: ModSecurity Multipart Message Parsing Security Bypass 5: ModSecurity Multipart Message Parsing Security Bypass Vulnerability V-005: ModSecurity Multipart Message Parsing Security Bypass Vulnerability October 18, 2012 - 6:00am Addthis PROBLEM: ModSecurity Multipart Message Parsing Security Bypass Vulnerability PLATFORM: Modsecurity Versions prior to 2.70 ABSTRACT: SEC Consult has reported a vulnerability in ModSecurity, which can be exploited by malicious people to bypass certain security restrictions REFERENCE LINKS: SEC Consult Secunia Advisory SA49853 IMPACT ASSESSMENT: Medium DISCUSSION: The vulnerability is caused due to an error when parsing multipart requests and can be exploited to bypass certain filtering rules. IMPACT: Remote Security Bypass SOLUTION: Update to version 2.70. Addthis Related Articles V-017: Apache Tomcat Security Bypass and Denial of Service Vulnerabilities

22

V-197: Adobe ColdFusion 10 WebSockets Security Bypass Vulnerability |  

NLE Websites -- All DOE Office Websites (Extended Search)

7: Adobe ColdFusion 10 WebSockets Security Bypass Vulnerability 7: Adobe ColdFusion 10 WebSockets Security Bypass Vulnerability V-197: Adobe ColdFusion 10 WebSockets Security Bypass Vulnerability July 11, 2013 - 6:00am Addthis PROBLEM: A vulnerability has been reported in Adobe ColdFusion PLATFORM: The vulnerability is reported in version 10 for Windows, Macintosh, and Linux ABSTRACT: The vulnerability is caused due to an unspecified error and can be exploited to invoke public methods on ColdFusion Components (CFC) using WebSockets REFERENCE LINKS: Secunia Advisory SA54024 Adobe Security Bulletin APSB13-19 Stackoverflow.com CVE-2013-3350 IMPACT ASSESSMENT: High DISCUSSION: The hotfix resolves a vulnerability that could permit an attacker to invoke public methods on ColdFusion Components (CFC) using WebSockets IMPACT: Security Bypass

23

V-162: Apache Struts "ParameterInterceptor" Security Bypass Vulnerability |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

2: Apache Struts "ParameterInterceptor" Security Bypass 2: Apache Struts "ParameterInterceptor" Security Bypass Vulnerability V-162: Apache Struts "ParameterInterceptor" Security Bypass Vulnerability May 23, 2013 - 6:00am Addthis PROBLEM: A vulnerability has been reported in Apache Struts PLATFORM: The vulnerability is reported in versions prior to 2.3.14.1 ABSTRACT: A vulnerability has been reported in Apache Struts, which can be exploited by malicious people to bypass certain security restrictions. REFERENCE LINKS: Secunia Advisory SA53495 Apache Struts Advisory S2-012 Apache Struts Advisory S2-013 CVE-2013-1965 CVE-2013-1966 IMPACT ASSESSMENT: High DISCUSSION: A request that included a specially crafted request parameter could be used to inject arbitrary OGNL code into the stack, afterward used as request

24

U-061: RSA Adaptive Authentication Bugs Let Remote Users Bypass...  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

Bugs Let Remote Users Bypass Certain Security Controls. PLATFORM: 6.0.2.1 SP1 Patch 2 and SP1 Patch 3 6.0.2.1 SP2 and SP2 Patch 1 6.0.2.1 SP3 ABSTRACT: A remote user may...

25

U-267: RSA® Authentication Agent 7.1 for Microsoft Windows® and RSA®  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

7: RSA® Authentication Agent 7.1 for Microsoft Windows® and 7: RSA® Authentication Agent 7.1 for Microsoft Windows® and RSA® Authentication Client 3.5 Access Control Vulnerability U-267: RSA® Authentication Agent 7.1 for Microsoft Windows® and RSA® Authentication Client 3.5 Access Control Vulnerability September 25, 2012 - 6:00am Addthis PROBLEM: RSA® Authentication Agent 7.1 for Microsoft Windows® and RSA® Authentication Client 3.5 Access Control Vulnerability PLATFORM: Product: RSA Authentication Agent for Microsoft Windows version 7.1 Platforms: Windows XP and Windows 2003 Product: RSA Authentication Client 3.5 Platforms: Windows XP and Windows 2003 ABSTRACT: RSA Authentication Agent Lets Remote Authenticated Users Bypass an Authentication Step reference LINKS: SecurityTracker Alert ID: 1027559 Bugtraq ID: 55662

26

U-130: JBoss Operations Network LDAP Authentication Bug Lets Remote Users  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

0: JBoss Operations Network LDAP Authentication Bug Lets Remote 0: JBoss Operations Network LDAP Authentication Bug Lets Remote Users Bypass Authentication U-130: JBoss Operations Network LDAP Authentication Bug Lets Remote Users Bypass Authentication March 21, 2012 - 7:00am Addthis PROBLEM: JBoss Operations Network LDAP Authentication Bug Lets Remote Users Bypass Authentication PLATFORM: JBoss Operations Network 2.x ABSTRACT: A vulnerability was reported in JBoss Operations Network. A remote user can login with an arbitrary password in certain cases. reference LINKS: SecurityTracker Alert ID: 1026826 Secunia Advisory SA48471 CVE-2012-1100 IMPACT ASSESSMENT: Medium Discussion: The vulnerability is caused due to an error within the Lightweight Directory Access Protocol (LDAP) authentication when handling invalid bind account credentials, which can be exploited to log-in to LDAP-based

27

V-036: EMC Smarts Network Configuration Manager Database Authentication  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

6: EMC Smarts Network Configuration Manager Database 6: EMC Smarts Network Configuration Manager Database Authentication Bypass Vulnerability V-036: EMC Smarts Network Configuration Manager Database Authentication Bypass Vulnerability November 29, 2012 - 3:30am Addthis PROBLEM: EMC Smarts Network Configuration Manager Database Authentication Bypass Vulnerability PLATFORM: EMC Smarts Network Configuration Manager (NCM) all versions prior 9.1 ABSTRACT: Two vulnerabilities were reported in EMC Smarts Network Configuration Manager. REFERENCE LINKS: EMC Identifier: ESA-2012-057 Secunia Advisory SA51408 SecurityTracker Alert ID: 1027812 CVE-2012-4614 CVE-2012-4615 IMPACT ASSESSMENT: Medium DISCUSSION: The systems uses a hard-coded key to encrypt authentication credentials on the target system [CVE-2012-4615]. A local user with knowledge of the key

28

T-707: Apache Tomcat AJP Protocol Processing Bug Lets Remote Users Bypass  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

7: Apache Tomcat AJP Protocol Processing Bug Lets Remote Users 7: Apache Tomcat AJP Protocol Processing Bug Lets Remote Users Bypass Authentication or Obtain Information T-707: Apache Tomcat AJP Protocol Processing Bug Lets Remote Users Bypass Authentication or Obtain Information August 31, 2011 - 12:00pm Addthis PROBLEM: A vulnerability was reported in Apache Tomcat. A remote user can bypass authentication or obtain potentially sensitive information. PLATFORM: Apache Tomcat 5.5.0 to 5.5.33, 6.0.0 to 6.0.33, 7.0.0 to 7.0.20 ABSTRACT: Apache Tomcat AJP protocol processing bug lets remote users bypass authentication or obtain information. reference LINKS: SecurityTracker Alert ID: 1025993 CVE-2011-3190 (under review) Apache Tomcat Security Updates IMPACT ASSESSMENT: Medium Discussion: A vulnerability was reported in Apache Tomcat. A remote user can bypass

29

V-077: Barracuda SSL VPN Bug Lets Remote Users Bypass Authentication...  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

property (via 'setSysProp.jsp') to bypass access restrictions and gain access to the API functionality. This can be exploited to download configuration files, download database...

30

V-216: Drupal Monster Menus Module Security Bypass and Script...  

Office of Environmental Management (EM)

Module Security Bypass and Denial of Service Vulnerability U-162: Drupal Multiple Vulnerabilities V-052: Drupal Core Access Bypass and Arbitrary PHP Code Execution Vulnerabilities...

31

U-247: EMC Cloud Tiering Appliance Flaw Lets Remote Users Bypass  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

7: EMC Cloud Tiering Appliance Flaw Lets Remote Users Bypass 7: EMC Cloud Tiering Appliance Flaw Lets Remote Users Bypass Authentication and Gain Administrative Access U-247: EMC Cloud Tiering Appliance Flaw Lets Remote Users Bypass Authentication and Gain Administrative Access August 29, 2012 - 6:00am Addthis PROBLEM: EMC Cloud Tiering Appliance Flaw Lets Remote Users Bypass Authentication and Gain Administrative Access PLATFORM: EMC Cloud Tiering Appliance (CTA) 7.4 and prior EMC Cloud Tiering Appliance Virtual Edition (CTA/VE) 7.4 and prior EMC Cloud Tiering Appliance (CTA) 9.0 and prior EMC Cloud Tiering Appliance Virtual Edition (CTA/VE) 9.0 and prior ABSTRACT: A vulnerability was reported in EMC Cloud Tiering Appliance. reference LINKS: SecurityTracker Alert ID: 1027448 Bugtraq ID: 55250 EMC.com CVE-2012-2285 IMPACT ASSESSMENT:

32

V-040: Apache Tomcat Bug Lets Remote Users Bypass Security Constraints |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

0: Apache Tomcat Bug Lets Remote Users Bypass Security 0: Apache Tomcat Bug Lets Remote Users Bypass Security Constraints V-040: Apache Tomcat Bug Lets Remote Users Bypass Security Constraints December 5, 2012 - 1:00am Addthis PROBLEM: Apache Tomcat Bug Lets Remote Users Bypass Security Constraints PLATFORM: Version(s): 6.0.0 - 6.0.35, 7.0.0 - 7.0.29 ABSTRACT: A vulnerability was reported in Apache Tomcat. REFERENCE LINKS: Apache Tomcat Red Hat Bugzilla - Bug 883634 SecurityTracker Alert ID: 1027833 CVE-2012-3546 IMPACT ASSESSMENT: High DISCUSSION: When using FORM authentication it was possible to bypass the security constraint checks in the FORM authenticator by appending /j_security_check to the end of the URL if some other component (such as the Single-Sign-On valve) had called request.setUserPrincipal() before the call to

33

V-186: Drupal Login Security Module Security Bypass and Denial...  

Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

U-162: Drupal Multiple Vulnerabilities V-052: Drupal Core Access Bypass and Arbitrary PHP Code Execution Vulnerabilities V-216: Drupal Monster Menus Module Security Bypass and...

34

T-728: Apache Tomcat HTTP DIGEST Authentication Weaknesses Let...  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

8: Apache Tomcat HTTP DIGEST Authentication Weaknesses Let Remote Users Conduct Bypass Attacks T-728: Apache Tomcat HTTP DIGEST Authentication Weaknesses Let Remote Users Conduct...

35

V-052: Drupal Core Access Bypass and Arbitrary PHP Code Execution...  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

2: Drupal Core Access Bypass and Arbitrary PHP Code Execution Vulnerabilities V-052: Drupal Core Access Bypass and Arbitrary PHP Code Execution Vulnerabilities December 21, 2012 -...

36

T-674: Drupal Secure Password Hashes Module Security Bypass Vulnerabil...  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

or later. Addthis Related Articles V-052: Drupal Core Access Bypass and Arbitrary PHP Code Execution Vulnerabilities V-216: Drupal Monster Menus Module Security Bypass and...

37

T-696: RSA Adaptive Authentication Has Unspecified Remote Authenticated  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

6: RSA Adaptive Authentication Has Unspecified Remote 6: RSA Adaptive Authentication Has Unspecified Remote Authenticated Session Re-use Flaw T-696: RSA Adaptive Authentication Has Unspecified Remote Authenticated Session Re-use Flaw August 18, 2011 - 3:09pm Addthis PROBLEM: A vulnerability was reported in RSA Adaptive Authentication. PLATFORM: 6.0.2.1 SP1 Patch 2 and SP1 Patch 3, 6.0.2.1 SP2 and SP2 Patch 1, 6.0.2.1 SP3 ABSTRACT: An issue with Adaptive Authentication (On-Premise) was discovered which in certain circumstances might affect the out-of-the-box available authentication methods. In certain circumstances, when authentication information is compromised, and with the knowledge of additional session information, the authentication information might be reused within an active session. reference LINKS: Security Tracker: 1025956

38

U-198: IBM Lotus Expeditor Multiple Vulnerabilities  

Energy.gov (U.S. Department of Energy (DOE))

The vulnerabilities can be exploited by malicious people to conduct cross-site scripting attacks, disclose potentially sensitive information, bypass certain security restrictions, and compromise a user's system..

39

T-575: OpenLDAP back-ndb Lets Remote Users Authenticate Without...  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

LDAP Authentication Bug Lets Remote Users Bypass Authentication U-185: OpenLDAP May Ignore TLSCipherSuite Setting in Some Cases T-535: Oracle Critical Patch Update - January 2011...

40

T-696: RSA Adaptive Authentication Has Unspecified Remote Authenticate...  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

A vulnerability was reported in RSA Adaptive Authentication. PLATFORM: 6.0.2.1 SP1 Patch 2 and SP1 Patch 3, 6.0.2.1 SP2 and SP2 Patch 1, 6.0.2.1 SP3 ABSTRACT: An issue with...

Note: This page contains sample records for the topic "authentication bypass vulnerability" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


41

V-231: Cisco Identity Services Engine Discloses Authentication Credentials  

NLE Websites -- All DOE Office Websites (Extended Search)

1: Cisco Identity Services Engine Discloses Authentication 1: Cisco Identity Services Engine Discloses Authentication Credentials to Remote Users V-231: Cisco Identity Services Engine Discloses Authentication Credentials to Remote Users August 30, 2013 - 3:01am Addthis PROBLEM: A vulnerability was reported in Cisco Identity Services Engine. A remote user can obtain authentication credentials. PLATFORM: Cisco Identity Services Engine (ISE) 1.x ABSTRACT: A vulnerability was reported in Cisco Identity Services Engine REFERENCE LINKS: SecurityTracker Alert ID: 1028965 CVE-2013-3471 IMPACT ASSESSMENT: Meduim DISCUSSION: A vulnerability was reported in Cisco Identity Services Engine. A remote user can obtain authentication credentials.The system stores the username and password of an authenticated user within hidden HTML form fields. A

42

V-052: Drupal Core Access Bypass and Arbitrary PHP Code Execution  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

52: Drupal Core Access Bypass and Arbitrary PHP Code Execution 52: Drupal Core Access Bypass and Arbitrary PHP Code Execution Vulnerabilities V-052: Drupal Core Access Bypass and Arbitrary PHP Code Execution Vulnerabilities December 21, 2012 - 12:15am Addthis PROBLEM: Drupal Core Access Bypass and Arbitrary PHP Code Execution Vulnerabilities PLATFORM: Drupal 6.x versions prior to 6.27 Drupal 7.x versions prior to 7.18 ABSTRACT: Drupal Core Multiple vulnerabilities REFERENCE LINKS: SA-CORE-2012-004 - Drupal core Bugtraq ID: 56993 Secunia Advisory SA51517 CVE-2012-5651 CVE-2012-5652 CVE-2012-5653 IMPACT ASSESSMENT: Medium DISCUSSION: An attacker can exploit these issues to execute arbitrary PHP code within the context of the web server, bypass certain security restrictions, and perform unauthorized actions; this may aid in launching further attacks.

43

V-186: Drupal Login Security Module Security Bypass and Denial of Service  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

6: Drupal Login Security Module Security Bypass and Denial of 6: Drupal Login Security Module Security Bypass and Denial of Service Vulnerability V-186: Drupal Login Security Module Security Bypass and Denial of Service Vulnerability June 26, 2013 - 1:28am Addthis PROBLEM: Drupal Login Security Module Security Bypass and Denial of Service Vulnerability PLATFORM: Login Security 6.x-1.x versions prior to 6.x-1.2. Login Security 7.x-1.x versions prior to 7.x-1.2. ABSTRACT: A security issue and a vulnerability have been reported in the Login Security module for Drupal REFERENCE LINKS: Advisory ID: DRUPAL-SA-CONTRIB-2013-053 Secunia Advisory SA53717 CVE-2013-2197 CVE-2013-2198 IMPACT ASSESSMENT: Medium DISCUSSION: 1) The security issue is caused due to an unspecified error and can be exploited to bypass the module features. Successful exploitation requires the "soft blocking" feature to be

44

U-266: Apache CXF Lets Remote Authenticated Users Execute Unauthorized SOAP  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

6: Apache CXF Lets Remote Authenticated Users Execute 6: Apache CXF Lets Remote Authenticated Users Execute Unauthorized SOAP Actions U-266: Apache CXF Lets Remote Authenticated Users Execute Unauthorized SOAP Actions September 24, 2012 - 6:00am Addthis PROBLEM: Apache CXF Lets Remote Authenticated Users Execute Unauthorized SOAP Actions PLATFORM: This vulnerability affects all released versions of Apache CXF. ABSTRACT: A vulnerability was reported in Apache CXF reference LINKS: SecurityTracker Alert ID: 1027554 Apache CXF Security Advisories Apache CXF Advisory - CVE-2012-3451 CVE-2012-3451 IMPACT ASSESSMENT: High Discussion: A vulnerability was reported in Apache CXF. A remote authenticated user can execute unauthorized commands on the target web service. Impact: A remote authenticated user can execute potentially unauthorized actions on

45

U-266: Apache CXF Lets Remote Authenticated Users Execute Unauthorized SOAP  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

6: Apache CXF Lets Remote Authenticated Users Execute 6: Apache CXF Lets Remote Authenticated Users Execute Unauthorized SOAP Actions U-266: Apache CXF Lets Remote Authenticated Users Execute Unauthorized SOAP Actions September 24, 2012 - 6:00am Addthis PROBLEM: Apache CXF Lets Remote Authenticated Users Execute Unauthorized SOAP Actions PLATFORM: This vulnerability affects all released versions of Apache CXF. ABSTRACT: A vulnerability was reported in Apache CXF reference LINKS: SecurityTracker Alert ID: 1027554 Apache CXF Security Advisories Apache CXF Advisory - CVE-2012-3451 CVE-2012-3451 IMPACT ASSESSMENT: High Discussion: A vulnerability was reported in Apache CXF. A remote authenticated user can execute unauthorized commands on the target web service. Impact: A remote authenticated user can execute potentially unauthorized actions on

46

U-162: Drupal Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

162: Drupal Multiple Vulnerabilities 162: Drupal Multiple Vulnerabilities U-162: Drupal Multiple Vulnerabilities May 4, 2012 - 7:00am Addthis PROBLEM: Drupal Multiple Vulnerabilities PLATFORM: The vulnerabilities are reported in 7.x versions prior to 7.13. ABSTRACT: Several vulnerabilities were reported in Drupal: Denial of Service, Access bypass, and Unvalidated form redirect reference LINKS: Security Advisory: DRUPAL-SA-CORE-2012-002 Bugtraq ID: 53359 Secunia Advisory SA49012 CVE-2012-1588 CVE-2012-1589 CVE-2012-1590 CVE-2012-1591 CVE-2012-2153 MPACT ASSESSMENT: High Discussion: A weakness, a security issue, and multiple vulnerabilities have been reported in Drupal, which can be exploited by malicious users to disclose sensitive information, bypass certain security restrictions, and cause a DoS (Denial of Service).

47

U-162: Drupal Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

62: Drupal Multiple Vulnerabilities 62: Drupal Multiple Vulnerabilities U-162: Drupal Multiple Vulnerabilities May 4, 2012 - 7:00am Addthis PROBLEM: Drupal Multiple Vulnerabilities PLATFORM: The vulnerabilities are reported in 7.x versions prior to 7.13. ABSTRACT: Several vulnerabilities were reported in Drupal: Denial of Service, Access bypass, and Unvalidated form redirect reference LINKS: Security Advisory: DRUPAL-SA-CORE-2012-002 Bugtraq ID: 53359 Secunia Advisory SA49012 CVE-2012-1588 CVE-2012-1589 CVE-2012-1590 CVE-2012-1591 CVE-2012-2153 MPACT ASSESSMENT: High Discussion: A weakness, a security issue, and multiple vulnerabilities have been reported in Drupal, which can be exploited by malicious users to disclose sensitive information, bypass certain security restrictions, and cause a DoS (Denial of Service).

48

U-212: RSA Authentication Manager Flaws Permit Cross-Site and Cross-Frame  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

2: RSA Authentication Manager Flaws Permit Cross-Site and 2: RSA Authentication Manager Flaws Permit Cross-Site and Cross-Frame Scripting and URL Redirection Attacks U-212: RSA Authentication Manager Flaws Permit Cross-Site and Cross-Frame Scripting and URL Redirection Attacks July 13, 2012 - 7:00am Addthis PROBLEM: RSA Authentication Manager Flaws Permit Cross-Site and Cross-Frame Scripting and URL Redirection Attacks PLATFORM: RSA Authentication Manager 7.1 is vulnerable; other versions may also be affected. ABSTRACT: RSA Authentication Manager is prone to multiple security vulnerabilities because it fails to properly sanitize user-supplied input. Attackers can exploit these issues to execute arbitrary script or HTML code, steal cookie-based authentication credentials, and conduct phishing attacks. Other attacks may also be possible.

49

V-223: RSA Authentication Agent for PAM Allows Remote Users to Make  

NLE Websites -- All DOE Office Websites (Extended Search)

3: RSA Authentication Agent for PAM Allows Remote Users to Make 3: RSA Authentication Agent for PAM Allows Remote Users to Make Unlimited Login Attempts V-223: RSA Authentication Agent for PAM Allows Remote Users to Make Unlimited Login Attempts August 21, 2013 - 6:00am Addthis PROBLEM: A vulnerability was reported in RSA Authentication Agent for PAM PLATFORM: RSA Authentication Agent for PAM 7.0.2 and prior ABSTRACT: A remote user can make unlimited login attempts REFERENCE LINKS: Security Tracker Alert ID 1028930 CVE-2013-3271 IMPACT ASSESSMENT: Medium DISCUSSION: The system does not restrict the number of login attempts made via the agent IMPACT: System Access SOLUTION: Vendor has issued a fix Addthis Related Articles U-267: RSA® Authentication Agent 7.1 for Microsoft Windows® and RSA® Authentication Client 3.5 Access Control Vulnerability

50

V-034: RSA Adaptive Authentication (On-Premise) Input Validation Flaws  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

4: RSA Adaptive Authentication (On-Premise) Input Validation 4: RSA Adaptive Authentication (On-Premise) Input Validation Flaws Permit Cross-Site Scripting Attacks V-034: RSA Adaptive Authentication (On-Premise) Input Validation Flaws Permit Cross-Site Scripting Attacks November 27, 2012 - 2:00am Addthis PROBLEM: RSA Adaptive Authentication (On-Premise) Input Validation Flaws Permit Cross-Site Scripting Attacks PLATFORM: RSA Adaptive Authentication (On-Premise) 6.x ABSTRACT: A vulnerability was reported in RSA Adaptive Authentication (On-Premise). REFERENCE LINKS: SecurityTracker Alert ID: 1027811 SecurityFocus Security Alert RSA Customer Support CVE-2012-4611 IMPACT ASSESSMENT: Medium DISCUSSION: A vulnerability was reported in RSA Adaptive Authentication (On-Premise). A remote user can conduct cross-site scripting attacks. The software does not

51

U-254: Webmin Flaws Let Remote Authenticated Users Execute Arbitrary Code  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

54: Webmin Flaws Let Remote Authenticated Users Execute 54: Webmin Flaws Let Remote Authenticated Users Execute Arbitrary Code and View Arbitrary Files U-254: Webmin Flaws Let Remote Authenticated Users Execute Arbitrary Code and View Arbitrary Files September 10, 2012 - 6:00am Addthis PROBLEM: Webmin Multiple Input Validation Vulnerabilities PLATFORM: The vulnerabilities are reported in version 1.580. Other versions may also be affected. ABSTRACT: An authenticated attacker may be able to execute arbitrary commands. reference LINKS: Webmin Security Alerts Bugtraq ID: 55446 Secunia Advisory SA50512 SecurityTracker Alert ID: 1027507 US CERT Vulnerability Note VU#788478 CVE-2012-2981 CVE-2012-2982 CVE-2012-2983 IMPACT ASSESSMENT: Medium Discussion: Multiple vulnerabilities have been reported in Webmin, which can be exploited by malicious users to compromise a vulnerable system and by

52

V-195: RSA Authentication Manager Lets Local Users View the Administrative  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

95: RSA Authentication Manager Lets Local Users View the 95: RSA Authentication Manager Lets Local Users View the Administrative Account Password V-195: RSA Authentication Manager Lets Local Users View the Administrative Account Password July 9, 2013 - 12:51am Addthis PROBLEM: RSA Authentication Manager Lets Local Users View the Administrative Account Password PLATFORM: RSA Authentication Manager 7.1, 8.0 ABSTRACT: A vulnerability was reported in RSA Authentication Manager. REFERENCE LINKS: SecurityTracker Alert ID: 1028742 CVE-2013-3273 RSA IMPACT ASSESSMENT: Medium DISCUSSION: When the RSA Authentication Manager Software Development Kit (SDK) is used to develop a custom application that connects with RSA Authentication Manager and the trace logging is set to verbose, the administrative account password used by the custom application is written in clear text to trace

53

V-216: Drupal Monster Menus Module Security Bypass and Script Insertion  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

216: Drupal Monster Menus Module Security Bypass and Script 216: Drupal Monster Menus Module Security Bypass and Script Insertion Vulnerabilities V-216: Drupal Monster Menus Module Security Bypass and Script Insertion Vulnerabilities August 12, 2013 - 6:00am Addthis PROBLEM: Two vulnerabilities have been reported in the Monster Menus module for Drupal PLATFORM: Drupal Monster Menus Module 6.x and 7.x ABSTRACT: The vulnerabilities can be exploited by malicious users to bypass certain security restrictions and conduct script insertion attacks. REFERENCE LINKS: Secunia Advisory SA54391 Drupal Security Advisory CVE-2013-4229 CVE-2013-4230 IMPACT ASSES SMENT: Medium DISCUSSION: 1) Input passed via the title when editing page settings is not properly sanitised before being edited the next time. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's

54

Two-Factor Authentication  

Energy.gov (U.S. Department of Energy (DOE))

Two-Factor Authentication (2FA) is a system wherein two different methods are used to authenticate an individual. 2FA is based on something you know (a secret PIN) and something you have (an...

55

U-268: Oracle Database Authentication Protocol Discloses Session Key  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

8: Oracle Database Authentication Protocol Discloses Session 8: Oracle Database Authentication Protocol Discloses Session Key Information to Remote Users U-268: Oracle Database Authentication Protocol Discloses Session Key Information to Remote Users September 26, 2012 - 6:00am Addthis PROBLEM: Oracle Database Authentication Protocol Discloses Session Key Information to Remote Users PLATFORM: Oracle Database 11g Releases 1 and 2 ABSTRACT: A vulnerability was reported in Oracle Database. reference LINKS: Darkreading Threatpost Arstechnica Oracle Security Alerts SecurityTracker Alert ID: 1027558 CVE-2012-3137 IMPACT ASSESSMENT: Medium Discussion: The authentication protocol in Oracle Database 11g 1 and 2 allows remote attackers to obtain the session key and salt for arbitrary users, which leaks information about the cryptographic hash and makes it easier to

56

U-268: Oracle Database Authentication Protocol Discloses Session Key  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

8: Oracle Database Authentication Protocol Discloses Session 8: Oracle Database Authentication Protocol Discloses Session Key Information to Remote Users U-268: Oracle Database Authentication Protocol Discloses Session Key Information to Remote Users September 26, 2012 - 6:00am Addthis PROBLEM: Oracle Database Authentication Protocol Discloses Session Key Information to Remote Users PLATFORM: Oracle Database 11g Releases 1 and 2 ABSTRACT: A vulnerability was reported in Oracle Database. reference LINKS: Darkreading Threatpost Arstechnica Oracle Security Alerts SecurityTracker Alert ID: 1027558 CVE-2012-3137 IMPACT ASSESSMENT: Medium Discussion: The authentication protocol in Oracle Database 11g 1 and 2 allows remote attackers to obtain the session key and salt for arbitrary users, which leaks information about the cryptographic hash and makes it easier to

57

Multi-factor authentication  

DOE Patents (OSTI)

Detection and deterrence of spoofing of user authentication may be achieved by including a cryptographic fingerprint unit within a hardware device for authenticating a user of the hardware device. The cryptographic fingerprint unit includes an internal physically unclonable function ("PUF") circuit disposed in or on the hardware device, which generates a PUF value. Combining logic is coupled to receive the PUF value, combines the PUF value with one or more other authentication factors to generate a multi-factor authentication value. A key generator is coupled to generate a private key and a public key based on the multi-factor authentication value while a decryptor is coupled to receive an authentication challenge posed to the hardware device and encrypted with the public key and coupled to output a response to the authentication challenge decrypted with the private key.

Hamlet, Jason R; Pierson, Lyndon G

2014-10-21T23:59:59.000Z

58

Argonne's Vulnerability  

NLE Websites -- All DOE Office Websites (Extended Search)

finding finding and fixing security flaws Argonne's Vulnerability assessment Team VAT researchers spend their workdays devising and demonstrating ways to defeat a wide variety of security devices, systems, and programs, ranging from electronic voting machines and global positioning systems (GPS) to nuclear safeguards programs and biometrics-based access control. This involves analyzing the security features, reverse-engineering the technology or

59

Authentication ofAuthentication ofAuthentication ofAuthentication of Degree Certificates Application Form Name in Full  

E-Print Network (OSTI)

Authentication ofAuthentication ofAuthentication ofAuthentication of Degree Certificates Application Form Name in Full Name in Full as Registered at King's Date of Birth Student ID number (IE degree certificate copies for authentication to: PLEASE REMEMBER TO INCLUDE COPIES OF YOUR CERTIFICATE(S

Applebaum, David

60

JC3 Bulletin Archive | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

or an authentication bypass. March 3, 2011 T-569: Adobe Flash SWF File Processing Memory Corruption Remote Code Execution Vulnerability Critical vulnerabilities have been...

Note: This page contains sample records for the topic "authentication bypass vulnerability" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


61

V-045: Adobe ColdFusion Lets Local Users Bypass Sandbox Restrictions |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

5: Adobe ColdFusion Lets Local Users Bypass Sandbox 5: Adobe ColdFusion Lets Local Users Bypass Sandbox Restrictions V-045: Adobe ColdFusion Lets Local Users Bypass Sandbox Restrictions December 12, 2012 - 2:00am Addthis PROBLEM: Adobe ColdFusion Lets Local Users Bypass Sandbox Restrictions PLATFORM: ColdFusion 10, 9.0.2, 9.0.1 and 9.0 for Windows, Macintosh and UNIX ABSTRACT: A vulnerability was reported in Adobe ColdFusion. REFERENCE LINKS: SecurityTracker Alert ID: 1027853 Adobe Vulnerability identifier: APSB12-26 CVE 2012-5675 IMPACT ASSESSMENT: High DISCUSSION: Adobe has released a security hotfix for ColdFusion 10 and earlier versions for Windows, Macintosh and UNIX. This hotfix resolves a vulnerability which could result in a sandbox permissions violation in a shared hosting environment. Adobe recommends users update their product installation using

62

V-050: IBM InfoSphere Information Server Multiple Vulnerabilities |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

0: IBM InfoSphere Information Server Multiple Vulnerabilities 0: IBM InfoSphere Information Server Multiple Vulnerabilities V-050: IBM InfoSphere Information Server Multiple Vulnerabilities December 19, 2012 - 1:00am Addthis PROBLEM: IBM InfoSphere Information Server Multiple Vulnerabilities PLATFORM: The vulnerabilities are reported in versions prior to 9.1. ABSTRACT: Multiple vulnerabilities have been reported in IBM InfoSphere Information Server REFERENCE LINKS: Secunia Advisory SA51605 IBM Support home IBM InfoSphere Information Server, Version 9.1 fix list IMPACT ASSESSMENT: Medium DISCUSSION: Multiple vulnerabilities have been reported in IBM InfoSphere Information Server, where some have an unknown impact and others can be exploited by malicious users to bypass certain security restrictions. 1) An unspecified error exists in the InfoCenter component.

63

T-540: Sybase EAServer Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

40: Sybase EAServer Multiple Vulnerabilities 40: Sybase EAServer Multiple Vulnerabilities T-540: Sybase EAServer Multiple Vulnerabilities January 24, 2011 - 6:16am Addthis PROBLEM: Sybase EAServer Multiple Vulnerabilities PLATFORM: Sybase EAServer versions 6.3 and prior ABSTRACT: Sybase EAServer is prone to a security-bypass vulnerability and a directory-traversal vulnerability. Attackers may exploit these issues to execute arbitrary code within the context of the application or to disclose sensitive information. Sybase EAServer versions 6.3 and prior are affected. reference LINKS: Bugtraq ID: 45809 SyBase Advisory IMPACT ASSESSMENT: Medium Discussion: Remote exploitation of a design vulnerability in Sybase EAServer could allow an attacker to install arbitrary web services, this condition can result in arbitrary code execution allowing attacker to gain control over

64

V-050: IBM InfoSphere Information Server Multiple Vulnerabilities |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

0: IBM InfoSphere Information Server Multiple Vulnerabilities 0: IBM InfoSphere Information Server Multiple Vulnerabilities V-050: IBM InfoSphere Information Server Multiple Vulnerabilities December 19, 2012 - 1:00am Addthis PROBLEM: IBM InfoSphere Information Server Multiple Vulnerabilities PLATFORM: The vulnerabilities are reported in versions prior to 9.1. ABSTRACT: Multiple vulnerabilities have been reported in IBM InfoSphere Information Server REFERENCE LINKS: Secunia Advisory SA51605 IBM Support home IBM InfoSphere Information Server, Version 9.1 fix list IMPACT ASSESSMENT: Medium DISCUSSION: Multiple vulnerabilities have been reported in IBM InfoSphere Information Server, where some have an unknown impact and others can be exploited by malicious users to bypass certain security restrictions. 1) An unspecified error exists in the InfoCenter component.

65

T-576: Oracle Solaris Adobe Flash Player Multiple Vulnerabilities |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

6: Oracle Solaris Adobe Flash Player Multiple Vulnerabilities 6: Oracle Solaris Adobe Flash Player Multiple Vulnerabilities T-576: Oracle Solaris Adobe Flash Player Multiple Vulnerabilities March 14, 2011 - 3:05pm Addthis PROBLEM: Oracle has acknowledged multiple vulnerabilities in Adobe Flash Player included in Solaris, which can be exploited by malicious people to compromise a user's system. PLATFORM: Sun Solaris 10 ABSTRACT: Oracle Solaris Adobe Flash Player Multiple Vulnerabilities. reference LINKS: Secunia Advisory: SA43747 Oracle Sun Advisory: CVE Multiple Vulnerabilities in Adobe Flash Player Secure List: SA43747 Oracle Sun Support Adobe Flash Player for Linux and Solaris IMPACT ASSESSMENT: High Discussion: Oracle has acknowledged multiple vulnerabilities in Solaris, which can be exploited by malicious people to disclose sensitive information, bypass

66

T-608: HP Virtual Server Environment Lets Remote Authenticated Users Gain  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

8: HP Virtual Server Environment Lets Remote Authenticated 8: HP Virtual Server Environment Lets Remote Authenticated Users Gain Elevated Privileges T-608: HP Virtual Server Environment Lets Remote Authenticated Users Gain Elevated Privileges April 22, 2011 - 7:47am Addthis PROBLEM: A vulnerability was reported in HP Virtual Server Environment. A remote authenticated user can obtain elevated privileges on the target system. PLATFORM: HP Virtual Server Environment prior to v6.3 ABSTRACT: A potential security vulnerability has been identified in HP Virtual Server Environment for Windows. The vulnerability could be exploited remotely to elevate privileges. reference LINKS: HP Document ID: c02749050 SecurityTracker Alert ID: 1025429 CVE-2011-1724 HP Insight Software media set 6.3 HP Technical Knowledge Base Discussion: System management and security procedures must be reviewed frequently to

67

V-127: Samba Bug Lets Remote Authenticated Users Modify Files | Department  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

7: Samba Bug Lets Remote Authenticated Users Modify Files 7: Samba Bug Lets Remote Authenticated Users Modify Files V-127: Samba Bug Lets Remote Authenticated Users Modify Files April 5, 2013 - 6:00am Addthis PROBLEM: A vulnerability was reported in Samba. PLATFORM: The vulnerabilities are reported in version(s): 3.6.0 - 3.6.5 ABSTRACT: A remote authenticated user can modify files on the target share REFERENCE LINKS: SecurityTracker Alert ID: 1028389 Samba Security Announcement CVE-2013-0454 IMPACT ASSESSMENT: Medium DISCUSSION: A remote authenticated user can perform operations on the target CIFS export that are not permitted by the CIFS share access control settings. This may include writing to read-only shares. IMPACT: Modification of user information SOLUTION: Update to 3.6.6 and higher or apply the following patch Addthis

68

V-127: Samba Bug Lets Remote Authenticated Users Modify Files | Department  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

7: Samba Bug Lets Remote Authenticated Users Modify Files 7: Samba Bug Lets Remote Authenticated Users Modify Files V-127: Samba Bug Lets Remote Authenticated Users Modify Files April 5, 2013 - 6:00am Addthis PROBLEM: A vulnerability was reported in Samba. PLATFORM: The vulnerabilities are reported in version(s): 3.6.0 - 3.6.5 ABSTRACT: A remote authenticated user can modify files on the target share REFERENCE LINKS: SecurityTracker Alert ID: 1028389 Samba Security Announcement CVE-2013-0454 IMPACT ASSESSMENT: Medium DISCUSSION: A remote authenticated user can perform operations on the target CIFS export that are not permitted by the CIFS share access control settings. This may include writing to read-only shares. IMPACT: Modification of user information SOLUTION: Update to 3.6.6 and higher or apply the following patch Addthis

69

V-220: Juniper Security Threat Response Manager Lets Remote Authenticated  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

0: Juniper Security Threat Response Manager Lets Remote 0: Juniper Security Threat Response Manager Lets Remote Authenticated Users Execute Arbitrary Commands V-220: Juniper Security Threat Response Manager Lets Remote Authenticated Users Execute Arbitrary Commands August 17, 2013 - 4:01am Addthis PROBLEM: A remote authenticated user can execute arbitrary commands on the target system. PLATFORM: 2010.0, 2012.0, 2012.1, 2013.1 ABSTRACT: A vulnerability was reported in Juniper Security Threat Response Manager (STRM) REFERENCE LINKS: SecurityTracker Alert ID: 1028921 CVE-2013-2970 IMPACT ASSESSMENT: High DISCUSSION: A remote authenticated user can inject commands to execute arbitrary operating system commands with the privileges of the target web service. This can be exploited to gain shell access on the target device.

70

U-112: PostgreSQL Bugs Let Remote Authenticated Users Gain Elevated  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

2: PostgreSQL Bugs Let Remote Authenticated Users Gain Elevated 2: PostgreSQL Bugs Let Remote Authenticated Users Gain Elevated Privileges, Inject SQL Commands, and Spoof Certificates U-112: PostgreSQL Bugs Let Remote Authenticated Users Gain Elevated Privileges, Inject SQL Commands, and Spoof Certificates February 28, 2012 - 8:45am Addthis PROBLEM: A vulnerability was reported in PostgreSQL. PLATFORM: Version(s): prior to 8.3.18, 8.4.11, 9.0.7, 9.1.3 ABSTRACT: A remote authenticated user can gain elevated privileges. A remote authenticated user can inject SQL commands. A remote user can spoof connections in certain cases. reference LINKS: Vendor Advisory Security Tracker ID 1026744 CVE-2012-0866 IMPACT ASSESSMENT: Medium Discussion: For trigger functions marked SECURITY DEFINER, a remote authenticated user can execute a trigger function and gain elevated privileges CVE-2012-0866.

71

V-174: RSA Authentication Manager Writes Operating System, SNMP, and HTTP  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

4: RSA Authentication Manager Writes Operating System, SNMP, 4: RSA Authentication Manager Writes Operating System, SNMP, and HTTP Plug-in Proxy Passwords in Clear Text to Log Files V-174: RSA Authentication Manager Writes Operating System, SNMP, and HTTP Plug-in Proxy Passwords in Clear Text to Log Files June 10, 2013 - 12:47am Addthis PROBLEM: RSA Authentication Manager Writes Operating System, SNMP, and HTTP Plug-in Proxy Passwords in Clear Text to Log Files PLATFORM: RSA Authentication Manager 8.0 ABSTRACT: A vulnerability was reported in RSA Authentication Manager. REFERENCE LINKS: RSA SecurityTracker Alert ID: 1028638 CVE-2013-0947 IMPACT ASSESSMENT: Medium DISCUSSION: The system may write operating system, SNMP, and HTTP plug-in proxy passwords in clear text to log and configuration files. IMPACT: A local user can obtain operating system, SNMP, and HTTP plug-in proxy

72

V-155: Apache Tomcat FORM Authenticator Lets Remote Users Conduct Session  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

5: Apache Tomcat FORM Authenticator Lets Remote Users Conduct 5: Apache Tomcat FORM Authenticator Lets Remote Users Conduct Session Fixation Attacks V-155: Apache Tomcat FORM Authenticator Lets Remote Users Conduct Session Fixation Attacks May 14, 2013 - 12:08am Addthis PROBLEM: Apache Tomcat FORM Authenticator Lets Remote Users Conduct Session Fixation Attacks PLATFORM: Tomcat 6.0.21 to 6.0.36, 7.0.0 to 7.0.32 ABSTRACT: A vulnerability was reported in Apache Tomcat. REFERENCE LINKS: Apache Tomcat SecurityTracker Alert ID: 1028534 CVE-2013-2067 IMPACT ASSESSMENT: High DISCUSSION: A remote user can repeatedly send a specially crafted request for a resource requiring authentication while the target user is completing the login form to cause the FORM authentication process to execute the remote user's request with the privileges of the target user.

73

V-062: Asterisk Two Denial of Service Vulnerabilities | Department of  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

2: Asterisk Two Denial of Service Vulnerabilities 2: Asterisk Two Denial of Service Vulnerabilities V-062: Asterisk Two Denial of Service Vulnerabilities January 4, 2013 - 6:00am Addthis PROBLEM: Asterisk Two Denial of Service Vulnerabilities PLATFORM: The vulnerabilities are reported in versions 1.8.x, 10.x, and 11.x. ABSTRACT: Two vulnerabilities have been reported in Asterisk, which can be exploited by malicious users and malicious people to cause a DoS (Denial of Service). REFERENCE LINKS: Secunia Advisory SA51689 Asterisk Project Security Advisories CVE-2012-5976 CVE-2012-5977 IMPACT ASSESSMENT: Medium DISCUSSION: A remote user can send specially crafted data to consume excessive resources on the target system. Systems configured to allow anonymous calls are affected. A remote authenticated user can also exploit this via

74

V-096: Mozilla Thunderbird / SeaMonkey Multiple Vulnerabilities |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

6: Mozilla Thunderbird / SeaMonkey Multiple Vulnerabilities 6: Mozilla Thunderbird / SeaMonkey Multiple Vulnerabilities V-096: Mozilla Thunderbird / SeaMonkey Multiple Vulnerabilities February 21, 2013 - 6:00am Addthis PROBLEM: A weakness and multiple vulnerabilities have been reported in Mozilla Thunderbird and SeaMonkey PLATFORM: The vulnerabilities are reported in Thunderbird versions prior to 17.0.3 and SeaMonkey versions prior to 2.16. ABSTRACT: A weakness and multiple vulnerabilities have been reported in Mozilla Thunderbird and SeaMonkey, which can be exploited by malicious people to disclose potentially sensitive information, conduct spoofing attacks, bypass certain security restrictions, and compromise a user's system. REFERENCE LINKS: Secunia Advisory SA52280 Mozilla Security Advisory 2013-21 CVE-2013-0765 CVE-2013-0772

75

U-104: Adobe Flash Player Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

4: Adobe Flash Player Multiple Vulnerabilities 4: Adobe Flash Player Multiple Vulnerabilities U-104: Adobe Flash Player Multiple Vulnerabilities February 16, 2012 - 6:30am Addthis PROBLEM: Adobe Flash Player Multiple Vulnerabilities PLATFORM: Adobe Flash Player versions 11.1.102.55 and prior for Windows, Macintosh, Linux, and Solaris Adobe Flash Player versions 11.1.112.61 and prior for Android 4.x Adobe Flash Player versions 11.1.111.5 and prior for Android 3.x and prior ABSTRACT: Multiple vulnerabilities have been reported in Adobe Flash Player, which can be exploited by malicious people to conduct cross-site scripting attacks, bypass certain security restrictions, and compromise a user's system. reference LINKS: Adobe Security Bulletin Secunia Advisory 48033 IMPACT ASSESSMENT: High Discussion: Multiple vulnerabilities have been reported in Adobe Flash Player, which

76

V-096: Mozilla Thunderbird / SeaMonkey Multiple Vulnerabilities |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

6: Mozilla Thunderbird / SeaMonkey Multiple Vulnerabilities 6: Mozilla Thunderbird / SeaMonkey Multiple Vulnerabilities V-096: Mozilla Thunderbird / SeaMonkey Multiple Vulnerabilities February 21, 2013 - 6:00am Addthis PROBLEM: A weakness and multiple vulnerabilities have been reported in Mozilla Thunderbird and SeaMonkey PLATFORM: The vulnerabilities are reported in Thunderbird versions prior to 17.0.3 and SeaMonkey versions prior to 2.16. ABSTRACT: A weakness and multiple vulnerabilities have been reported in Mozilla Thunderbird and SeaMonkey, which can be exploited by malicious people to disclose potentially sensitive information, conduct spoofing attacks, bypass certain security restrictions, and compromise a user's system. REFERENCE LINKS: Secunia Advisory SA52280 Mozilla Security Advisory 2013-21 CVE-2013-0765 CVE-2013-0772

77

V-121: Google Chrome Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

1: Google Chrome Multiple Vulnerabilities 1: Google Chrome Multiple Vulnerabilities V-121: Google Chrome Multiple Vulnerabilities March 28, 2013 - 12:29am Addthis PROBLEM: Google Chrome Multiple Vulnerabilities PLATFORM: versions prior to 26.0.1410.43. ABSTRACT: Multiple vulnerabilities have been reported in Google Chrome REFERENCE LINKS: Secunia Advisory SA52761 CVE-2013-0916 CVE-2013-0917 CVE-2013-0918 CVE-2013-0919 CVE-2013-0920 CVE-2013-0921 CVE-2013-0922 CVE-2013-0923 CVE-2013-0924 CVE-2013-0925 CVE-2013-0926 IMPACT ASSESSMENT: High DISCUSSION: Multiple vulnerabilities have been reported in Google Chrome, where one has an unknown impact and others can be exploited by malicious people to bypass certain security restrictions and compromise a user's system. IMPACT: 1) A use-after-free error exists in Web Audio.

78

V-097: Google Chrome Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

7: Google Chrome Multiple Vulnerabilities 7: Google Chrome Multiple Vulnerabilities V-097: Google Chrome Multiple Vulnerabilities February 22, 2013 - 6:00am Addthis PROBLEM: Multiple vulnerabilities have been reported in Google Chrome PLATFORM: The vulnerabilities are reported in versions prior to Google Chrome 24.x ABSTRACT: Multiple vulnerabilities have been reported in Google Chrome, where some have an unknown impact and others can be exploited by malicious people to bypass certain security restrictions and compromise a user's system. REFERENCE LINKS: Secunia Advisory SA52320 Chrome Stable Channel Update CVE-2013-0879 CVE-2013-0880 CVE-2013-0881 CVE-2013-0882 CVE-2013-0883 CVE-2013-0884 CVE-2013-0885 CVE-2013-0886 CVE-2013-0887 CVE-2013-0888 CVE-2013-0889 CVE-2013-0890 CVE-2013-0891 CVE-2013-0892 CVE-2013-0893

79

Authentication of quantum messages.  

SciTech Connect

Authentication is a well-studied area of classical cryptography: a sender A and a receiver B sharing a classical private key want to exchange a classical message with the guarantee that the message has not been modified or replaced by a dishonest party with control of the communication line. In this paper we study the authentication of messages composed of quantum states. We give a formal definition of authentication in the quantum setting. Assuming A and B have access to an insecure quantum channel and share a private, classical random key, we provide a non-interactive scheme that both enables A to encrypt and authenticate (with unconditional security) an m qubit message by encoding it into m + s qubits, where the probability decreases exponentially in the security parameter s. The scheme requires a private key of size 2m + O(s). To achieve this, we give a highly efficient protocol for testing the purity of shared EPR pairs. It has long been known that learning information about a general quantum state will necessarily disturb it. We refine this result to show that such a disturbance can be done with few side effects, allowing it to circumvent cryptographic protections. Consequently, any scheme to authenticate quantum messages must also encrypt them. In contrast, no such constraint exists classically: authentication and encryption are independent tasks, and one can authenticate a message while leaving it publicly readable. This reasoning has two important consequences: On one hand, it allows us to give a lower bound of 2m key bits for authenticating m qubits, which makes our protocol asymptotically optimal. On the other hand, we use it to show that digitally signing quantum states is impossible, even with only computational security.

Barnum, Howard; Crpeau, Jean-Claude; Gottesman, D. (Daniel); Smith, A. (Adam); Tapp, Alan

2001-01-01T23:59:59.000Z

80

Bypass Flow Study  

SciTech Connect

The purpose of the fluid dynamics experiments in the MIR (Matched Index of-Refraction) flow system at Idaho National Laboratory (INL) is to develop benchmark databases for the assessment of Computational Fluid Dynamics (CFD) solutions of the momentum equations, scalar mixing, and turbulence models for the flow ratios between coolant channels and bypass gaps in the interstitial regions of typical prismatic standard fuel element (SFE) or upper reflector block geometries of typical Modular High-temperature Gas-cooled Reactors (MHTGR) in the limiting case of negligible buoyancy and constant fluid properties. The experiments use Particle Image Velocimetry (PIV) to measure the velocity fields that will populate the bypass flow study database.

Richard Schultz

2011-09-01T23:59:59.000Z

Note: This page contains sample records for the topic "authentication bypass vulnerability" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


81

V-237: TYPO3 Security Bypass Vulnerabilities | Department of...  

Energy Savers (EERE)

check by inserting certain special characters and e.g. rename files to have the PHP file extension. IMPACT: Cross-Site Scripting Remote Code Execution SOLUTION: Vendor...

82

V-182: Symantec Endpoint Protection Manager Buffer Overflow Vulnerability |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

2: Symantec Endpoint Protection Manager Buffer Overflow 2: Symantec Endpoint Protection Manager Buffer Overflow Vulnerability V-182: Symantec Endpoint Protection Manager Buffer Overflow Vulnerability June 20, 2013 - 6:00am Addthis PROBLEM: A vulnerability has been reported in Symantec Endpoint Protection Manager PLATFORM: The vulnerability is reported in versions 12.1.x prior to 12.1 RU3 ABSTRACT: Symantec was notified of a pre-authentication buffer overflow found in the Symantec Endpoint Protection Manager (SEPM) and Symantec Endpoint Protection Center (SPC) REFERENCE LINKS: Secunia Advisory SA53864 SecurityTracker Alert ID: 1028683 Symantec Adivsory SYM13-005 CVE-2013-1612 IMPACT ASSESSMENT: Medium DISCUSSION: The vulnerability is caused due to a boundary error within secars.dll and can be exploited to cause a buffer overflow via the web-based management

83

V-182: Symantec Endpoint Protection Manager Buffer Overflow Vulnerability |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

82: Symantec Endpoint Protection Manager Buffer Overflow 82: Symantec Endpoint Protection Manager Buffer Overflow Vulnerability V-182: Symantec Endpoint Protection Manager Buffer Overflow Vulnerability June 20, 2013 - 6:00am Addthis PROBLEM: A vulnerability has been reported in Symantec Endpoint Protection Manager PLATFORM: The vulnerability is reported in versions 12.1.x prior to 12.1 RU3 ABSTRACT: Symantec was notified of a pre-authentication buffer overflow found in the Symantec Endpoint Protection Manager (SEPM) and Symantec Endpoint Protection Center (SPC) REFERENCE LINKS: Secunia Advisory SA53864 SecurityTracker Alert ID: 1028683 Symantec Adivsory SYM13-005 CVE-2013-1612 IMPACT ASSESSMENT: Medium DISCUSSION: The vulnerability is caused due to a boundary error within secars.dll and can be exploited to cause a buffer overflow via the web-based management

84

U-173: Symantec Web Gateway Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

3: Symantec Web Gateway Multiple Vulnerabilities 3: Symantec Web Gateway Multiple Vulnerabilities U-173: Symantec Web Gateway Multiple Vulnerabilities May 21, 2012 - 7:00am Addthis PROBLEM: Symantec Web Gateway Multiple Vulnerabilities PLATFORM: 5.0.x prior to 5.0.3 ABSTRACT: Several vulnerabilities were reported in Symantec Web Gateway. A remote user can include and execute arbitrary code on the target system. A remote user can conduct cross-site scripting attacks. A remote user can view/delete/upload files on the target system. Reference Links: SecurityTracker Alert ID: 1027078 CVE-2012-0296 CVE-2012-0297 CVE-2012-0298 CVE-2012-0299 IMPACT ASSESSMENT: Medium Discussion: The management interface does not properly authenticate remote users and does not properly validate user-supplied input. A remote user can cause arbitrary scripting code to be executed by the

85

V-118: IBM Lotus Domino Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

8: IBM Lotus Domino Multiple Vulnerabilities 8: IBM Lotus Domino Multiple Vulnerabilities V-118: IBM Lotus Domino Multiple Vulnerabilities March 25, 2013 - 12:40am Addthis PROBLEM: IBM Lotus Domino Multiple Vulnerabilities PLATFORM: IBM Domino 8.x ABSTRACT: Multiple vulnerabilities have been reported in IBM Lotus Domino REFERENCE LINKS: IBM Reference #:1627597 Secunia Advisory SA52753 CVE-2012-6277 CVE-2013-0486 CVE-2013-0487 IMPACT ASSESSMENT: High DISCUSSION: 1) An unspecified error can be exploited to disclose time-limited authentication credentials via the Domino Java Console and subsequently gain otherwise restricted access. Successful exploitation may require certain knowledge of Domino server configuration. 2) An unspecified error in the HTTP server component can be exploited to cause a memory leak and subsequently crash the server.

86

U-100: Google Chrome Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

0: Google Chrome Multiple Vulnerabilities 0: Google Chrome Multiple Vulnerabilities U-100: Google Chrome Multiple Vulnerabilities February 10, 2012 - 7:00am Addthis PROBLEM: Multiple vulnerabilities have been reported in Google Chrome, where some have an unknown impact and others can be exploited by malicious people to bypass certain security restrictions, manipulate certain data, and compromise a user's system. PLATFORM: Google Chrome 16.x ABSTRACT: A remote user can create a specially crafted content that, when loaded by the target user, will execute arbitrary code on the target system. The code will run with the privileges of the target user. Reference LINKS: Google Announcements and Release Channel Secunia Advisory SA47938 Security Tracker ID 1026654 IMPACT ASSESSMENT: High Discussion: Multiple vulnerabilities have been reported in Google Chrome, where some

87

V-187: Mozilla Firefox Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

7: Mozilla Firefox Multiple Vulnerabilities 7: Mozilla Firefox Multiple Vulnerabilities V-187: Mozilla Firefox Multiple Vulnerabilities June 27, 2013 - 6:00am Addthis PROBLEM: Multiple vulnerabilities have been reported in Mozilla Firefox PLATFORM: Mozilla Firefox 21.x ABSTRACT: These vulnerabilities can be exploited by malicious people to conduct cross-site scripting and spoofing attacks, disclose potentially sensitive information, bypass certain security restrictions, and compromise a user's system. REFERENCE LINKS: Secunia Advisory SA53970 Secunia Advisory SA53953 Mozilla Advisory mfsa2013-49 Mozilla Advisory mfsa2013-50 Mozilla Advisory mfsa2013-51 Mozilla Advisory mfsa2013-53 Mozilla Advisory mfsa2013-55 Mozilla Advisory mfsa2013-56 Mozilla Advisory mfsa2013-59 CVE-2013-1682 CVE-2013-1683 CVE-2013-1684 CVE-2013-1685

88

QKD Quantum Channel Authentication  

E-Print Network (OSTI)

Several simple yet secure protocols to authenticate the quantum channel of various QKD schemes, by coupling the photon sender's knowledge of a shared secret and the QBER Bob observes, are presented. It is shown that Alice can encrypt certain portions of the information needed for the QKD protocols, using a sequence whose security is based on computational-complexity, without compromising all of the sequence's entropy. It is then shown that after a Man-in-the-Middle attack on the quantum and classical channels, there is still enough entropy left in the sequence for Bob to detect the presence of Eve by monitoring the QBER. Finally, it is shown that the principles presented can be implemented to authenticate the quantum channel associated with any type of QKD scheme, and they can also be used for Alice to authenticate Bob.

J. T. Kosloski

2006-04-02T23:59:59.000Z

89

V-150: Apache VCL Input Validation Flaw Lets Remote Authenticated Users  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

0: Apache VCL Input Validation Flaw Lets Remote Authenticated 0: Apache VCL Input Validation Flaw Lets Remote Authenticated Users Gain Elevated Privileges V-150: Apache VCL Input Validation Flaw Lets Remote Authenticated Users Gain Elevated Privileges May 7, 2013 - 12:01am Addthis PROBLEM: Apache VCL Input Validation Flaw Lets Remote Authenticated Users Gain Elevated Privileges PLATFORM: Apache VCL Versions: 2.1, 2.2, 2.2.1, 2.3, 2.3.1 ABSTRACT: A vulnerability was reported in Apache VCL. REFERENCE LINKS: Apache Securelist SecurityTracker Alert ID: 1028515 CVE-2013-0267 IMPACT ASSESSMENT: Medium DISCUSSION: A remote authenticated administrative user with minimal administrative privileges (i.e., nodeAdmin, manageGroup, resourceGrant, or userGrant) can send specially crafted data via the web interface or XMLRPC API to gain additional administrative privileges.

90

U-084: Cisco Digital Media Manager Lets Remote Authenticated Users Gain  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

84: Cisco Digital Media Manager Lets Remote Authenticated Users 84: Cisco Digital Media Manager Lets Remote Authenticated Users Gain Elevated Privileges U-084: Cisco Digital Media Manager Lets Remote Authenticated Users Gain Elevated Privileges January 19, 2012 - 9:00am Addthis PROBLEM: A remote authenticated user can gain elevated privileges on the target system. PLATFORM: Cisco Digital Media Manager: Version(s) 5.22 and prior, 5.2.3 ABSTRACT: The system does not properly validate unreferenced URLs. REFERENCE LINKS: Vendor Advisory SecurityTracker Alert ID: 1026541 CVE-2012-0329 IMPACT ASSESSMENT: medium Discussion: Cisco Show and Share is not directly affected by this vulnerability, but a user can exploit the Cisco Digital Media Manager to gain full access to Cisco Show and Share. Impact: A remote authenticated user can send a specially crafted URL via TCP port

91

U-084: Cisco Digital Media Manager Lets Remote Authenticated Users Gain  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

4: Cisco Digital Media Manager Lets Remote Authenticated Users 4: Cisco Digital Media Manager Lets Remote Authenticated Users Gain Elevated Privileges U-084: Cisco Digital Media Manager Lets Remote Authenticated Users Gain Elevated Privileges January 19, 2012 - 9:00am Addthis PROBLEM: A remote authenticated user can gain elevated privileges on the target system. PLATFORM: Cisco Digital Media Manager: Version(s) 5.22 and prior, 5.2.3 ABSTRACT: The system does not properly validate unreferenced URLs. REFERENCE LINKS: Vendor Advisory SecurityTracker Alert ID: 1026541 CVE-2012-0329 IMPACT ASSESSMENT: medium Discussion: Cisco Show and Share is not directly affected by this vulnerability, but a user can exploit the Cisco Digital Media Manager to gain full access to Cisco Show and Share. Impact: A remote authenticated user can send a specially crafted URL via TCP port

92

Key recycling in authentication  

E-Print Network (OSTI)

In their seminal work on authentication, Wegman and Carter propose that to authenticate multiple messages, it is sufficient to reuse the same hash function as long as each tag is encrypted with a one-time pad. They argue that because the one-time pad is perfectly hiding, the hash function used remains completely unknown to the adversary. Since their proof is not composable, we revisit it using a composable security framework. It turns out that the above argument is insufficient: if the adversary learns whether a corrupted message was accepted or rejected, information about the hash function is leaked, and after a bounded finite amount of rounds it is completely known. We show however that this leak is very small: Wegman and Carter's protocol is still $\\epsilon$-secure, if $\\epsilon$-almost strongly universal$_2$ hash functions are used. This implies that the secret key corresponding to the choice of hash function can be reused in the next round of authentication without any additional error than this $\\epsilon$. We also show that if the players have a mild form of synchronization, namely that the receiver knows when a message should be received, the key can be recycled for any arbitrary task, not only new rounds of authentication.

Christopher Portmann

2012-02-06T23:59:59.000Z

93

T-536: Cisco ASA Multiple Flaws Let Remote Users Deny Service and Bypass  

NLE Websites -- All DOE Office Websites (Extended Search)

36: Cisco ASA Multiple Flaws Let Remote Users Deny Service and 36: Cisco ASA Multiple Flaws Let Remote Users Deny Service and Bypass Security Controls T-536: Cisco ASA Multiple Flaws Let Remote Users Deny Service and Bypass Security Controls January 18, 2011 - 2:30pm Addthis PROBLEM: Cisco ASA Multiple Flaws Let Remote Users Deny Service and Bypass Security Controls. PLATFORM: Cisco 5500 Series Adaptive Security Appliances (ASA) ABSTRACT: Cisco ASA 5500 Series Adaptive Security Appliances are affected by multiple vulnerabilities. Affected versions of Cisco ASA Software vary depending on the specific vulnerability. Cisco ASA 5500 Series Adaptive Security Appliances may experience a TCP connection exhaustion condition (no new TCP connections are accepted) that can be triggered through the receipt of specific TCP segments during the

94

T-680:Samba SWAT 'user' Field Cross Site Scripting Vulnerability |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

0:Samba SWAT 'user' Field Cross Site Scripting Vulnerability 0:Samba SWAT 'user' Field Cross Site Scripting Vulnerability T-680:Samba SWAT 'user' Field Cross Site Scripting Vulnerability August 1, 2011 - 2:10pm Addthis PROBLEM: Samba SWAT 'user' Field Cross Site Scripting Vulnerability PLATFORM: All Linux ABSTRACT: It was found that the 'Change Password' page / screen of the Samba Web Administration Tool did not properly sanitize content of the user-provided "user" field, prior printing it back to the page content. A remote attacker could provide a specially-crafted URL, which once visited by an authenticated Samba SWAT user could allow the attacker to conduct cross-site scripting attacks (execute arbitrary HTML or script code). reference LINKS: SecurityFocus - Bugtraq ID: 48901 Secunia CVE Reference: CVE-2011-2694

95

T-680:Samba SWAT 'user' Field Cross Site Scripting Vulnerability |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

80:Samba SWAT 'user' Field Cross Site Scripting Vulnerability 80:Samba SWAT 'user' Field Cross Site Scripting Vulnerability T-680:Samba SWAT 'user' Field Cross Site Scripting Vulnerability August 1, 2011 - 2:10pm Addthis PROBLEM: Samba SWAT 'user' Field Cross Site Scripting Vulnerability PLATFORM: All Linux ABSTRACT: It was found that the 'Change Password' page / screen of the Samba Web Administration Tool did not properly sanitize content of the user-provided "user" field, prior printing it back to the page content. A remote attacker could provide a specially-crafted URL, which once visited by an authenticated Samba SWAT user could allow the attacker to conduct cross-site scripting attacks (execute arbitrary HTML or script code). reference LINKS: SecurityFocus - Bugtraq ID: 48901 Secunia CVE Reference: CVE-2011-2694

96

CERTIFICATE OF AUTHENTICITY  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

CERTIFICATE OF AUTHENTICITY CERTIFICATE OF AUTHENTICITY I hereby certify that this transcript constitutes an accurate record of the full Council meeting of the National Coal Council held on November 14,2008 at the Westin Grand Hotel, Washington, D.C. ~ i c h a e l G. Mueller, Chair National Coal Council I NATIONAL COAL COUNCIL 1 FULL COUNCIL MEETING FRIDAY NOVEMBER 14, 2 0 0 8 The Full Council meeting convened at 9 : 0 0 a.m. in the Washington Ballroom of the Westin Grand Hotel, 2 3 5 0 M Street, NW, Washington, DC, Chair Michael G. Mueller presiding. ATTENDEES: MIKE MUELLER, Arneren Energy Fuels & Services Company, Chair RICH EIMER, Dynegy Inc., Vice-Chair ROBERT BECK, National Coal Council, Executive Vice-President SY ALI, Clean Energy Consulting BARB ALTIZER, Eastern Coal Council

97

NSTB Summarizes Vulnerable Areas  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

NSTB Summarizes Vulnerable Areas NSTB Summarizes Vulnerable Areas Commonly Found in Energy Control Systems Experts at the National SCADA Test Bed (NSTB) discovered some common areas of vulnerability in the energy control systems assessed between late 2004 and early 2006. These vulnerabilities ranged from conventional IT security issues to specific weaknesses in control system protocols. The paper "Lessons Learned from Cyber Security Assessments of SCADA and Energy Management Systems" describes the vulnerabilities and recommended strategies for mitigating them. It should be of use to asset owners and operators, control system vendors, system integrators, and third-party vendors interested in enhancing the security characteristics of current and future products.

98

JC3 Bulletin Archive | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

Java vulnerability to deliver the Poison Ivy RAT onto the unsuspecting victims' machines August 27, 2012 U-244: McAfee Email Gateway Lets Remote Users Bypass Authentication...

99

JC3 Bulletin Archive | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

vulnerabilities were reported in Symantec Messaging Gateway. August 29, 2012 U-247: EMC Cloud Tiering Appliance Flaw Lets Remote Users Bypass Authentication and Gain Administrative...

100

T-575: OpenLDAP back-ndb Lets Remote Users Authenticate Without a Valid  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

5: OpenLDAP back-ndb Lets Remote Users Authenticate Without a 5: OpenLDAP back-ndb Lets Remote Users Authenticate Without a Valid Password T-575: OpenLDAP back-ndb Lets Remote Users Authenticate Without a Valid Password March 11, 2011 - 3:05pm Addthis PROBLEM: A vulnerability was reported in OpenLDAP. A remote user can authenticate without a valid password. PLATFORM: Open LDAP version(s) 2.4.12 - 2.2.24 ABSTRACT: OpenLDAP back-ndb Lets Remote Users Authenticate Without a Valid Password. reference LINKS: SecurityTracker Alert ID:1025190 Secunia Advisory:SA43331 OpenLDAP Issue OpenLDAP Download CVE-2011-1025 IMPACT ASSESSMENT: Medium Discussion: A remote user with knowledge of the target distinguished name can provide an arbitrary password to successfully authenticate on systems using the NDB back-end. Impact: Some vulnerabilities have been reported in OpenLDAP, which can be exploited

Note: This page contains sample records for the topic "authentication bypass vulnerability" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


101

V-166: HP-UX Directory Server Discloses Passwords to Remote Authenticated  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

6: HP-UX Directory Server Discloses Passwords to Remote 6: HP-UX Directory Server Discloses Passwords to Remote Authenticated and Local Users V-166: HP-UX Directory Server Discloses Passwords to Remote Authenticated and Local Users May 29, 2013 - 12:32am Addthis PROBLEM: HP-UX Directory Server Discloses Passwords to Remote Authenticated and Local Users PLATFORM: Directory Server B.08.10.04 ABSTRACT: Two vulnerabilities were reported in HP-UX Directory Server. REFERENCE LINKS: HP Document ID: c03772083 SecurityTracker Alert ID: 1028593 CVE-2012-2678 CVE-2012-2746 IMPACT ASSESSMENT: High DISCUSSION: A local user can access the plaintext password in certain cases [CVE-2012-2678]. A remote authenticated user can can view the password for a target LDAP user when audit logging is enabled by reading the audit log [CVE-2012-2678].

102

T-704: RSA enVision Lets Remote Users View Files and Remote Authenticated  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

704: RSA enVision Lets Remote Users View Files and Remote 704: RSA enVision Lets Remote Users View Files and Remote Authenticated Users Obtain Password T-704: RSA enVision Lets Remote Users View Files and Remote Authenticated Users Obtain Password August 29, 2011 - 3:45am Addthis PROBLEM: Allows remote attackers to obtain sensitive information by sniffing the network or leveraging access to a recipient mailbox. PLATFORM: RSA enVision Version(s): 3.x, 4.x ABSTRACT: RSA enVision lets remote users view files and remote authenticated users obtain password. reference LINKS: SecurityTracker Alert ID: 1025979 CVE-2011-2736 CVE-2011-2737 RSA enVision Product Security IMPACT ASSESSMENT: Medium Discussion: Two vulnerabilities were reported in RSA enVision. A remote user can view files on the target system. A remote authenticated user can obtain

103

T-704: RSA enVision Lets Remote Users View Files and Remote Authenticated  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

4: RSA enVision Lets Remote Users View Files and Remote 4: RSA enVision Lets Remote Users View Files and Remote Authenticated Users Obtain Password T-704: RSA enVision Lets Remote Users View Files and Remote Authenticated Users Obtain Password August 29, 2011 - 3:45am Addthis PROBLEM: Allows remote attackers to obtain sensitive information by sniffing the network or leveraging access to a recipient mailbox. PLATFORM: RSA enVision Version(s): 3.x, 4.x ABSTRACT: RSA enVision lets remote users view files and remote authenticated users obtain password. reference LINKS: SecurityTracker Alert ID: 1025979 CVE-2011-2736 CVE-2011-2737 RSA enVision Product Security IMPACT ASSESSMENT: Medium Discussion: Two vulnerabilities were reported in RSA enVision. A remote user can view files on the target system. A remote authenticated user can obtain

104

T-555: Adobe Acrobat and Reader Image Parsing Arbitrary Code Execution Vulnerability  

Energy.gov (U.S. Department of Energy (DOE))

Critical vulnerabilities have been identified in Adobe Reader X (10.0) for Windows and Macintosh; Adobe Reader 9.4.1 and earlier versions for Windows, Macintosh and UNIX; and Adobe Acrobat X (10.0) and earlier versions for Windows and Macintosh. These vulnerabilities could cause the application to crash and potentially allow an attacker to take control of the affected system. Risk for Adobe Reader X users is significantly lower, as none of these issues bypass Protected Mode mitigations.

105

Philosophy on Vulnerability Assessments  

NLE Websites -- All DOE Office Websites (Extended Search)

capabilities/vat/assess/ capabilities/vat/assess/ ARGONNE NATIONAL LABORATORY, Nuclear Engineering Division, 9700 South Cass Ave., Argonne, IL Philosophy on Vulnerability Assessments Argonne Vulnerability Assessment Team Roger G. Johnston, Ph.D., CPP , 630-252-6168 1. There are a number of conventional tools for finding security vulnerabilities. These include security surveys, risk management, design basis threat, CARVER Method, Delphi Method, software vulnerability assessment tools, infrastructure modeling, etc. 2. These tools have some value, and indeed we have used them all. 3. Experience has shown, however, that these methods do not usually result in dramatic improvements to security, nor do they reliably predict catastrophic security incidents that

106

U-098: ISC BIND Deleted Domain Name Resolving Vulnerability | Department of  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

098: ISC BIND Deleted Domain Name Resolving Vulnerability 098: ISC BIND Deleted Domain Name Resolving Vulnerability U-098: ISC BIND Deleted Domain Name Resolving Vulnerability February 8, 2012 - 7:00am Addthis PROBLEM: A vulnerability has been reported in ISC BIND, which can be exploited by malicious people to bypass certain security restrictions. PLATFORM: ISC BIND 9.2.x ISC BIND 9.3.x ISC BIND 9.4.x ISC BIND 9.5.x ISC BIND 9.6.x ISC BIND 9.7.x ISC BIND 9.8.x ABSTRACT: The vulnerability is caused due to an error within the cache update policy. reference LINKS: Original Advisory Secunia Advisory SA47884 CVE-2012-1033 IMPACT ASSESSMENT: High Discussion: Researchers discovered a vulnerability affecting the large majority of popular DNS implementations which allows a malicious domain name to stay resolvable long after it has been removed from the upper level servers. The

107

The Laws of Vulnerabilities: Which security vulnerabilities really matter?  

Science Journals Connector (OSTI)

New security vulnerabilities are discovered on a daily basis. With each new announcement, the same questions arise. How significant is this vulnerability? How prevalent? How easy is it to exploit? Due to a lack of global vulnerability data, answers are ...

Gerhard Eschelbeck

2005-01-01T23:59:59.000Z

108

Ecosystem Vulnerability Assessment - Patterns of Climate Change...  

Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

Ecosystem Vulnerability Assessment - Patterns of Climate Change Vulnerability in the Southwest Ecosystem Vulnerability Assessment - Patterns of Climate Change Vulnerability in the...

109

Are markets for vulnerabilities effective?  

Science Journals Connector (OSTI)

Current reward structures in security vulnerability disclosure may be skewed toward benefitting nefarious usage of vulnerability information rather than responsible disclosure. Recently suggested market-based mechanisms offer incentives to responsible ... Keywords: information security, information technology policy, vulnerability disclosure

Sam Ransbotham; Sabyaschi Mitra; Jon Ramsey

2012-03-01T23:59:59.000Z

110

V-234: EMC RSA Archer GRC Open Redirection Weakness and Security Bypass  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

4: EMC RSA Archer GRC Open Redirection Weakness and Security 4: EMC RSA Archer GRC Open Redirection Weakness and Security Bypass Security Issue V-234: EMC RSA Archer GRC Open Redirection Weakness and Security Bypass Security Issue September 4, 2013 - 6:00am Addthis PROBLEM: A weakness and a security issue have been reported in EMC RSA Archer GRC PLATFORM: EMC RSA Archer GRC 5.x ABSTRACT: This fixes multiple vulnerabilities, which can be exploited to bypass certain security restrictions and to conduct spoofing attacks REFERENCE LINKS: Secunia Advisory SA54717 SecurityTracker Alert ID 1028971 EMC Identifier: ESA-2013-057 CVE-2013-3276 CVE-2013-3277 IMPACT ASSESSMENT: Medium DISCUSSION: 1) The application does not properly restrict deactivated users. This can be exploited by deactivated users to login and gain access to otherwise

111

Interventions in Infrainguinal Bypass Grafts  

SciTech Connect

The interventional radiologist plays an important role in the detection and prevention of infrainguinal bypass failure. Early detection and evaluation of flow-limiting lesions effectively preserve graft (venous bypass and polyester or expanded polytetrafluoroethylene bypass) patency by identifying stenoses before occlusion occurs. Delay in treatment of the at-risk graft may result in graft failure and a reduced chance of successful revascularization. For this reason, surveillance protocols form an important part of follow-up after infrainguinal bypass surgery. As well as having an understanding of the application of imaging techniques including ultrasound, MR angiography, CT angiography and digital subtraction angiography, the interventional radiologist should have detailed knowledge of the minimally invasive therapeutic options. Percutaneous transluminal angioplasty (PTA), or alternatively cutting balloon angioplasty, is the interventional treatment of choice in prevention of graft failure and occlusion. Further alternatives include metallic stent placement, fibrinolysis, and mechanical thrombectomy. Primary assisted patency rates following PTA can be up to 65% at 5 years. When the endovascular approach is unsuccessful, these therapeutic options are complemented by surgical procedures including vein patch revision, jump grafting, or placement of a new graft.

Mueller-Huelsbeck, S., E-mail: muehue@rad.uni-kiel.de; Order, B.-M.; Jahnke, T. [University Hospital Schleswig-Holstein - Campus Kiel, Department of Radiology (Germany)

2006-02-15T23:59:59.000Z

112

Secure Anonymous RFID Authentication Protocols Christy Chatmon  

E-Print Network (OSTI)

and scalable. Keywords: RFID, Authentication, Anonymity, Privacy, Availability, Scalability. 1 Introduction technology is to automatically identify objects that are contained in electromagnetic fields. RFID tags doSecure Anonymous RFID Authentication Protocols Christy Chatmon Computer & Information Sciences

Burmester, Mike

113

Energy vulnerability relationships  

SciTech Connect

The US consumption of crude oil resources has been a steadily growing indicator of the vitality and strength of the US economy. At the same time import diversity has also been a rapidly developing dimension of the import picture. In the early 1970`s, embargoes of crude oil from Organization of Producing and Exporting Countries (OPEC) created economic and political havoc due to a significant lack of diversity and a unique set of economic, political and domestic regulatory circumstances. The continued rise of imports has again led to concerns over the security of our crude oil resource but threats to this system must be considered in light of the diversity and current setting of imported oil. This report develops several important issues concerning vulnerability to the disruption of oil imports: (1) The Middle East is not the major supplier of oil to the United States, (2) The US is not vulnerable to having its entire import stream disrupted, (3) Even in stable countries, there exist vulnerabilities to disruption of the export stream of oil, (4) Vulnerability reduction requires a focus on international solutions, and (5) DOE program and policy development must reflect the requirements of the diverse supply. Does this increasing proportion of imported oil create a {open_quotes}dependence{close_quotes}? Does this increasing proportion of imported oil present a vulnerability to {open_quotes}price shocks{close_quotes} and the tremendous dislocations experienced during the 1970`s? Finally, what is the vulnerability of supply disruptions from the current sources of imported oil? If oil is considered to be a finite, rapidly depleting resource, then the answers to these questions must be {open_quotes}yes.{close_quotes} However, if the supply of oil is expanding, and not limited, then dependence is relative to regional supply sources.

Shaw, B.R.; Boesen, J.L.

1998-02-01T23:59:59.000Z

114

Plutonium Vulnerability Management Plan  

SciTech Connect

This Plutonium Vulnerability Management Plan describes the Department of Energy`s response to the vulnerabilities identified in the Plutonium Working Group Report which are a result of the cessation of nuclear weapons production. The responses contained in this document are only part of an overall, coordinated approach designed to enable the Department to accelerate conversion of all nuclear materials, including plutonium, to forms suitable for safe, interim storage. The overall actions being taken are discussed in detail in the Department`s Implementation Plan in response to the Defense Nuclear Facilities Safety Board (DNFSB) Recommendation 94-1. This is included as Attachment B.

NONE

1995-03-01T23:59:59.000Z

115

TwoKind Authentication: Usable Authenticators for Untrustworthy Environments  

E-Print Network (OSTI)

damage if the session or their password is compromised. 1. INTRODUCTION In today's Internet. Current authentication mechanisms such as one-time passwords [4] (such as RSA SecurID [3]) and privileged-time passwords limit the damage caused by stolen passwords, but allow full-scale damage in a hijacked session

Smith, Sean W.

116

U-151: Bugzilla Cross-Site Request Forgery Vulnerability | Department of  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

51: Bugzilla Cross-Site Request Forgery Vulnerability 51: Bugzilla Cross-Site Request Forgery Vulnerability U-151: Bugzilla Cross-Site Request Forgery Vulnerability April 19, 2012 - 8:15am Addthis PROBLEM: A vulnerability has been reported in Bugzilla, which can be exploited by malicious people to conduct cross-site request forgery attacks. PLATFORM: Bugzilla 2.x Bugzilla 3.x Bugzilla 4.x ABSTRACT: The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. reference LINKS: Vendor Advisory Secunia Advisory 48835 CVE-2012-0465 CVE-2012-0466 IMPACT ASSESSMENT: Medium Discussion: When abusing the X-FORWARDED-FOR header, an attacker could bypass the lockout policy allowing a possible brute-force discovery of a valid user password. An attacker can get access to some bug information using the victim's

117

Demonstrated Petroleum Reduction Using Oil Bypass Filter Technology...  

Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

Demonstrated Petroleum Reduction Using Oil Bypass Filter Technology on Heavy and Light Vehicles Demonstrated Petroleum Reduction Using Oil Bypass Filter Technology on Heavy and...

118

User Authentication Policy | Argonne Leadership Computing Facility  

NLE Websites -- All DOE Office Websites (Extended Search)

Eureka / Gadzooks Eureka / Gadzooks Policies Pullback Policy ALCF Acknowledgment Policy Account Sponsorship & Retention Policy Accounts Policy Data Policy INCITE Quarterly Report Policy Job Scheduling Policy on BG/P Job Scheduling Policy on BG/Q Refund Policy Software Policy User Authentication Policy Documentation Feedback Please provide feedback to help guide us as we continue to build documentation for our new computing resource. [Feedback Form] User Authentication Policy Users of the Argonne production systems are required to use a CRYPTOCard one time password, multifactor authentication system. This document explains the policies users must follow regarding CRYPTOCard tokens for accessing the Argonne resources. MultiFactor Authentication "Authentication systems are frequently described by the authentication

119

Obfuscated authentication systems, devices, and methods  

DOE Patents (OSTI)

Embodiments of the present invention are directed toward authentication systems, devices, and methods. Obfuscated executable instructions may encode an authentication procedure and protect an authentication key. The obfuscated executable instructions may require communication with a remote certifying authority for operation. In this manner, security may be controlled by the certifying authority without regard to the security of the electronic device running the obfuscated executable instructions.

Armstrong, Robert C; Hutchinson, Robert L

2013-10-22T23:59:59.000Z

120

CERTIFICATE OF AUTHENTICITY | Department of Energy  

Energy Savers (EERE)

D.C. Tran001.pdf CERTIFICATE OF AUTHENTICITY More Documents & Publications U.S. Offshore Wind Advanced Technology Demonstration Projects Public Meeting Transcript for...

Note: This page contains sample records for the topic "authentication bypass vulnerability" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


121

A DAWP Technique for Audio Authentication  

Science Journals Connector (OSTI)

Digital audio content protection is part of information security for audio authentication and audio integrity evaluation. Watermarking is widely used in copyright protection. However, watermark requires a thir...

Tung-Shou Chen; Jeanne Chen; Jiun-Lin Tang; Keshou Wu

2011-01-01T23:59:59.000Z

122

V-031: IBM WebSphere DataPower XC10 Appliance Bugs Let Remote Authenticated  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

1: IBM WebSphere DataPower XC10 Appliance Bugs Let Remote 1: IBM WebSphere DataPower XC10 Appliance Bugs Let Remote Authenticated Users Gain Elevated Privileges and Remote Users Deny Service V-031: IBM WebSphere DataPower XC10 Appliance Bugs Let Remote Authenticated Users Gain Elevated Privileges and Remote Users Deny Service November 22, 2012 - 3:00am Addthis PROBLEM: IBM WebSphere DataPower XC10 Appliance Bugs Let Remote Authenticated Users Gain Elevated Privileges and Remote Users Deny Service PLATFORM: Version(s): XC10 2.0.0.0 - 2.0.0.3, 2.1.0.0 - 2.1.0.2 ABSTRACT: Several vulnerabilities were reported in IBM WebSphere DataPower. REFERENCE LINKS: IBM Security Bulletin SecurityTracker Alert ID: 1027798 CVE-2012-5758 CVE-2012-5759 CVE-2012-5756 IMPACT ASSESSMENT: High DISCUSSION: Several vulnerabilities were reported in IBM WebSphere DataPower. A remote

123

Instructions for using HSPD-12 Authenticated Outlook Web Access...  

Energy Savers (EERE)

Instructions for using HSPD-12 Authenticated Outlook Web Access (OWA) Instructions for using HSPD-12 Authenticated Outlook Web Access (OWA) Provides instructions for remote Outlook...

124

U-211: EMC Celerra/VNX/VNXe Access Control Bug Lets Remote Authenticated  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

11: EMC Celerra/VNX/VNXe Access Control Bug Lets Remote 11: EMC Celerra/VNX/VNXe Access Control Bug Lets Remote Authenticated Users Access Files/Directories U-211: EMC Celerra/VNX/VNXe Access Control Bug Lets Remote Authenticated Users Access Files/Directories July 12, 2012 - 7:00am Addthis PROBLEM: EMC Celerra/VNX/VNXe Access Control Bug Lets Remote Authenticated Users Access Files/Directories PLATFORM: EMC Celerra Network Server versions 6.0.36.4 through 6.0.60.2 EMC VNX versions 7.0.12.0 through 7.0.53.1 EMC VNXe 2.0 (including SP1, SP2, and SP3) EMC VNXe MR1 (including SP1, SP2, SP3, and SP3.1) EMC VNXe MR2 (including SP0.1) ABSTRACT: A vulnerability was reported in EMC Celerra/VNX/VNXe. A remote authenticated user can access files and directories on the target file system. reference LINKS: The Vendor's Advisory

125

V-236: MediaWiki CentralAuth Extension Authentication Bypass...  

Energy Savers (EERE)

Web: http:energy.govcioservicesincident-management E-mail: circ@jc3.doe.gov JC3 services are available to JC3-Joint Cybersecurity Coordination Center, and JC3 Contractors....

126

U-244: McAfee Email Gateway Lets Remote Users Bypass Authentication...  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

7.0.0 and 7.0.1 (MEG 6.7.x is NOT affected.) McAfee Email and Web Security (EWS) 5.6 Patch 3 and earlier McAfee Email and Web Security (EWS) 5.5 Patch 6 and earlier ABSTRACT:...

127

Verifying authentication protocols with CSP Steve Schneider  

E-Print Network (OSTI)

Verifying authentication protocols with CSP Steve Schneider Department of Computer Science Royal of Communicating Sequential Processes (CSP). It is il- lustrated by an examination of the Needham-Schroeder public of authentication protocols, built on top of the gen- eral CSP semantic framework. This approach aims to combine

Doran, Simon J.

128

Bypass diode for a solar cell  

DOE Patents (OSTI)

Bypass diodes for solar cells are described. In one embodiment, a bypass diode for a solar cell includes a substrate of the solar cell. A first conductive region is disposed above the substrate, the first conductive region of a first conductivity type. A second conductive region is disposed on the first conductive region, the second conductive region of a second conductivity type opposite the first conductivity type.

Rim, Seung Bum (Palo Alto, CA); Kim, Taeseok (San Jose, CA); Smith, David D. (Campbell, CA); Cousins, Peter J. (Menlo Park, CA)

2012-03-13T23:59:59.000Z

129

AUTHENTICATED  

NLE Websites -- All DOE Office Websites (Extended Search)

2. AMENDMENT OF AGREEMENT BPA and Port Townsend amend the Agreement as follows: (a) The following Section 2.24 ("Wheel Turning Load") shall be added to the Agreement: "2.24...

130

Deniable Authentication with RSA and Multicasting Daniel R. L. Brown  

E-Print Network (OSTI)

. Related concepts to deniable authentication are plausible deniability and prevention of surreptitious

131

Occurrence of Pesticides in Water, Sediment, and Soil from the Yolo Bypass, California  

E-Print Network (OSTI)

water and sediment from Yolo Bypass, California, 2004-2005.L. 2002. Californias Yolo Bypass: Evidence that floodfish. KEYWORDS pesticides, Yolo Bypass, fish, surface water,

Smalling, Kelly L.; Orlando, James L.; Kuivila, Kathryn M.

2007-01-01T23:59:59.000Z

132

Vulnerability Analysis of Energy Delivery Control Systems  

Energy Savers (EERE)

services and applications * Known vulnerabilities are mitigated through effective patch management and removal of unneeded applications and services. New vulnerabilities in...

133

MAPPING CLIMATE CHANGE EXPOSURES, VULNERABILITIES,  

E-Print Network (OSTI)

MAPPING CLIMATE CHANGE EXPOSURES, VULNERABILITIES, AND ADAPTATION TO PUBLIC HEALTH RISKS's California Climate Change Center JULY 2012 CEC5002012041 Prepared for: California Energy Commission of California. #12; ii ABSTRACT This study reviewed first available frameworks for climate change adaptation

134

E-Print Network 3.0 - archeological gold authentication Sample...  

NLE Websites -- All DOE Office Websites (Extended Search)

't do. Tests and quizzes aren't the gold standard either. - Fixed-choice test questions tend... by authentic use & authentic assessment. 12;Authentic performance...

135

Handbook of the Vulnerable Plaque  

Science Journals Connector (OSTI)

...predominantly a secondary phenomenon; the true culprit in unstable ischemic heart disease is rupture of the underlying vulnerable atherosclerotic plaque. Handbook of the Vulnerable Plaque was edited by two distinguished leaders in interventional cardiology, Patrick Serruys and Ron Waksman. They assembled a who's... Angiographic observations in the early 1980s confirmed that acute coronary thrombosis was the proximate cause of acute myocardial infarction seminal studies that led to revolutionary treatments for the recanalization of occluded vessels. However, during ...

Goldstein J.

2005-06-02T23:59:59.000Z

136

Hardware device binding and mutual authentication  

DOE Patents (OSTI)

Detection and deterrence of device tampering and subversion by substitution may be achieved by including a cryptographic unit within a computing device for binding multiple hardware devices and mutually authenticating the devices. The cryptographic unit includes a physically unclonable function ("PUF") circuit disposed in or on the hardware device, which generates a binding PUF value. The cryptographic unit uses the binding PUF value during an enrollment phase and subsequent authentication phases. During a subsequent authentication phase, the cryptographic unit uses the binding PUF values of the multiple hardware devices to generate a challenge to send to the other device, and to verify a challenge received from the other device to mutually authenticate the hardware devices.

Hamlet, Jason R; Pierson, Lyndon G

2014-03-04T23:59:59.000Z

137

Interception and modification of network authentication packets with the purpose of allowing alternative authentication modes  

DOE Patents (OSTI)

Methods and systems in a data/computer network for authenticating identifying data transmitted from a client to a server through use of a gateway interface system which are communicately coupled to each other are disclosed. An authentication packet transmitted from a client to a server of the data network is intercepted by the interface, wherein the authentication packet is encrypted with a one-time password for transmission from the client to the server. The one-time password associated with the authentication packet can be verified utilizing a one-time password token system. The authentication packet can then be modified for acceptance by the server, wherein the response packet generated by the server is thereafter intercepted, verified and modified for transmission back to the client in a similar but reverse process.

Kent, Alexander Dale (Los Alamos, NM)

2008-09-02T23:59:59.000Z

138

V-158: BlackBerry Tablet OS Flash Player Multiple Vulnerabilities |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

8: BlackBerry Tablet OS Flash Player Multiple Vulnerabilities 8: BlackBerry Tablet OS Flash Player Multiple Vulnerabilities V-158: BlackBerry Tablet OS Flash Player Multiple Vulnerabilities May 17, 2013 - 6:00am Addthis PROBLEM: Multiple vulnerabilities have been reported in BlackBerry Tablet OS PLATFORM: BlackBerry Tablet OS 2.x ABSTRACT: Multiple vulnerabilities have been reported in BlackBerry Tablet OS, which can be exploited by malicious people to bypass certain security restrictions and compromise a user's system. REFERENCE LINKS: Secunia Advisory SA53453 Blackberry Security Advisory KB34161 CVE-2012-5248 CVE-2012-5249 CVE-2012-5250 CVE-2012-5251 CVE-2012-5252 CVE-2012-5253 CVE-2012-5254 CVE-2012-5255 CVE-2012-5256 CVE-2012-5257 CVE-2012-5258 CVE-2012-5259 CVE-2012-5260 CVE-2012-5261 CVE-2012-5262 CVE-2012-5263 CVE-2012-5264 CVE-2012-5265

139

Are Vulnerability Disclosure Deadlines Justified?  

SciTech Connect

Vulnerability research organizations Rapid7, Google Security team, and Zero Day Initiative recently imposed grace periods for public disclosure of vulnerabilities. The grace periods ranged from 45 to 182 days, after which disclosure might occur with or without an effective mitigation from the affected software vendor. At this time there is indirect evidence that the shorter grace periods of 45 and 60 days may not be practical. However, there is strong evidence that the recently announced Zero Day Initiative grace period of 182 days yields benefit in speeding up the patch creation process, and may be practical for many software products. Unfortunately, there is also evidence that the 182 day grace period results in more vulnerability announcements without an available patch.

Miles McQueen; Jason L. Wright; Lawrence Wellman

2011-09-01T23:59:59.000Z

140

A service-oriented architecture for authentication and authorization  

E-Print Network (OSTI)

THESIS A Service-oriented Architecture for AuthenticationSAN DIEGO A Service-oriented Architecture for Authentication2.0, which is a service-oriented architecture that addresses

Hamedtoolloei, Hamidreza

2009-01-01T23:59:59.000Z

Note: This page contains sample records for the topic "authentication bypass vulnerability" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


141

CLOC: Authenticated Encryption for Short Input Tetsu Iwata1  

E-Print Network (OSTI)

. CLOC uses a variant of CFB mode in its encryption part and a variant of CBC MAC in the authentication

142

Deniable Authentication with RSA and Multicasting Daniel R. L. Brown  

E-Print Network (OSTI)

of surreptitious forwarding. The IETF S/MIME protocol, which can be used to secure email, includes an Authenticated

143

CLIMATE CHANGE IMPACTS, VULNERABILITIES, AND  

E-Print Network (OSTI)

CLIMATE CHANGE IMPACTS, VULNERABILITIES, AND ADAPTATION IN THE SAN FRANCISCO BAY AREA Commission's California Climate Change Center JULY 2012 CEC5002012071 Prepared for: California Energy, as well as projections of future changes in climate based on modeling studies using various plausible

144

Threat Insight Quarterly Vulnerability Management  

E-Print Network (OSTI)

X-Force ® Threat Insight Quarterly Vulnerability Management July 2006 #12;X - F O R C E T H R E.................. 7 X-Force Catastrophic Risk Index.............................. 10 Future X-Force Threat Insight Introduction There is a wide range of threats that can exist in any network. The presence of unpatched

145

PAP: A Privacy and Authentication Protocol for Passive RFID Tags  

E-Print Network (OSTI)

PAP: A Privacy and Authentication Protocol for Passive RFID Tags Alex X. Liu LeRoy A. Bailey for RFID tags is necessary to ensure the privacy and authentication between each tag and their reader. In order to accomplish this, we propose PAP, a privacy and authentication protocol for passive RFID tags

Liu, Alex X.

146

REALIZING TWO-FACTOR AUTHENTICATION FOR THE BITCOIN PROTOCOL  

E-Print Network (OSTI)

REALIZING TWO-FACTOR AUTHENTICATION FOR THE BITCOIN PROTOCOL Christopher Mann and Daniel Loebenberger 15 August 2014 Abstract. We show how to realize two-factor authentication for a Bitcoin wal- let a prototypic implementation of a Bitcoin wallet that offers both: two-factor authentication and verification

147

FORENSIC CONNOISSEURSHIP, JACKSON POLLOCK, AND THE AUTHENTIC EYE  

E-Print Network (OSTI)

FORENSIC CONNOISSEURSHIP, JACKSON POLLOCK, AND THE AUTHENTIC EYE by Francis V. O'Connor, Ph shall proceed to some general #12;Forensic Connoisseurship, Pollock, & The Authentic Eye - F. V. O, the training of authentic eyes and forensic connoisseurs -- concluding with a final thought on the historicity

Taylor, Richard

148

Robust video authentication system over internet protocol  

Science Journals Connector (OSTI)

This paper presents a video authentication system over internet protocol that is insusceptible to illumination and expression variations. The illumination and expression invariant features are extracted using multi-band feature extraction. These features are classified by a radial basis function neural network. A new adaptive decision fusion method is proposed to combine the scores from different modalities and the different frames during the authentication process. Three levels of decision fusion are carried out in the proposed adaptive decision fusion. Depending on the level of decision fusion, the level of illumination influence is taken into account during the decision making.

Sue Inn Ch'ng; Kah Phooi Seng; Li-Minn Ang; Fong Tien Ong; Yee Wan Wong

2011-01-01T23:59:59.000Z

149

Safeguarding Children and Vulnerable Adults Introduction  

E-Print Network (OSTI)

Safeguarding Children and Vulnerable Adults Introduction The University is expected and has a responsibility to take appropriate steps to safeguard children and vulnerable adults who are on University · Safeguarding:"Institutionshaveanenhanceddutytowardschildren,andsafeguardingispartofthatcommon-lawdutyof care

Aickelin, Uwe

150

Hoover Dam Bypass Project Phase II  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

DOE/EA-1478 DOE/EA-1478 ENVIRONMENTAL ASSESSMENT Western' s Hoover Dam Bypass Project Phase II (Double-Circuiting a Portion of the Hoover-Mead #5 and #7 230-kV Transmission Lines with the Henderson-Mead #1 230-kV Transmission Line, Clark County, Nevada) Prepared for: U.S. Department of Energy Western Area Power Administration 615 S. 43 rd Avenue Phoenix, Arizona 85009 Prepared by: Transcon Environmental 3740 East Southern Avenue, Suite 218 Mesa, Arizona 85206 (480) 807-0095 October 2003 Western Area Power Administration Hoover Dam Bypass Project Phase II page i Environmental Assessment TABLE OF CONTENTS 1.0 INTRODUCTION ............................................................................................................................1 1.1 Background..................................................................................................................................1

151

Oil Bypass filter technology evaluation final report  

NLE Websites -- All DOE Office Websites (Extended Search)

6-01355 6-01355 U.S. Department of Energy FreedomCAR & Vehicle Technologies Program Oil Bypass Filter Technology Evaluation Final Report TECHNICAL REPORT Larry Zirker James Francfort Jordan Fielding March 2006 Idaho National Laboratory Operated by Battelle Energy Alliance INL/EXT-06-01355 U.S. Department of Energy FreedomCAR & Vehicle Technologies Program Oil Bypass Filter Technology Evaluation Final Report Larry Zirker James Francfort Jordan Fielding March 2006 Idaho National Laboratory Transportation Technology Department Idaho Falls, Idaho 83415 Prepared for the U.S. Department of Energy Assistant Secretary for Energy Efficiency and Renewable Energy Under DOE Idaho Operations Office Contract DE-AC07-05ID14517

152

Spatial Data Authentication Using Mathematical Visualization  

E-Print Network (OSTI)

Spatial Data Authentication Using Mathematical Visualization Vert, G., Harris, F., Nasser, S. Dept has become an increasingly compromised method to transmit any type of data including spatial data. Due to the criticality of spatial data in decision making processes that range from military targeting to urban planning

Harris Jr., Frederick C.

153

Vulnerability Assessment Team (VAT) - Nuclear Engineering Division  

NLE Websites -- All DOE Office Websites (Extended Search)

Vulnerability Assessment Team Vulnerability Assessment Team VAT Projects Introducing the VAT Adversarial Vulnerability Assessments Safety Tags & Product Counterfeiting Election Security Spoofing GPS Defeating Existing Tamper-Indicating Seals Specialty Field Tools & Sampling Tools Insider Threat Mitigation Drug Testing Security Microprocessor Prototypes The Journal of Physical Security Vulnerability Assessments Vulnerability Assessments Insanely Fast µProcessor Shop Insanely Fast µProcessor Shop Seals About Seals Applications of Seals Common Myths about Tamper Indicating Seals Definitions Findings and Lessons Learned New Seals Types of Seals Seals References Selected VAT Papers Selected VAT Papers Selected Invited Talks Self-Assessment Survey Security Maxims Devil's Dictionary of Security Terms

154

V-211: IBM iNotes Multiple Vulnerabilities  

Energy.gov (U.S. Department of Energy (DOE))

IBM iNotes has two cross-site scripting vulnerabilities and an ActiveX Integer overflow vulnerability

155

Bypass Pigging of Subsea Pipelines Suffering Wax Deposition.  

E-Print Network (OSTI)

?? Which criteria to pay attention to is important when finding the optimal pigging frequency. This thesis illustrates the forces acting on a bypass pig (more)

Galta, Tore

2014-01-01T23:59:59.000Z

156

V-162: Apache Struts "ParameterInterceptor" Security Bypass Vulnerabil...  

Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

to enable method execution and execute arbitrary methods, bypassing Struts and OGNL library protections. 2. Any unsanitized String variable exposed by an action and have it...

157

A generic mechanism for efficient authentication in B3G networks  

Science Journals Connector (OSTI)

A user in Beyond 3rd Generation (B3G) networks in order to get access to the network services must perform a multi-pass authentication procedure, which includes two or three sequential authentications steps. These multiple authentication steps include ... Keywords: Authentication performance, B3G networks, B3G security, Multi-pass authentication, Security binding

Christoforos Ntantogian, Christos Xenakis, Ioannis Stavrakakis

2010-06-01T23:59:59.000Z

158

Verifiable process monitoring through enhanced data authentication.  

SciTech Connect

To ensure the peaceful intent for production and processing of nuclear fuel, verifiable process monitoring of the fuel production cycle is required. As part of a U.S. Department of Energy (DOE)-EURATOM collaboration in the field of international nuclear safeguards, the DOE Sandia National Laboratories (SNL), the European Commission Joint Research Centre (JRC) and Directorate General-Energy (DG-ENER) developed and demonstrated a new concept in process monitoring, enabling the use of operator process information by branching a second, authenticated data stream to the Safeguards inspectorate. This information would be complementary to independent safeguards data, improving the understanding of the plant's operation. The concept is called the Enhanced Data Authentication System (EDAS). EDAS transparently captures, authenticates, and encrypts communication data that is transmitted between operator control computers and connected analytical equipment utilized in nuclear processes controls. The intent is to capture information as close to the sensor point as possible to assure the highest possible confidence in the branched data. Data must be collected transparently by the EDAS: Operator processes should not be altered or disrupted by the insertion of the EDAS as a monitoring system for safeguards. EDAS employs public key authentication providing 'jointly verifiable' data and private key encryption for confidentiality. Timestamps and data source are also added to the collected data for analysis. The core of the system hardware is in a security enclosure with both active and passive tamper indication. Further, the system has the ability to monitor seals or other security devices in close proximity. This paper will discuss the EDAS concept, recent technical developments, intended application philosophy and the planned future progression of this system.

Goncalves, Joao G. M. (European Commission Joint Research Centre, Italy); Schwalbach, Peter (European Commission Directorate General%3CU%2B2014%3EEnergy, Luxemburg); Schoeneman, Barry Dale; Ross, Troy D.; Baldwin, George Thomas

2010-09-01T23:59:59.000Z

159

Bypass diode for a solar cell  

DOE Patents (OSTI)

Methods of fabricating bypass diodes for solar cells are described. In once embodiment, a method includes forming a first conductive region of a first conductivity type above a substrate of a solar cell. A second conductive region of a second conductivity type is formed on the first conductive region. In another embodiment, a method includes forming a first conductive region of a first conductivity type above a substrate of a solar cell. A second conductive region of a second conductivity type is formed within, and surrounded by, an uppermost portion of the first conductive region but is not formed in a lowermost portion of the first conductive region.

Rim, Seung Bum; Kim, Taeseok; Smith, David D; Cousins, Peter J

2013-11-12T23:59:59.000Z

160

E-Print Network 3.0 - aortocoronary bypass surgery Sample Search...  

NLE Websites -- All DOE Office Websites (Extended Search)

by- pass surgery versus a femoral-femoral bypass procedure. In addition... In Vivo Validation of Numerical Prediction of Blood Flow in Arterial Bypass Grafts JOY ... Source:...

Note: This page contains sample records for the topic "authentication bypass vulnerability" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


161

Oil Bypass Filter and Diesel Engine Idling Wear-Rate Evaluations...  

Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

Bypass Filter and Diesel Engine Idling Wear-Rate Evaluations Oil Bypass Filter and Diesel Engine Idling Wear-Rate Evaluations 2005 Diesel Engine Emissions Reduction (DEER)...

162

Economic vulnerability to Peak Oil  

Science Journals Connector (OSTI)

Abstract Peak Oil, which refers to the maximum possible global oil production rate, is increasingly gaining attention in both science and policy discourses. However, little is known about how this phenomenon will impact economies, despite its apparent imminence and potential dangers. In this paper, we construct a vulnerability map of the U.S. economy, combining two approaches for analyzing economic systems, i.e. inputoutput analysis and social network analysis (applied to economic data). Our approach reveals the relative importance of individual economic sectors, and how vulnerable they are to oil price shocks. As such, our dual-analysis helps identify which sectors, due to their strategic position, could put the entire U.S. economy at risk from Peak Oil. For the U.S., such sectors would include Iron Mills, Fertilizer Production and Transport by Air. Our findings thus provide early warnings to downstream companies about potential trouble in their supply chain, and inform policy action for Peak Oil. Although our analysis is embedded in a Peak Oil narrative, it is just as valid and useful in the context of developing a climate roadmap toward a low carbon economy.

Christian Kerschner; Christina Prell; Kuishuang Feng; Klaus Hubacek

2013-01-01T23:59:59.000Z

163

Formal analysis of device authentication applications in ubiquitous computing.  

SciTech Connect

Authentication between mobile devices in ad-hoc computing environments is a challenging problem. Without pre-shared knowledge, existing applications rely on additional communication methods, such as out-of-band or location-limited channels for device authentication. However, no formal analysis has been conducted to determine whether out-of-band channels are actually necessary. We answer this question through formal analysis, and use BAN logic to show that device authentication using a single channel is not possible.

Shin, Dongwan (New Mexico Tech, Socorro, NM); Claycomb, William R.

2010-11-01T23:59:59.000Z

164

Assessing Climate Change Impacts, Vulnerability and Adaptation...  

Open Energy Info (EERE)

The Case of Pantabangan-Carranglan Watershed Jump to: navigation, search Name Assessing Climate Change Impacts, Vulnerability and Adaptation: The Case of Pantabangan-Carranglan...

165

V-150: Apache VCL Input Validation Flaw Lets Remote Authenticated...  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

or userGrant) can send specially crafted data via the web interface or XMLRPC API to gain additional administrative privileges. IMPACT: A remote authenticated user can...

166

U-268: Oracle Database Authentication Protocol Discloses Session...  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

the authentication protocol at the time of this entry. Please visit the Oracle Critical Patch Updates, Security Alerts and Third Party Bulletin for additional information when it...

167

Dos and don'ts of client authentication on the web  

Science Journals Connector (OSTI)

Client authentication has been a continuous source of problems on the Web. Although many well-studied techniques exist for authentication, Web sites continue to use extremely weak authentication schemes, especially in non-enterprise environments such ...

Kevin Fu; Emil Sit; Kendra Smith; Nick Feamster

2001-08-01T23:59:59.000Z

168

Serious leisure, participation and experience in tourism: authenticity and ritual in a renaissance festival  

E-Print Network (OSTI)

the serious festival participation were reminiscent of tourism existential authenticity specified by Wang (1999) as two levels: intrapersonal authenticity (gaining one?s true self) and interpersonal authenticity (gaining true human relationship). A search...

Kim, Hyounggon

2005-02-17T23:59:59.000Z

169

JC3 Bulletin Archive | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

March 8, 2013 March 8, 2013 V-107: Wireshark Multiple Denial of Service Vulnerabilities Multiple vulnerabilities have been reported in Wireshark, which can be exploited by malicious people to cause a DoS (Denial of Service). March 7, 2013 V-106: Citrix Access Gateway Unspecified Security Bypass Vulnerability A vulnerability has been reported in Citrix Access Gateway, which can be exploited by malicious people to bypass certain security restrictions. March 6, 2013 V-105: Google Chrome Multiple Vulnerabilities Multiple vulnerabilities have been reported in Google Chrome March 5, 2013 V-104: Oracle Java Flaw Lets Remote Users Execute Arbitrary Code A vulnerability was reported in Oracle Java March 4, 2013 V-103: RSA Authentication Agent Lets Remote Users Bypass Authentication

170

Detecting Network Vulnerabilities Through Graph Theoretical Methods  

E-Print Network (OSTI)

benchmark power networks. 1 Introduction The electric power grid network is susceptible to power outages of our work is power networks, our techniques are applicable to other systems such as the transportation vulnerabilities in power networks is an important prob- lem, as even a small number of vulnerable connections can

Geddes, Cameron Guy Robinson

171

Secure password-based authenticated key exchange for web services  

Science Journals Connector (OSTI)

This paper discusses an implementation of an authenticated key-exchange method rendered on message primitives defined in the WS-Trust and WS-SecureConversation specifications. This IEEE-specified cryptographic method (AuthA) is proven-secure for password-based ... Keywords: authenticated key exchange, password, security, web services

Liang Fang; Samuel Meder; Olivier Chevassut; Frank Siebenlist

2004-10-01T23:59:59.000Z

172

Enhancing CardSpace Authentication Using a Mobile Device  

E-Print Network (OSTI)

, authentication. 1 Introduction In line with the continuing increase in the number of on-line services requir- ing design goals of CardSpace is to reduce reliance on password authentication. We address this limitation, since the additional overhead is handled by the client. The remainder of the paper is

Sheldon, Nathan D.

173

Challenges and architectural approaches for authenticating mobile users  

Science Journals Connector (OSTI)

This paper casts an architectural eye at existing work on security and privacy in mobile computing. Specifically, it focuses on authentication as it leads up to access control from two points of view: servicer providers granting access to users, and ... Keywords: access control, anonymity, authentication, mobile computing, trust, ubiquitous computing, user mobility

Joo Pedro Sousa

2008-05-01T23:59:59.000Z

174

Vulnerability Take Grant (VTG): An efficient approach to analyze network vulnerabilities  

Science Journals Connector (OSTI)

Modeling and analyzing information system vulnerabilities help predict possible attacks to computer networks using vulnerabilities information and the network configuration. In this paper, we propose a comprehensive approach to analyze network vulnerabilities in order to answer the safety problem focusing on vulnerabilities. The approach which is called Vulnerability Take Grant (VTG) is a graph-based model consists of subject/objects as nodes and rights/relations as edges to represent the system protection state. Each node may have properties including single vulnerabilities such as buffer overflow. We use the new concept of vulnerability rewriting rule to specify the requirements and consequences of exploiting vulnerabilities. Analysis of the model is achieved using our bounded polynomial algorithm, which generates the most permissive graph in order to verify whether a subject can obtain an access right over an object. The algorithm also finds the likely attack scenarios. Applicability of the approach is investigated by modeling widespread vulnerabilities in their general patterns. A real network is modeled as a case study in order to examine how an attacker can gain unauthorized access via exploiting the chain of vulnerabilities. Our experience shows the efficiency, applicability, and expressiveness in modeling a broader range of vulnerabilities in our approach in comparison to the previous approaches.

Hamid Reza Shahriari; Rasool Jalili

2007-01-01T23:59:59.000Z

175

T-570: HP Security Bulletin - HP-UX Running OpenSSL, Remote Execution of  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

70: HP Security Bulletin - HP-UX Running OpenSSL, Remote 70: HP Security Bulletin - HP-UX Running OpenSSL, Remote Execution of Arbitrary Code, Denial of Service (DoS), Authentication Bypass T-570: HP Security Bulletin - HP-UX Running OpenSSL, Remote Execution of Arbitrary Code, Denial of Service (DoS), Authentication Bypass March 4, 2011 - 3:05pm Addthis PROBLEM: Potential Security Impact: Remote execution of arbitrary code, Denial of Service (DoS), authentication bypass. PLATFORM: HP-UX B.11.11, B.11.23, B.11.31 running OpenSSL before vA.00.09.08q. ABSTRACT: A potential security vulnerability has been identified with HP-UX OpenSSL. This vulnerability could be exploited remotely to execute arbitrary code or create a Denial of Service (DoS) or an authentication bypass. reference LINKS: Net-Security Advisory: HPSBUX02638

176

T-570: HP Security Bulletin - HP-UX Running OpenSSL, Remote Execution of  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

0: HP Security Bulletin - HP-UX Running OpenSSL, Remote 0: HP Security Bulletin - HP-UX Running OpenSSL, Remote Execution of Arbitrary Code, Denial of Service (DoS), Authentication Bypass T-570: HP Security Bulletin - HP-UX Running OpenSSL, Remote Execution of Arbitrary Code, Denial of Service (DoS), Authentication Bypass March 4, 2011 - 3:05pm Addthis PROBLEM: Potential Security Impact: Remote execution of arbitrary code, Denial of Service (DoS), authentication bypass. PLATFORM: HP-UX B.11.11, B.11.23, B.11.31 running OpenSSL before vA.00.09.08q. ABSTRACT: A potential security vulnerability has been identified with HP-UX OpenSSL. This vulnerability could be exploited remotely to execute arbitrary code or create a Denial of Service (DoS) or an authentication bypass. reference LINKS: Net-Security Advisory: HPSBUX02638

177

CFD Analysis of Core Bypass Phenomena  

SciTech Connect

The U.S. Department of Energy is exploring the potential for the VHTR which will be either of a prismatic or a pebble-bed type. One important design consideration for the reactor core of a prismatic VHTR is coolant bypass flow which occurs in the interstitial regions between fuel blocks. Such gaps are an inherent presence in the reactor core because of tolerances in manufacturing the blocks and the inexact nature of their installation. Furthermore, the geometry of the graphite blocks changes over the lifetime of the reactor because of thermal expansion and irradiation damage. The existence of the gaps induces a flow bias in the fuel blocks and results in unexpected increase of maximum fuel temperature. Traditionally, simplified methods such as flow network calculations employing experimental correlations are used to estimate flow and temperature distributions in the core design. However, the distribution of temperature in the fuel pins and graphite blocks as well as coolant outlet temperatures are strongly coupled with the local heat generation rate within fuel blocks which is not uniformly distributed in the core. Hence, it is crucial to establish mechanistic based methods which can be applied to the reactor core thermal hydraulic design and safety analysis. Computational Fluid Dynamics (CFD) codes, which have a capability of local physics based simulation, are widely used in various industrial fields. This study investigates core bypass flow phenomena with the assistance of commercial CFD codes and establishes a baseline for evaluation methods. A one-twelfth sector of the hexagonal block surface is modeled and extruded down to whole core length of 10.704m. The computational domain is divided vertically with an upper reflector, a fuel section and a lower reflector. Each side of the sector grid can be set as a symmetry boundary

Richard W. Johnson; Hiroyuki Sato; Richard R. Schultz

2010-03-01T23:59:59.000Z

178

CFD Analysis of Core Bypass Phenomena  

SciTech Connect

The U.S. Department of Energy is exploring the potential for the VHTR which will be either of a prismatic or a pebble-bed type. One important design consideration for the reactor core of a prismatic VHTR is coolant bypass flow which occurs in the interstitial regions between fuel blocks. Such gaps are an inherent presence in the reactor core because of tolerances in manufacturing the blocks and the inexact nature of their installation. Furthermore, the geometry of the graphite blocks changes over the lifetime of the reactor because of thermal expansion and irradiation damage. The existence of the gaps induces a flow bias in the fuel blocks and results in unexpected increase of maximum fuel temperature. Traditionally, simplified methods such as flow network calculations employing experimental correlations are used to estimate flow and temperature distributions in the core design. However, the distribution of temperature in the fuel pins and graphite blocks as well as coolant outlet temperatures are strongly coupled with the local heat generation rate within fuel blocks which is not uniformly distributed in the core. Hence, it is crucial to establish mechanistic based methods which can be applied to the reactor core thermal hydraulic design and safety analysis. Computational Fluid Dynamics (CFD) codes, which have a capability of local physics based simulation, are widely used in various industrial fields. This study investigates core bypass flow phenomena with the assistance of commercial CFD codes and establishes a baseline for evaluation methods. A one-twelfth sector of the hexagonal block surface is modeled and extruded down to whole core length of 10.704m. The computational domain is divided vertically with an upper reflector, a fuel section and a lower reflector. Each side of the one-twelfth grid can be set as a symmetry boundary

Richard W. Johnson; Hiroyuki Sato; Richard R. Schultz

2009-11-01T23:59:59.000Z

179

T-730: Vulnerability in Citrix Provisioning Services could result...  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

Vulnerability in Citrix Provisioning Services could result in Arbitrary Code Execution T-730: Vulnerability in Citrix Provisioning Services could result in Arbitrary Code...

180

T-565: Vulnerability in Microsoft Malware Protection Engine Could...  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

in Microsoft Malware Protection Engine Could Allow Elevation of PrivilegeVulnerability T-565: Vulnerability in Microsoft Malware Protection Engine Could Allow Elevation of...

Note: This page contains sample records for the topic "authentication bypass vulnerability" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


181

Common Cyber Security Vulnerabilities Observed in Control System...  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

Common Cyber Security Vulnerabilities Observed in Control System Assessments by the INL NSTB Program Common Cyber Security Vulnerabilities Observed in Control System Assessments by...

182

Locating Climate Insecurity: Where Are the Most Vulnerable Places...  

Open Energy Info (EERE)

Insecurity: Where Are the Most Vulnerable Places in Africa? Jump to: navigation, search Tool Summary LAUNCH TOOL Name: Locating Climate Insecurity: Where Are the Most Vulnerable...

183

Useful Resources- Vulnerability Assessment Team - Nuclear Engineering  

NLE Websites -- All DOE Office Websites (Extended Search)

Selected Publications Selected Publications VAT Projects Introducing the VAT Adversarial Vulnerability Assessments Safety Tags & Product Counterfeiting Election Security Spoofing GPS Defeating Existing Tamper-Indicating Seals Specialty Field Tools & Sampling Tools Insider Threat Mitigation Drug Testing Security Microprocessor Prototypes The Journal of Physical Security Vulnerability Assessments Vulnerability Assessments Insanely Fast µProcessor Shop Insanely Fast µProcessor Shop Seals About Seals Applications of Seals Common Myths about Tamper Indicating Seals Definitions Findings and Lessons Learned New Seals Types of Seals Seals References Selected VAT Papers Selected VAT Papers Selected Invited Talks Self-Assessment Survey Security Maxims Devil's Dictionary of Security Terms Argonne's VAT (brochure)

184

Definitions, Seals - Vulnerability Assessment Team - Nuclear Engineering  

NLE Websites -- All DOE Office Websites (Extended Search)

Definitions Definitions VAT Projects Introducing the VAT Adversarial Vulnerability Assessments Safety Tags & Product Counterfeiting Election Security Spoofing GPS Defeating Existing Tamper-Indicating Seals Specialty Field Tools & Sampling Tools Insider Threat Mitigation Drug Testing Security Microprocessor Prototypes The Journal of Physical Security Vulnerability Assessments Vulnerability Assessments Insanely Fast µProcessor Shop Insanely Fast µProcessor Shop Seals About Seals Applications of Seals Common Myths about Tamper Indicating Seals Definitions Findings and Lessons Learned New Seals Types of Seals Seals References Selected VAT Papers Selected VAT Papers Selected Invited Talks Self-Assessment Survey Security Maxims Devil's Dictionary of Security Terms Argonne's VAT (brochure)

185

Safety - Vulnerability Assessment Team - Nuclear Engineering Division  

NLE Websites -- All DOE Office Websites (Extended Search)

Safety Safety VAT Projects Introducing the VAT Adversarial Vulnerability Assessments Safety Tags & Product Counterfeiting Election Security Spoofing GPS Defeating Existing Tamper-Indicating Seals Specialty Field Tools & Sampling Tools Insider Threat Mitigation Drug Testing Security Microprocessor Prototypes The Journal of Physical Security Vulnerability Assessments Vulnerability Assessments Insanely Fast µProcessor Shop Insanely Fast µProcessor Shop Seals About Seals Applications of Seals Common Myths about Tamper Indicating Seals Definitions Findings and Lessons Learned New Seals Types of Seals Seals References Selected VAT Papers Selected VAT Papers Selected Invited Talks Self-Assessment Survey Security Maxims Devil's Dictionary of Security Terms Argonne's VAT (brochure)

186

EA-1262: McKay Bypass Canal Extension, Golden, Colorado  

Energy.gov (U.S. Department of Energy (DOE))

This EA evaluates the environmental impacts for the proposal to extend the McKay Bypass Canal in order to route water from the existing Canal north of the Walnut Creek drainage on the east side of...

187

Thermal Bypass Air Barriers in the 2009 International Energy...  

Energy Savers (EERE)

of thermal bypass air barriers, which led to their inclusion in ENERGY STAR for Homes Version 3 specifications in 2006 and then to inclusion in the 2009 IECC. Since...

188

Bypass flow computations on the LOFA transient in a VHTR  

SciTech Connect

Bypass flow in the prismatic gas-cooled very high temperature reactor (VHTR) is not intentionally designed to occur, but is present in the gaps between graphite blocks. Previous studies of the bypass flow in the core indicated that the cooling provided by flow in the bypass gaps had a significant effect on temperature and flow distributions for normal operating conditions. However, the flow and heat transports in the core are changed significantly after a Loss of Flow Accident (LOFA). This study aims to study the effect and role of the bypass flow after a LOFA in terms of the temperature and flow distributions and for the heat transport out of the core by natural convection of the coolant for a 1/12 symmetric section of the active core which is composed of images and mirror images of two sub-region models. The two sub-region models, 9 x 1/12 and 15 x 1/12 symmetric sectors of the active core, are employed as the CFD flow models using computational grid systems of 70.2 million and 117 million nodes, respectively. It is concluded that the effect of bypass flow is significant for the initial conditions and the beginning of LOFA, but the bypass flow has little effect after a long period of time in the transient computation of natural circulation.

Yu-Hsin Tung [National Tsing Hua Univ., Hsinchu (Taiwan). Inst. of Nuclear Engineering and Science; Richard W. Johnson [Idaho National Laboratory (INL), Idaho Falls, ID (United States); Yuh-Ming Ferng [National Tsing Hua Univ., Hsinchu (Taiwan). Inst. of Nuclear Engineering and Science; Ching-Chang Chieng [City Univ. of Hong Kong, Kowloon (Hong Kong). Dept. of Mechanical and Biomedical Engineering

2014-01-01T23:59:59.000Z

189

Safeguarding Children and Vulnerable Adults 1. Introduction  

E-Print Network (OSTI)

1 Safeguarding Children and Vulnerable Adults 1. Introduction 2. Definition & Legislation 3. Scope 4. Roles & Responsibilities 5. Action Appendix 1 ­ Handling a Safeguarding Case & Contacts as best practice for all safeguarding activity; however, this policy reflects the different practices

Anderson, Jim

190

2011 Raj JainCSE571SWashington University in St. Louis Authentication, Authorization,Authentication, Authorization,  

E-Print Network (OSTI)

23-1 ©2011 Raj JainCSE571SWashington University in St. Louis Authentication, Authorization://www.cse.wustl.edu/~jain/cse571-11/ #12;23-2 ©2011 Raj JainCSE571SWashington University in St. Louis OverviewOverview RADIUS 802.1X #12;23-3 ©2011 Raj JainCSE571SWashington University in St. Louis RADIUSRADIUS Remote

Jain, Raj

191

CDKN-Colombia-Cartagena Vulnerability Assessment | Open Energy Information  

Open Energy Info (EERE)

Cartagena Vulnerability Assessment Cartagena Vulnerability Assessment Jump to: navigation, search Name CDKN-Colombia-Cartagena Vulnerability Assessment Agency/Company /Organization Climate and Development Knowledge Network (CDKN), United Kingdom Department for International Development Sector Climate Topics Background analysis, Low emission development planning, Pathways analysis Website http://resilient-cities.iclei. Country Colombia UN Region South America References CDKN-Colombia-Cartagena Vulnerability Assessment[1] CDKN-Colombia-Cartagena Vulnerability Assessment Screenshot This article is a stub. You can help OpenEI by expanding it. References ↑ "CDKN-Colombia-Cartagena Vulnerability Assessment" Retrieved from "http://en.openei.org/w/index.php?title=CDKN-Colombia-Cartagena_Vulnerability_Assessment&oldid=407543

192

T-565: Vulnerability in Microsoft Malware Protection Engine Could Allow  

NLE Websites -- All DOE Office Websites (Extended Search)

65: Vulnerability in Microsoft Malware Protection Engine Could 65: Vulnerability in Microsoft Malware Protection Engine Could Allow Elevation of PrivilegeVulnerability T-565: Vulnerability in Microsoft Malware Protection Engine Could Allow Elevation of PrivilegeVulnerability February 25, 2011 - 7:40am Addthis PROBLEM: Vulnerability in Microsoft Malware Protection Engine Could Allow Elevation of PrivilegeVulnerability. PLATFORM: Microsoft Malware Protection Engine Last version of the Microsoft Malware Protection Engine affected by this vulnerability: Version 1.1.6502.0 This version is the last version of the Microsoft Malware Protection Engine that is affected by the vulnerability. First version of the Microsoft Malware Protection Engine with this vulnerability addressed:Version 1.1.6603.0 If the version of the Microsoft Malware Protection Engine is equal to or

193

Secure password-based authenticated key exchange for web services  

SciTech Connect

This paper discusses an implementation of an authenticated key-exchange method rendered on message primitives defined in the WS-Trust and WS-SecureConversation specifications. This IEEE-specified cryptographic method (AuthA) is proven-secure for password-based authentication and key exchange, while the WS-Trust and WS-Secure Conversation are emerging Web Services Security specifications that extend the WS-Security specification. A prototype of the presented protocol is integrated in the WSRF-compliant Globus Toolkit V4. Further hardening of the implementation is expected to result in a version that will be shipped with future Globus Toolkit releases. This could help to address the current unavailability of decent shared-secret-based authentication options in the Web Services and Grid world. Future work will be to integrate One-Time-Password (OTP) features in the authentication protocol.

Liang, Fang; Meder, Samuel; Chevassut, Olivier; Siebenlist, Frank

2004-11-22T23:59:59.000Z

194

T-659: Update support for RSA Authentication Manager | Department...  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

Manager July 1, 2011 - 7:15am Addthis PROBLEM: Authentication Manager SP4 Patch 4 Windows Server 2008 PLATFORM: Windows Server 2008 SP4 Patch 4 32bit & 64bit...

195

V-174: RSA Authentication Manager Writes Operating System, SNMP...  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

SNMP, and HTTP plug-in proxy passwords. SOLUTION: The vendor has issued a fix (8.0 Patch 1 (P1)). Addthis Related Articles V-195: RSA Authentication Manager Lets Local Users...

196

Vulnerability analysis of biometric systems using attack trees.  

E-Print Network (OSTI)

??Designing a secure authentication system is a challenging task, as many factors must be taken into consideration. Applications of biometric systems typically require robust system (more)

Speicher, Denis.

2006-01-01T23:59:59.000Z

197

Evaluation of Oil Bypass Filter Technology on Heavy-Duty Vehicles  

NLE Websites -- All DOE Office Websites (Extended Search)

(Advanced Vehicle Testing Activity) (Advanced Vehicle Testing Activity) Evaluation of Oil Bypass Filter Technology on Heavy-Duty Vehicles James Francfort American Filtration and Separations Society April 2005 Presentation Outline * Background & Objectives * Oil bypass filters - features & reported benefits * INL testing method * puraDYN oil bypass filters * Refined Global Solutions (RGS) oil bypass filters * Testing results & trends * Particulate and ferrography testing * Initial INL Oil Bypass Filter Economics * Potential fleet oil savings * Testing Status Bypass Filter Evaluation - Background * Funded by the U.S. Department of Energy's FreedomCAR & Vehicle Technologies Program (Advanced Vehicle Testing Activity) * Vehicles operated by Idaho National Laboratory's Fleet Operations group * Idaho National Laboratory

198

EER of fixed and trainable fusion classifiers: A theoretical study with application to biometric authentication tasks  

E-Print Network (OSTI)

Biometric authentication is a process of verifying an identity claim using a persons behavioural and physiological characteristics. Due to the vulnerability of the system to environmental noise and variation caused by the user, fusion of several biometric-enabled systems is identified as a promising solution. In the literature, various fixed rules (e.g. min, max, median, mean) and trainable classifiers (e.g. linear combination of scores or weighted sum) are used to combine the scores of several base-systems. How exactly do correlation and imbalance nature of base-system performance affect the fixed rules and trainable classifiers? We study these joint aspects using the commonly used error measurement in biometric authentication, namely Equal Error Rate (EER). Similar to several previous studies in the literature, the central assumption used here is that the class-dependent scores of a biometric system are approximately normally distributed. However, different from them, the novelty of this study is to make a direct link between the EER measure and the fusion schemes mentioned. Both synthetic and real experiments (with as many as 256 fusion experiments carried out on the XM2VTS benchmark score-level fusion data sets) verify our proposed theoretical modeling of EER of the two families of combination scheme. In particular, it is found that weighted sum can provide the best generalisation performance when its weights are estimated correctly. It also has the additional advantage that score normalisation prior to fusion is not needed, contrary to the rest of fixed fusion rules.

Norman Poh; Samy Bengio

2005-01-01T23:59:59.000Z

199

EER of Fixed and Trainable Fusion Classifiers: A Theoretical Study with Application to Biometric Authentication Tasks  

E-Print Network (OSTI)

submitted for publication Abstract. Biometric authentication is a process of verifying an identity claim using a persons behavioural and physiological characteristics. Due to the vulnerability of the system to environmental noise and variation caused by the user, fusion of several biometric-enabled systems is identified as a promising solution. In the literature, various fixed rules (e.g. min, max, median, mean) and trainable classifiers (e.g. linear combination of scores or weighted sum) are used to combine the scores of several base-systems. How exactly do correlation and imbalance nature of base-system performance affect the fixed rules and trainable classifiers? We study these joint aspects using the commonly used error measurement in biometric authentication, namely Equal Error Rate (EER). Similar to several previous studies in the literature, the central assumption used here is that the class-dependent scores of a biometric system are approximately normally distributed. However, different from them, the novelty of this study is to make a direct link between the EER measure and the fusion schemes mentioned. Both synthetic and real experiments (with as many as 512 fusion experiments carried out on the XM2VTS benchmark score-level fusion data sets) verify our proposed theoretical modeling of EER of the two families of combination scheme. In particular, it is found that weighted sum can provide the best generalisation performance when its weights are estimated correctly. It also has the additional advantage that score normalisation prior to fusion is not needed, contrary to the rest of fixed fusion rules. 2 IDIAPRR 05-01 1

Norman Poh A; Samy Bengio A; Norman Poh; Samy Bengio

2005-01-01T23:59:59.000Z

200

JC3 Medium Impact Assessment Bulletins | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

December 28, 2012 December 28, 2012 V-057: eXtplorer "ext_find_user()" Authentication Bypass Vulnerability A vulnerability has been reported in eXtplorer, which can be exploited by malicious people to bypass certain security restrictions. December 26, 2012 V-055: Firefly Media Server Null Pointer Dereference Lets Remote Users Deny Service A vulnerability was reported in Firefly Media Server December 24, 2012 V-053: Adobe Shockwave player installs Xtras without prompting A vulnerability was reported in Adobe Shockwave. December 21, 2012 V-052: Drupal Core Access Bypass and Arbitrary PHP Code Execution Vulnerabilities Drupal Core Multiple vulnerabilities December 19, 2012 V-050: IBM InfoSphere Information Server Multiple Vulnerabilities Multiple vulnerabilities have been reported in IBM InfoSphere Information

Note: This page contains sample records for the topic "authentication bypass vulnerability" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


201

Enhancing Energy Infrastructure Resiliency and Addressing Vulnerabilities  

Energy.gov (U.S. Department of Energy (DOE))

Quadrennial Energy Review Task Force Secretariat and Energy Policy and Systems Analysis Staff, U. S. Department of Energy (DOE) Public Meeting on Enhancing Resilience in Energy Infrastructure and Addressing Vulnerabilities On Friday, April 11, 2014, at 10 a.m. in room HVC-215 of the U.S. Capitol, the Department of Energy (DOE), acting as the Secretariat for the Quadrennial Energy Review Task Force, will hold a public meeting to discuss and receive comments on issues related to the Quadrennial Energy Review (QER). The meeting will focus on infrastructure vulnerabilities related to the electricity, natural gas and petroleum transmission, storage and distribution systems (TS&D). The meeting will consist of two facilitated panels of experts on identifying and addressing vulnerabilities within the nations energy TS&D infrastructure. Following the panels, an opportunity will be provided for public comment via an open microphone session. The meeting will be livestreamed at energy.gov/live

202

V-131: Adobe Shockwave Player Multiple Vulnerabilities | Department of  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

1: Adobe Shockwave Player Multiple Vulnerabilities 1: Adobe Shockwave Player Multiple Vulnerabilities V-131: Adobe Shockwave Player Multiple Vulnerabilities April 11, 2013 - 6:00am Addthis PROBLEM: Multiple vulnerabilities have been reported in Adobe Shockwave Player PLATFORM: The vulnerabilities are reported in versions 12.0.0.112 and prior ABSTRACT: This update addresses vulnerabilities that could allow an attacker to run malicious code on the affected system REFERENCE LINKS: Secunia Advisory: SA52981 Adobe Security Bulletin CVE-2013-1383 CVE-2013-1384 CVE-2013-1385 CVE-2013-1386 IMPACT ASSESSMENT: High DISCUSSION: This update resolves : 1) A buffer overflow vulnerability that could lead to code execution 2) Memory corruption vulnerabilities that could lead to code execution 3) Memory leakage vulnerability that could be exploited to reduce the

203

T-709:Mac OS X Keychain Certificate Settings Can Be Bypassed...  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

09:Mac OS X Keychain Certificate Settings Can Be Bypassed By Remote Users T-709:Mac OS X Keychain Certificate Settings Can Be Bypassed By Remote Users September 2, 2011 - 12:00pm...

204

HYDROLOGY AND CHEMISTRY OF FLOODWATERS IN THE YOLO BYPASS, SACRAMENTO RIVER SYSTEM, CALIFORNIA, DURING 2000.  

E-Print Network (OSTI)

HYDROLOGY AND CHEMISTRY OF FLOODWATERS IN THE YOLO BYPASS, SACRAMENTO RIVER SYSTEM, CALIFORNIA..................................................1 Introduction..............................................2 Hydrology of the Yolo Bypass....................7 Dissolved Metals....................................10 Samples collected by boat in the Yolo

205

The 2011 Military Communications Conference -Track 3 -Cyber Security and Network Operations From Security to Vulnerability: Data Authentication  

E-Print Network (OSTI)

in Substation Automation Systems (SAS). To this end, we establish a small-scale SAS prototype with commonly, an upgrade of in formation technologies is essential from out-of-date serial communication technologies [2

Wang, Wenye

206

Floodwater Chemistry in the Yolo Bypass during Winter and Spring 1998  

E-Print Network (OSTI)

Floodwater Chemistry in the Yolo Bypass during Winter and Spring 1998 Open-File Report 2007­1025 U.S. Department of the Interior U.S. Geological Survey #12;Floodwater Chemistry in the Yolo Bypass during Winter-USGS Suggested citation: Schemel, L.E., Cox, M.H., 2007, Floodwater Chemistry in the Yolo Bypass during Winter

207

Analysis of vulnerability to facebook users  

Science Journals Connector (OSTI)

Facebook, the largest social network nowadays currently has 901 million active users, with 526 million of them accessing the system daily. With a very rapid growth, Facebook has become a potential site for the collection of personal information by unauthorized ... Keywords: exposure, facebook, social networks, vulnerability

Michelle Hanne; Cristiano Silva; Jussara Almeida; Marcos Gonalves

2012-10-01T23:59:59.000Z

208

WATER AND ENERGY SECTOR VULNERABILITY TO CLIMATE  

E-Print Network (OSTI)

WATER AND ENERGY SECTOR VULNERABILITY TO CLIMATE WARMING IN THE SIERRA NEVADA: Water Year explores the sensitivity of water indexing methods to climate change scenarios to better understand how water management decisions and allocations will be affected by climate change. Many water management

209

Fragile Networks: Identifying Vulnerabilities and Synergies  

E-Print Network (OSTI)

, Efficiency Measurement, and Vulnerability Analysis · Part II: Applications and Extensions · Part III: Mergers the foundations for transportation and logistics, for communication, energy provision, social interactions that underlie our societies and economies are large-scale and complex in nature, they are liable to be faced

Nagurney, Anna

210

Using Semantics for Automating the Authentication of Web APIs  

E-Print Network (OSTI)

Abstract. Recent technology developments in the area of services on the Web are marked by the proliferation of Web applications and APIs. The implementation and evolution of applications based on Web APIs is, however, hampered by the lack of automation that can be achieved with current technologies. Research on semantic Web services is therefore trying to adapt the principles and technologies that were devised for traditional Web services, to deal with this new kind of services. In this paper we show that currently more than 80 % of the Web APIs require some form of authentication. Therefore authentication plays a major role for Web API invocation and should not be neglected in the context of mashups and composite data applications. We present a thorough analysis carried out over a body of publicly available APIs that determines the most commonly used authentication approaches. In the light of these results, we propose an ontology for the semantic annotation of Web API authentication information and demonstrate how it can be used to create semantic Web API descriptions. We evaluate the applicability of our approach by providing a prototypical implementation, which uses authentication annotations as the basis for automated service invocation. 1

Maria Maleshkova; Carlos Pedrinaci; John Domingue; Guillermo Alvaro; Ivan Martinez

211

Specifying authentication using signal events in CSP Siraj A. Shaikh (first and corresponding author)  

E-Print Network (OSTI)

1 Specifying authentication using signal events in CSP Siraj A. Shaikh (first and corresponding in the process algebra Communicating Sequential Processes (CSP) to specify authentication. The purpose, security protocols, CSP, formal specification, Kerberos 1. Introduction Schneider [1] uses Communicating

Doran, Simon J.

212

Efficient authentication scheme for data aggregation in smart grid with fault tolerance and fault diagnosis  

Science Journals Connector (OSTI)

Authentication schemes relying on per-packet signature and per-signature verification introduce heavy cost for computation and communication. Due to its constraint resources, smart grid's authentication requirement cannot be satisfied by this scheme. ...

Depeng Li; Zeyar Aung; John R. Williams; Abel Sanchez

2012-01-01T23:59:59.000Z

213

PAAS: A Privacy-Preserving Attribute-based Authentication System for eHealth Networks  

E-Print Network (OSTI)

PAAS: A Privacy-Preserving Attribute-based Authentication System for eHealth Networks Linke Guo PAAS which leverages users' verifiable attributes to authenticate users in eHealth systems while

Latchman, Haniph A.

214

Cycling firing method for bypass operation of bridge converters  

SciTech Connect

The bridge converter comprises a number of switching elements and an electronic logic system which regulated the electric power levels by controlling the firing, i.e., the initiation of the conduction period of the switching elements. Cyclic firing of said elements allows the direct current to bypass the alternating current system with high power factor and negligible losses.

Zabar, Zivan (99-72 66th Rd., Apt. 9N, Forest Hills, NY 11375)

1982-01-01T23:59:59.000Z

215

T-566: Citrix Secure Gateway Unspecified Vulnerability | Department of  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

6: Citrix Secure Gateway Unspecified Vulnerability 6: Citrix Secure Gateway Unspecified Vulnerability T-566: Citrix Secure Gateway Unspecified Vulnerability February 28, 2011 - 11:22pm Addthis PROBLEM: Citrix Secure Gateway Unspecified Vulnerability. PLATFORM: Citrix Secure Gateway version 3.1.4 ABSTRACT: A vulnerability has been reported in Citrix Secure Gateway, which can be exploited by malicious people to compromise a vulnerable system. reference LINKS: Citrix ID:CTX128168 Secunia Advisory SA43497 Citrix Support IMPACT ASSESSMENT: High Discussion: This vulnerability only affects Secure Gateway version 3.1.4. Secure Gateway version 3.2.0 is not affected by this vulnerability, but Citrix recommends that customers currently using this version upgrade their deployments to version 3.2.1 in line with the guidance provided in

216

V-038: Google Chrome Two Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

8: Google Chrome Two Vulnerabilities 8: Google Chrome Two Vulnerabilities V-038: Google Chrome Two Vulnerabilities December 3, 2012 - 1:00am Addthis PROBLEM: Google Chrome Two Vulnerabilities PLATFORM: The vulnerabilities are reported in versions prior to 23.0.1271.95. ABSTRACT: Two vulnerabilities have been reported in Google Chrome REFERENCE LINKS: Stable Channel Update Secunia Advisory SA51447 CVE-2012-5137 CVE-2012-5138 IMPACT ASSESSMENT: High DISCUSSION: Two vulnerabilities have been reported in Google Chrome, where one has an unknown impact and the other can be exploited by malicious people to compromise a user's system. 1) An error exists when handling file paths. 2) A use-after-free error exists when handling media sources. The vulnerabilities are reported in versions prior to 23.0.1271.95. IMPACT:

217

T-597: WordPress Multiple Security Vulnerabilities | Department...  

Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

7: WordPress Multiple Security Vulnerabilities T-597: WordPress Multiple Security Vulnerabilities April 7, 2011 - 5:42am Addthis PROBLEM: WordPress is prone to multiple security...

218

V-041: Red Hat CloudForms Multiple Vulnerabilities | Department...  

Energy Savers (EERE)

V-041: Red Hat CloudForms Multiple Vulnerabilities V-041: Red Hat CloudForms Multiple Vulnerabilities December 6, 2012 - 4:01am Addthis PROBLEM: Red Hat CloudForms Multiple...

219

IVF: characterizing the vulnerability of microprocessor structures to intermittent faults  

Science Journals Connector (OSTI)

With the advancement of CMOS manufacturing process to nano-scale, future shipped microprocessors will be increasingly vulnerable to intermittent faults. Quantitatively characterizing the vulnerability of microprocessor structures to intermittent faults ...

Songjun Pan; Yu Hu; Xiaowei Li

2010-03-01T23:59:59.000Z

220

JC3 Medium Impact Assessment Bulletins | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

Medium Impact Medium Impact Assessment Bulletins JC3 Medium Impact Assessment Bulletins RSS December 4, 2012 V-039: Samsung and Dell printers Firmware Backdoor Unauthorized Access Vulnerability Samsung has issued a security advisory and an optional firmware update for all current Samsung networked laser printers and multifunction devices to enhance Simple Network Management Protocol (SNMP) security. November 30, 2012 V-037: Wireshark Multiple Bugs Let Remote Users Deny Service Several vulnerabilities were reported in Wireshark. November 29, 2012 V-036: EMC Smarts Network Configuration Manager Database Authentication Bypass Vulnerability Two vulnerabilities were reported in EMC Smarts Network Configuration Manager. November 27, 2012 V-034: RSA Adaptive Authentication (On-Premise) Input Validation Flaws

Note: This page contains sample records for the topic "authentication bypass vulnerability" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


221

PAKE-based mutual HTTP authentication for preventing phishing attacks  

E-Print Network (OSTI)

This paper describes a new password-based mutual authentication protocol for Web systems which prevents various kinds of phishing attacks. This protocol provides a protection of user's passwords against any phishers even if dictionary attack is employed, and prevents phishers from imitating a false sense of successful authentication to users. The protocol is designed considering interoperability with many recent Web applications which requires many features which current HTTP authentication does not provide. The protocol is proposed as an Internet Draft submitted to IETF, and implemented in both server side (as an Apache extension) and client side (as a Mozilla-based browser and an IE-based one). The paper also proposes a new user-interface for this protocol which is always distinguishable from fake dialogs provided by phishers.

Oiwa, Yutaka; Takagi, Hiromitsu

2009-01-01T23:59:59.000Z

222

Quantum-Secure Authentication with a Classical Key  

E-Print Network (OSTI)

Authentication provides the trust people need to engage in transactions. The advent of physical keys that are impossible to copy promises to revolutionize this field. Up to now, such keys have been verified by classical challenge-response protocols. Such protocols are in general susceptible to emulation attacks. Here we demonstrate Quantum-Secure Authentication ("QSA") of an unclonable classical physical key in a way that is inherently secure by virtue of quantum-physical principles. Our quantum-secure authentication operates in the limit of a large number of channels, represented by the more than thousand degrees of freedom of an optical wavefront shaped with a spatial light modulator. This allows us to reach quantum security with weak coherent pulses of light containing dozens of photons, too few for an adversary to determine their complex spatial shapes, thereby rigorously preventing emulation.

Sebastianus A. Goorden; Marcel Horstmann; Allard P. Mosk; Boris kori?; Pepijn W. H. Pinkse

2014-06-03T23:59:59.000Z

223

U-186: IBM WebSphere Sensor Events Multiple Vulnerabilities  

Energy.gov (U.S. Department of Energy (DOE))

Some vulnerabilities have unknown impacts and others can be exploited by malicious people to conduct cross-site scripting attacks.

224

JC3 Medium Impact Assessment Bulletins | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

September 28, 2012 September 28, 2012 U-270:Trend Micro Control Manager Input Validation Flaw in Ad Hoc Query Module Lets Remote Users Inject SQL Commands Trend Micro has been notified of a potential product vulnerability in Control Manager. September 27, 2012 U-269: Cisco IOS Intrusion Prevention System DNS Processing Bug Lets Remote Users Deny Service A vulnerability was reported in Cisco IOS. September 26, 2012 U-268: Oracle Database Authentication Protocol Discloses Session Key Information to Remote Users A vulnerability was reported in Oracle Database. September 25, 2012 U-267: RSA® Authentication Agent 7.1 for Microsoft Windows® and RSA® Authentication Client 3.5 Access Control Vulnerability Multiple RSA Products Authentication Bypass Vulnerability September 21, 2012 U-265: HP SiteScope Bugs in SiteScope SOAP Feature Let Remote Users Obtain

225

Guide to Critical Infrastructure Protection Cyber Vulnerability Assessment  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

Guide to Critical Infrastructure Protection Cyber Vulnerability Guide to Critical Infrastructure Protection Cyber Vulnerability Assessment Guide to Critical Infrastructure Protection Cyber Vulnerability Assessment This document describes a customized process for cyber vulnerability assessment in compliance with the Critical Infrastructure Protection standards adopted by the North American Electric Reliability Corporation in 2006. This guide covers the planning, execution, and reporting process. Guide to Critical Infrastructure Protection Cyber Vulnerability Assessment More Documents & Publications Wireless System Considerations When Implementing NERC Critical Infrastructure Protection Standards New No-Cost ANTFARM Tool Maps Control System Networks to Help Implement Cyber Security Standards "Cybersecurity for State Regulators" - NARUC Primer (June 2012)

226

Guide to Critical Infrastructure Protection Cyber Vulnerability Assessment  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

Guide to Critical Infrastructure Protection Cyber Vulnerability Guide to Critical Infrastructure Protection Cyber Vulnerability Assessment Guide to Critical Infrastructure Protection Cyber Vulnerability Assessment This document describes a customized process for cyber vulnerability assessment in compliance with the Critical Infrastructure Protection standards adopted by the North American Electric Reliability Corporation in 2006. This guide covers the planning, execution, and reporting process. Guide to Critical Infrastructure Protection Cyber Vulnerability Assessment More Documents & Publications Wireless System Considerations When Implementing NERC Critical Infrastructure Protection Standards New No-Cost ANTFARM Tool Maps Control System Networks to Help Implement Cyber Security Standards "Cybersecurity for State Regulators" - NARUC Primer (June

227

T-616: PHP Stream Component Remote Denial of Service Vulnerability |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

6: PHP Stream Component Remote Denial of Service Vulnerability 6: PHP Stream Component Remote Denial of Service Vulnerability T-616: PHP Stream Component Remote Denial of Service Vulnerability May 5, 2011 - 12:59am Addthis PROBLEM: PHP Stream Component Remote Denial of Service Vulnerability PLATFORM: Ubuntu Linux PHP MandrakeSoft Corporate Server MandrakeSoft Enterprise Server MandrakeSoft Linux Mandrake ABSTRACT: PHP is prone to a remote denial-of-service vulnerability because the proxy server fails to handle certain FTP requests. An attacker can exploit this issue to crash the affected application, denying service to legitimate users. Versions prior to PHP 5.3.6 are vulnerable. reference LINKS: SecurityFocus IMPACT ASSESSMENT: Medium Discussion: PHP is prone to a remote denial-of-service vulnerability because the proxy server fails to handle certain FTP requests. An attacker can exploit this

228

Colombia-Cartagena Vulnerability Assessment | Open Energy Information  

Open Energy Info (EERE)

Colombia-Cartagena Vulnerability Assessment Colombia-Cartagena Vulnerability Assessment Jump to: navigation, search Name Colombia-CDKN-Cartagena Vulnerability Assessment Agency/Company /Organization Climate and Development Knowledge Network (CDKN), United Kingdom Department for International Development Sector Climate Topics Background analysis, Low emission development planning, Pathways analysis Website http://resilient-cities.iclei. Country Colombia UN Region South America References CDKN-Colombia-Cartagena Vulnerability Assessment[1] Colombia-CDKN-Cartagena Vulnerability Assessment Screenshot This article is a stub. You can help OpenEI by expanding it. References ↑ "CDKN-Colombia-Cartagena Vulnerability Assessment" Retrieved from "http://en.openei.org/w/index.php?title=Colombia-Cartagena_Vulnerability_Assessment&oldid=699760"

229

T-564: Vulnerabilities in Citrix Licensing administration components |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

4: Vulnerabilities in Citrix Licensing administration 4: Vulnerabilities in Citrix Licensing administration components T-564: Vulnerabilities in Citrix Licensing administration components February 24, 2011 - 7:00am Addthis PROBLEM: Vulnerabilities in Citrix Licensing administration components. PLATFORM: Citrix Licensing Administration Console, formerly known as the License Management Console. ABSTRACT: The vulnerabilities impact all current versions of the Citrix Licensing Administration Console, formerly known as the License Management Console. reference LINKS: Citrix ID:CTX128167 SecurityTracker Alert ID:1025123 Citrix Support IMPACT ASSESSMENT: Medium Discussion: Citrix has been made aware of a number of vulnerabilities in a third-party component that is used by the Citrix Licensing administration console. These vulnerabilities could potentially allow an unauthorized user to gain

230

U-013: HP Data Protector Multiple Unspecified Vulnerabilities | Department  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

3: HP Data Protector Multiple Unspecified Vulnerabilities 3: HP Data Protector Multiple Unspecified Vulnerabilities U-013: HP Data Protector Multiple Unspecified Vulnerabilities October 18, 2011 - 9:00am Addthis PROBLEM: HP Data Protector Multiple Unspecified Vulnerabilities. PLATFORM: HP Data Protector Notebook Extension 6.20; HP Data Protector for Personal Computers 7.0 ABSTRACT: Multiple vulnerabilities were reported in HP Data Protector. A remote user can execute arbitrary code on the target system. reference LINKS: HP Security Document ID: c03054543 SecurityTracker Alert ID: 1026195 Secunia Advisory: SA46468 CVE-2011-3156 CVE-2011-3157 CVE-2011-3158 CVE-2011-3159 CVE-2011-3160 CVE-2011-3161 CVE-2011-3162 IMPACT ASSESSMENT: High Discussion: Potential security vulnerabilities has been identified with HP Data Protector Notebook Extension. These vulnerabilities could be remotely

231

Using a PVS Embedding of CSP to Verify Authentication Protocols  

E-Print Network (OSTI)

Using a PVS Embedding of CSP to Verify Authentication Protocols To be presented at TPHOLs'97, Bell for a veri cation method described in 14]. The PVS formalization consists of a semantic embedding of CSP, 16, 12, 9]. In 14], Schneider presents such a method based on CSP 7]. The approach relies onageneral

Dutertre, Bruno

232

Using a PVS Embedding of CSP to Verify Authentication Protocols  

E-Print Network (OSTI)

Using a PVS Embedding of CSP to Verify Authentication Protocols To be presented at TPHOLs'97, Bell for a veri cation method described in 14]. The PVS formalization consists of a semantic embedding of CSP]. In 14], Schneider presents such a method based on CSP 7]. The approach relies onageneral

Doran, Simon J.

233

Using a PVS Embedding of CSP to Verify Authentication Protocols  

E-Print Network (OSTI)

Using a PVS Embedding of CSP to Verify Authentication Protocols To be presented at TPHOLs'97, Bell for a verification method described in [14]. The PVS formalization consists of a semantic embedding of CSP for this purpose [3, 16, 12, 9]. In [14], Schneider presents such a method based on CSP [7]. The approach relies

Dutertre, Bruno

234

Authenticity Issue in Performing Arts using Live Electronics  

E-Print Network (OSTI)

by the production process key elements for future assessment of authenticity. We will present some "case studies we intend to study the production process, and extract from the elements and traces left, the electronic processes are evaluated towards their robustness against changes of instrumentist, changes

Kouroupetroglou, Georgios

235

Robust RFID Authentication Protocol with Formal Proof and Its Feasibility  

E-Print Network (OSTI)

security models compatible with formal security analysis tools. We show that an RFID authentication, such as by letting us reference the price, origin and circulation route of specic goods. On the other hand-in-the-middle adversary and communication fault. We dene model and security proofs via a game-based approach makes our

236

Cryptographic Link Signatures for Spectrum Usage Authentication in Cognitive Radio  

E-Print Network (OSTI)

Cryptographic Link Signatures for Spectrum Usage Authentication in Cognitive Radio Xi Tan, Kapil frequency spectrum was inefficiently utilized. To fully use these spectrums, cognitive radio networks have of cognitive radio is to enable the current fixed spectrum channels assigned by Federal Communica- tions

Du, Wenliang "Kevin"

237

Final report for the mobile node authentication LDRD project.  

SciTech Connect

In hostile ad hoc wireless communication environments, such as battlefield networks, end-node authentication is critical. In a wired infrastructure, this authentication service is typically facilitated by a centrally-located ''authentication certificate generator'' such as a Certificate Authority (CA) server. This centralized approach is ill-suited to meet the needs of mobile ad hoc networks, such as those required by military systems, because of the unpredictable connectivity and dynamic routing. There is a need for a secure and robust approach to mobile node authentication. Current mechanisms either assign a pre-shared key (shared by all participating parties) or require that each node retain a collection of individual keys that are used to communicate with other individual nodes. Both of these approaches have scalability issues and allow a single compromised node to jeopardize the entire mobile node community. In this report, we propose replacing the centralized CA with a distributed CA whose responsibilities are shared between a set of select network nodes. To that end, we develop a protocol that relies on threshold cryptography to perform the fundamental CA duties in a distributed fashion. The protocol is meticulously defined and is implemented it in a series of detailed models. Using these models, mobile wireless scenarios were created on a communication simulator to test the protocol in an operational environment and to gather statistics on its scalability and performance.

Michalski, John T.; Lanzone, Andrew J.

2005-09-01T23:59:59.000Z

238

Recursive Linear and Differential Cryptanalysis of Ultralightweight Authentication Protocols  

E-Print Network (OSTI)

to privacy of consumers. In recent years, the cryptographic community have made an extensive effort Zahra Ahmadian, Mahmoud Salmasizadeh, and Mohammad Reza Aref Abstract--Privacy is faced to serious years have focused on design and analysis of privacy friendly ultralightweight authentication protocols

239

Secure Password-Based Authenticated Key Exchange for Web Services  

E-Print Network (OSTI)

sign-on, delegation, and identity. The Grid Security Infrastructure (GSI) is the name given so. 1.3 Security in Grid Computing Security is one of the major requirements of Grid computing. Any Grid site deployment must at least provide the basic security mechanisms including authentication

240

SP 800-38B. Recommendation for Block Cipher Modes of Operation: the CMAC Mode for Authentication  

Science Journals Connector (OSTI)

This Recommendation specifies a message authentication code (MAC) algorithm based on a symmetric key block cipher. This block cipher-based MAC algorithm, called CMAC, may be used to provide assurance of the authenticity and, hence, the integrity of binary ... Keywords: Authentication, block cipher, cryptography, information security, integrity, message authentication code, mode of operation.

Morris J. Dworkin

2005-05-01T23:59:59.000Z

Note: This page contains sample records for the topic "authentication bypass vulnerability" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


241

Demonstrated Petroleum Reduction Using Oil Bypass Filter Technology on Heavy and Light Vehicles  

NLE Websites -- All DOE Office Websites (Extended Search)

Demonstrated Petroleum Demonstrated Petroleum Reduction Using Oil Bypass Filter Technology on Heavy and Light Vehicles James Francfort (PI) Timothy Murphy Larry Zirker Oil Bypass Filter Technology Evaluation * Funded by the U.S. Department of Energy's FreedomCAR & Vehicle Technologies Program * Performed by Idaho National Engineering and Environmental Laboratory (INEEL) Fleet Operations * Goal - Support DOE's efforts to reduce petroleum consumption & ensure the energy security of the United States Oil Bypass Filter Technology Evaluation * Objectives - Test the concept of using oil bypass filters to minimize engine oil changes & the generation of waste oils - Demonstration the economics of oil bypass filter systems - Estimate potential engine oil saving from bypass filter technologies that can be achieved by INEEL,

242

Power grid vulnerability: A complex network approach  

Science Journals Connector (OSTI)

Power grids exhibit patterns of reaction to outages similar to complex networks. Blackout sequences follow power laws as complex systems operating near a critical point. Here the tolerance of electric power grids to both accidental and malicious outages is analyzed in the framework of complex network theory. In particular the quantity known as efficiency is modified by introducing a new concept of distance between nodes. As a result a new parameter called net-ability is proposed to evaluate the performance of power grids. A comparison between efficiency and net-ability is provided by estimating the vulnerability of sample networks in terms of both the metrics.

S. Arianos; E. Bompard; A. Carbone; F. Xue

2009-01-01T23:59:59.000Z

243

Social vulnerability indicators as a sustainable planning tool  

SciTech Connect

In the face of global warming and environmental change, the conventional strategy of resource centralization will not be able to cope with a future of increasingly extreme climate events and related disasters. It may even contribute to inter-regional disparities as a result of these events. To promote sustainable development, this study offers a case study of developmental planning in Chiayi, Taiwan and a review of the relevant literature to propose a framework of social vulnerability indicators at the township level. The proposed framework can not only be used to measure the social vulnerability of individual townships in Chiayi, but also be used to capture the spatial developmental of Chiayi. Seventeen social vulnerability indicators provide information in five dimensions. Owing to limited access to relevant data, the values of only 13 indicators were calculated. By simply summarizing indicators without using weightings and by using zero-mean normalization to standardize the indicators, this study calculates social vulnerability scores for each township. To make social vulnerability indicators more useful, this study performs an overlay analysis of social vulnerability and patterns of risk associated with national disasters. The social vulnerability analysis draws on secondary data for 2012 from Taiwan's National Geographic Information System. The second layer of analysis consists of the flood potential ratings of the Taiwan Water Resources Agency as an index of biophysical vulnerability. The third layer consists of township-level administrative boundaries. Analytical results reveal that four out of the 18 townships in Chiayi not only are vulnerable to large-scale flooding during serious flood events, but also have the highest degree of social vulnerability. Administrative boundaries, on which social vulnerability is based, do not correspond precisely to cross-administrative boundaries, which are characteristics of the natural environment. This study adopts an exploratory approach that provides Chiayi and other government agencies with a foundation for sustainable strategic planning for environmental change. The final section offers four suggestions concerning the implications of social vulnerability for local development planning. -- Highlights: This study proposes a framework of social vulnerability indicators at the township level in Chiayi County, Taiwan. Seventeen social vulnerability indicators are categorized into four dimensions. This study performs a three-layer overlay analysis of social vulnerability and natural disaster risk patterns. 4 out of the 18 townships not only have potential for large-scale flooding, but also high degree of social vulnerability. This study provides a foundation for sustainable strategic planning to deal with environmental change. Four suggestions are proposed regarding the implications of social vulnerability for local development planning.

Lee, Yung-Jaan, E-mail: yungjaanlee@gmail.com

2014-01-15T23:59:59.000Z

244

V-090: Adobe Flash Player / AIR Multiple Vulnerabilities | Department of  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

0: Adobe Flash Player / AIR Multiple Vulnerabilities 0: Adobe Flash Player / AIR Multiple Vulnerabilities V-090: Adobe Flash Player / AIR Multiple Vulnerabilities February 13, 2013 - 12:14am Addthis PROBLEM: Adobe Flash Player / AIR Multiple Vulnerabilities PLATFORM: Adobe Flash Player versions 11.5.502.149 and prior for Windows and Macintosh Adobe Flash Player versions 11.2.202.262 and prior for Linux Adobe Flash Player versions 11.1.115.37 and prior for Android 4.x Adobe Flash Player versions 11.1.111.32 and prior for Android 3.x and 2.x Adobe AIR versions 3.5.0.1060 and prior Adobe AIR versions 3.5.0.1060 SDK and prior ABSTRACT: Multiple vulnerabilities have been reported in Adobe Flash Player and AIR. REFERENCE LINKS: Vulnerability identifier: APSB13-05 Secunia Advisory SA52166 CVE-2013-0637 CVE-2013-0638 CVE-2013-0639

245

V-059: MoinMoin Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

9: MoinMoin Multiple Vulnerabilities 9: MoinMoin Multiple Vulnerabilities V-059: MoinMoin Multiple Vulnerabilities January 1, 2013 - 5:57am Addthis PROBLEM: MoinMoin Multiple Vulnerabilities PLATFORM: Version(s): MoinMoin 1.x ABSTRACT: Multiple vulnerabilities have been reported in MoinMoin, which can be exploited by malicious users to conduct script insertion attacks and compromise a vulnerable system and by malicious people to manipulate certain data. REFERENCE LINKS: Secunia Advisory SA51663 CVE-2012-6080 CVE-2012-6081 CVE-2012-6082 IMPACT ASSESSMENT: High DISCUSSION: 1) Certain input when handling the AttachFile action is not properly verified before being used to write files. This can be exploited to overwrite arbitrary files via directory traversal sequences. 2) The application allows the upload of files with arbitrary extensions to

246

U-122 Google Chrome Two Code Execution Vulnerabilities | Department of  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

2 Google Chrome Two Code Execution Vulnerabilities 2 Google Chrome Two Code Execution Vulnerabilities U-122 Google Chrome Two Code Execution Vulnerabilities March 12, 2012 - 7:00am Addthis PROBLEM: Google Chrome Two Code Execution Vulnerabilities PLATFORM: Google Chrome 17.x ABSTRACT: Two vulnerabilities have been reported in Google Chrome, which can be exploited by malicious people to compromise a user's system. reference LINKS: Secunia Advisory SA48321 SecurityTracker Alert ID: 1026776 CVE-2011-3046 IMPACT ASSESSMENT: High Discussion: A vulnerability was reported in Google Chrome. A remote user can cause arbitrary code to be executed on the target user's system. A remote user can create specially crafted HTML that, when loaded by the target user, will trigger an unspecified flaw and execute arbitrary code (outside of the

247

V-087: Adobe Flash Player Two Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

7: Adobe Flash Player Two Vulnerabilities 7: Adobe Flash Player Two Vulnerabilities V-087: Adobe Flash Player Two Vulnerabilities February 8, 2013 - 6:00am Addthis PROBLEM: Two vulnerabilities have been reported in Adobe Flash Player PLATFORM: Vulnerabilities are reported in the following versions: Adobe Flash Player versions 11.5.502.146 and earlier for Windows and Macintosh Adobe Flash Player versions 11.2.202.261 and earlier for Linux Adobe Flash Player versions 11.1.115.36 and earlier for Android 4.x Adobe Flash Player versions 11.1.111.31 and earlier for Android 3.x Adobe Flash Player versions 11.5.31.137 and earlier for Chrome users Adobe Flash Player versions 11.3.378.5 and earlier for Internet Explorer 10 users on Windows 8 ABSTRACT: Two vulnerabilities are reported as 0-day which can be exploited by

248

U-251: Bugzilla LDAP Injection and Information Disclosure Vulnerabilities |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

1: Bugzilla LDAP Injection and Information Disclosure 1: Bugzilla LDAP Injection and Information Disclosure Vulnerabilities U-251: Bugzilla LDAP Injection and Information Disclosure Vulnerabilities September 5, 2012 - 6:00am Addthis PROBLEM: Bugzilla LDAP Injection and Information Disclosure Vulnerabilities PLATFORM: Bugzilla 2.x Bugzilla 3.x Bugzilla 4.x ABSTRACT: Bugzilla is prone to an LDAP-injection vulnerability and an information-disclosure vulnerability reference LINKS: Bugzilla Homepage Bugzilla Security Advisory Bugtraq ID: 55349 Secunia Advisory SA50433 CVE-2012-3981 CVE-2012-4747 IMPACT ASSESSMENT: Medium Discussion: A vulnerability and a security issue have been reported, which can be exploited by malicious people to disclose potentially sensitive information and manipulate certain data. 1) Input passed via the username is not properly escaped before being used

249

T-578: Vulnerability in MHTML Could Allow Information Disclosure |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

8: Vulnerability in MHTML Could Allow Information Disclosure 8: Vulnerability in MHTML Could Allow Information Disclosure T-578: Vulnerability in MHTML Could Allow Information Disclosure March 15, 2011 - 3:05pm Addthis PROBLEM: Microsoft Windows is prone to a vulnerability that may allow attackers to inject arbitrary script code into the current browser session. PLATFORM: Windows 2003 SP2, Vista SP2, 2008 SP2, XP SP3, 7; and prior service packs ABSTRACT: A vulnerability was reported in Microsoft MHTML. A remote user can conduct cross-site scripting attacks. reference LINKS: Microsoft Security Advisory (2501696) CVE-2011-0096 SecurityTracker Alert ID: 1025003 Bugtraq ID: 46055 IMPACT ASSESSMENT: Moderate Discussion: The vulnerability exists due to the way MHTML interprets MIME-formatted requests for content blocks within a document. It is possible under certain

250

U-066: Mozilla Firefox / Thunderbird Multiple Vulnerabilities | Department  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

6: Mozilla Firefox / Thunderbird Multiple Vulnerabilities 6: Mozilla Firefox / Thunderbird Multiple Vulnerabilities U-066: Mozilla Firefox / Thunderbird Multiple Vulnerabilities December 22, 2011 - 6:30am Addthis PROBLEM: Mozilla Firefox / Thunderbird Multiple Vulnerabilities . PLATFORM: Mozilla Firefox 8.x and Mozilla Thunderbird 8.x ABSTRACT: Multiple vulnerabilities have been reported in Mozilla Firefox and Thunderbird. reference LINKS: Advisory 2011-53 Advisory 2011-54 Advisory 2011-55 Advisory 2011-56 Advisory 2011-57 Advisory 2011-58 Secunia Advisory: SA47302 IMPACT ASSESSMENT: High Discussion: Vulnerabilities have been reported in Mozilla Firefox and Thunderbird, where one has an unknown impact and others can be exploited by malicious people to disclose sensitive information and compromise a user's system. 1) Some unspecified errors can be exploited to corrupt memory. No further

251

V-126: Mozilla Firefox Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

6: Mozilla Firefox Multiple Vulnerabilities 6: Mozilla Firefox Multiple Vulnerabilities V-126: Mozilla Firefox Multiple Vulnerabilities April 4, 2013 - 6:00am Addthis PROBLEM: Mozilla Firefox Multiple Vulnerabilities PLATFORM: The vulnerabilities are reported in versions prior to 20.0 ABSTRACT: Multiple vulnerabilities have been reported in Mozilla Firefox, which can be exploited by malicious, local users to gain escalated privileges and by malicious people to conduct spoofing and cross-site scripting attacks and compromise a user's system. REFERENCE LINKS: Secunia Advisory SA52770 Secunia Advisory SA52293 Mozilla Security Announcement mfsa2013-30 Mozilla Security Announcement mfsa2013-31 Mozilla Security Announcement mfsa2013-32 Mozilla Security Announcement mfsa2013-34 Mozilla Security Announcement mfsa2013-35

252

V-224: Google Chrome Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

4: Google Chrome Multiple Vulnerabilities 4: Google Chrome Multiple Vulnerabilities V-224: Google Chrome Multiple Vulnerabilities August 22, 2013 - 1:05am Addthis PROBLEM: Multiple vulnerabilities have been reported in Google Chrome, where some have an unknown impact and others can be exploited by malicious, local users to disclose potentially sensitive information and by malicious people to compromise a user's system. PLATFORM: Google Chrome 28.x ABSTRACT: The vulnerabilities are reported in versions prior to 29.0.1547.57 REFERENCE LINKS: Secunia Advisory ID: 1028921 CVE-2013-2887 CVE-2013-2900 CVE-2013-2901 CVE-2013-2902 CVE-2013-2903 CVE-2013-2904 CVE-2013-2905 IMPACT ASSESSMENT: High DISCUSSION: Multiple vulnerabilities have been reported in Google Chrome, where some have an unknown impact and others can be exploited by malicious, local users to disclose

253

T-730: Vulnerability in Citrix Provisioning Services could result in  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

730: Vulnerability in Citrix Provisioning Services could result 730: Vulnerability in Citrix Provisioning Services could result in Arbitrary Code Execution T-730: Vulnerability in Citrix Provisioning Services could result in Arbitrary Code Execution September 29, 2011 - 8:30am Addthis PROBLEM: Vulnerability in Citrix Provisioning Services could result in Arbitrary Code Execution. PLATFORM: This vulnerability is present in all supported versions of Citrix Provisioning Services up to and including version 5.6 Service Pack 1. ABSTRACT: Citrix Provisioning Services is prone to a remote code-execution vulnerability. Successfully exploiting this issue will allow attackers to execute arbitrary code within the context of the application. reference LINKS: Citrix Document ID: CTX130846 Security Focus: Bugtraq ID 49803 IMPACT ASSESSMENT:

254

V-208: Google Chrome Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

8: Google Chrome Multiple Vulnerabilities 8: Google Chrome Multiple Vulnerabilities V-208: Google Chrome Multiple Vulnerabilities August 1, 2013 - 2:32am Addthis PROBLEM: Multiple unspecified vulnerabilities in Google Chrome before 28.0.1500.95 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. PLATFORM: Google Chrome 28.x ABSTRACT: Some vulnerabilities have been reported in Google Chrome which allows attackers to access and compromise a user's system. REFERENCE LINKS: Secunia Advisory SA54325 CVE-2013-2881 CVE-2013-2882 CVE-2013-2883 CVE-2013-2884 CVE-2013-2885 CVE-2013-2886 IMPACT ASSESSMENT: High DISCUSSION: Several vulnerabilities have been reported in Google Chrome, where some have an unknown impact and others can be exploited by malicious people to

255

T-542: SAP Crystal Reports Server Multiple Vulnerabilities | Department of  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

2: SAP Crystal Reports Server Multiple Vulnerabilities 2: SAP Crystal Reports Server Multiple Vulnerabilities T-542: SAP Crystal Reports Server Multiple Vulnerabilities January 25, 2011 - 2:30pm Addthis PROBLEM: SAP Crystal Reports Server Multiple Vulnerabilities. PLATFORM: Crystal Reports Server 2008 ABSTRACT: Multiple vulnerabilities in SAP Crystal Reports Server 2008, which can be exploited by malicious users to disclose potentially sensitive information and by malicious people to conduct cross-site scripting attacks, manipulate certain data, and compromise a user's system. reference LINKS: Secunia Advisory SA43060 Vulnerability Report: Crystal Reports Server 2008 IMPACT ASSESSMENT: High Discussion: 1) Input passed to the "actId" parameter in InfoViewApp/jsp/common/actionNav.jsp, "backUrl" parameter in

256

U-249: Google Chrome Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

49: Google Chrome Multiple Vulnerabilities 49: Google Chrome Multiple Vulnerabilities U-249: Google Chrome Multiple Vulnerabilities August 31, 2012 - 6:00am Addthis PROBLEM: Google Chrome Multiple Vulnerabilities PLATFORM: Google Chrome 21.x ABSTRACT: Multiple vulnerabilities have been reported in Google Chrome. reference LINKS: Secunia Advisory SA50447 Stable Channel Update CVE-2012-2865 CVE-2012-2866 CVE-2012-2867 CVE-2012-2868 CVE-2012-2869 CVE-2012-2870 CVE-2012-2871 CVE-2012-2872 IMPACT ASSESSMENT: High Discussion: Multiple vulnerabilities have been reported in Google Chrome, where some have an unknown impact and others can be exploited by malicious people to conduct cross-site scripting attacks and compromise a user's system. 1) An out-of-bounds read error exists when handling line breaks. 2) A bad cast error exists within run-ins.

257

V-092: Pidgin Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

2: Pidgin Multiple Vulnerabilities 2: Pidgin Multiple Vulnerabilities V-092: Pidgin Multiple Vulnerabilities February 15, 2013 - 6:00am Addthis PROBLEM: Multiple vulnerabilities have been reported in Pidgin PLATFORM: Vulnerabilities are reported in version 2.10.6. Prior versions may also be affected. ABSTRACT: Multiple vulnerabilities have been reported in Pidgin, which can be exploited by malicious people to manipulate certain data, cause a DoS (Denial of Service), and compromise a user's system. REFERENCE LINKS: Secunia Advisory SA52178 Pidgin CVE-2013-0271 CVE-2013-0272 CVE-2013-0273 CVE-2013-0274 IMPACT ASSESSMENT: High DISCUSSION: 1) An error within the MXit protocol plugin when saving images can be exploited to overwrite certain files. 2) A boundary error within the "mxit_cb_http_read()" function

258

V-214: Mozilla Firefox Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

4: Mozilla Firefox Multiple Vulnerabilities 4: Mozilla Firefox Multiple Vulnerabilities V-214: Mozilla Firefox Multiple Vulnerabilities August 8, 2013 - 2:16am Addthis PROBLEM: Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 23.0 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. PLATFORM: Mozilla Firefox 22.x ABSTRACT: The vulnerabilities are reported in versions prior to 23.0. REFERENCE LINKS: Secunia Advisory SA54418 CVE-2013-1701 CVE-2013-1702 CVE-2013-1704 CVE-2013-1705 CVE-2013-1706 CVE-2013-1707 CVE-2013-1709 CVE-2013-1710 CVE-2013-1711 CVE-2013-1713 CVE-2013-1714 CVE-2013-1717 IMPACT ASSESSMENT: High DISCUSSION: Multiple vulnerabilities have been reported in Mozilla Firefox, which can

259

T-542: SAP Crystal Reports Server Multiple Vulnerabilities | Department of  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

2: SAP Crystal Reports Server Multiple Vulnerabilities 2: SAP Crystal Reports Server Multiple Vulnerabilities T-542: SAP Crystal Reports Server Multiple Vulnerabilities January 25, 2011 - 2:30pm Addthis PROBLEM: SAP Crystal Reports Server Multiple Vulnerabilities. PLATFORM: Crystal Reports Server 2008 ABSTRACT: Multiple vulnerabilities in SAP Crystal Reports Server 2008, which can be exploited by malicious users to disclose potentially sensitive information and by malicious people to conduct cross-site scripting attacks, manipulate certain data, and compromise a user's system. reference LINKS: Secunia Advisory SA43060 Vulnerability Report: Crystal Reports Server 2008 IMPACT ASSESSMENT: High Discussion: 1) Input passed to the "actId" parameter in InfoViewApp/jsp/common/actionNav.jsp, "backUrl" parameter in

260

U-179: IBM Java 7 Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

9: IBM Java 7 Multiple Vulnerabilities 9: IBM Java 7 Multiple Vulnerabilities U-179: IBM Java 7 Multiple Vulnerabilities May 30, 2012 - 7:00am Addthis PROBLEM: IBM has acknowledged multiple vulnerabilities in IBM Java PLATFORM: IBM Java 7.x ABSTRACT: Vulnerabilities can be exploited by malicious users to disclose certain information and by malicious people to disclose potentially sensitive information, hijack a user's session, conduct DNS cache poisoning attacks, manipulate certain data, cause a DoS (Denial of Service), and compromise a vulnerable system. Reference Links: Secunia Advisory 49333 CVE-2011-3389 Vendor Advisory IMPACT ASSESSMENT: High Discussion: IBM released a patch to address vulerabilities in IBM Java 7. IBM 7 SR1 is available for download. Impact: Hijacking Manipulation of data Exposure of sensitive information

Note: This page contains sample records for the topic "authentication bypass vulnerability" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


261

V-059: MoinMoin Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

9: MoinMoin Multiple Vulnerabilities 9: MoinMoin Multiple Vulnerabilities V-059: MoinMoin Multiple Vulnerabilities January 1, 2013 - 5:57am Addthis PROBLEM: MoinMoin Multiple Vulnerabilities PLATFORM: Version(s): MoinMoin 1.x ABSTRACT: Multiple vulnerabilities have been reported in MoinMoin, which can be exploited by malicious users to conduct script insertion attacks and compromise a vulnerable system and by malicious people to manipulate certain data. REFERENCE LINKS: Secunia Advisory SA51663 CVE-2012-6080 CVE-2012-6081 CVE-2012-6082 IMPACT ASSESSMENT: High DISCUSSION: 1) Certain input when handling the AttachFile action is not properly verified before being used to write files. This can be exploited to overwrite arbitrary files via directory traversal sequences. 2) The application allows the upload of files with arbitrary extensions to

262

V-123: VMware ESX / ESXi libxml2 Buffer Underflow Vulnerability |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

3: VMware ESX / ESXi libxml2 Buffer Underflow Vulnerability 3: VMware ESX / ESXi libxml2 Buffer Underflow Vulnerability V-123: VMware ESX / ESXi libxml2 Buffer Underflow Vulnerability April 1, 2013 - 1:26am Addthis PROBLEM: VMware ESX / ESXi libxml2 Buffer Underflow Vulnerability PLATFORM: VMware ESX Server 4.x VMware ESXi 4.x VMware ESXi 5.x ABSTRACT: A vulnerability has been reported in VMware ESX and ESXi REFERENCE LINKS: VMware ESXi security update Secunia Advisory SA52844 CVE-2012-5134 IMPACT ASSESSMENT: High DISCUSSION: The ESXi userworld libxml2 library has been updated to resolve a security issue IMPACT: VMware ESX and ESXi can be exploited by malicious people to compromise a vulnerable system SOLUTION: The vendor has issued a fix, VMware ESXi 5.0, Patch Release ESXi500-201303001 (2044373) Addthis Related Articles U-128: VMware ESX/ESXi Buffer Overflow and Null Pointer Dereference Lets

263

V-087: Adobe Flash Player Two Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

7: Adobe Flash Player Two Vulnerabilities 7: Adobe Flash Player Two Vulnerabilities V-087: Adobe Flash Player Two Vulnerabilities February 8, 2013 - 6:00am Addthis PROBLEM: Two vulnerabilities have been reported in Adobe Flash Player PLATFORM: Vulnerabilities are reported in the following versions: Adobe Flash Player versions 11.5.502.146 and earlier for Windows and Macintosh Adobe Flash Player versions 11.2.202.261 and earlier for Linux Adobe Flash Player versions 11.1.115.36 and earlier for Android 4.x Adobe Flash Player versions 11.1.111.31 and earlier for Android 3.x Adobe Flash Player versions 11.5.31.137 and earlier for Chrome users Adobe Flash Player versions 11.3.378.5 and earlier for Internet Explorer 10 users on Windows 8 ABSTRACT: Two vulnerabilities are reported as 0-day which can be exploited by

264

V-105: Google Chrome Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

5: Google Chrome Multiple Vulnerabilities 5: Google Chrome Multiple Vulnerabilities V-105: Google Chrome Multiple Vulnerabilities March 6, 2013 - 12:09am Addthis PROBLEM: Google Chrome Multiple Vulnerabilities PLATFORM: Google Chrome prior to 25.0.1364.152. ABSTRACT: Multiple vulnerabilities have been reported in Google Chrome REFERENCE LINKS: Stable Channel Update Secunia Advisory SA52454 CVE-2013-0902 CVE-2013-0903 CVE-2013-0904 CVE-2013-0905 CVE-2013-0906 CVE-2013-0907 CVE-2013-0908 CVE-2013-0909 CVE-2013-0910 CVE-2013-0911 IMPACT ASSESSMENT: High DISCUSSION: Multiple vulnerabilities in Google Chrome may have an unknown impact and others can be exploited by malicious people to compromise a user's system. 1) A use-after-free error exists in frame loader. 2) A use-after-free error exists in browser navigation handling.

265

V-081: Wireshark Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

1: Wireshark Multiple Vulnerabilities 1: Wireshark Multiple Vulnerabilities V-081: Wireshark Multiple Vulnerabilities January 31, 2013 - 12:21am Addthis PROBLEM: Wireshark Multiple Vulnerabilities PLATFORM: The vulnerabilities are reported in versions prior to 1.8.5 and 1.6.13. ABSTRACT: Multiple vulnerabilities have been reported in Wireshark REFERENCE LINKS: Wireshark 1.8.5 Release Notes Secunia Advisory SA51968 IMPACT ASSESSMENT: High DISCUSSION: 1) Errors in the Bluetooth HCI, CSN.1, DCP-ETSI DOCSIS CM-STAUS, IEEE 802.3 Slow Protocols, MPLS, R3, RTPS, SDP, and SIP dissectors can be exploited to trigger infinite loops and consume CPU resources via specially crafted packets. 2) An error in the CLNP dissector when processing certain packets can be exploited to cause a crash via a specially crafted packet.

266

V-152: Cisco Unified Customer Voice Portal (CVP) Multiple Vulnerabilities |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

2: Cisco Unified Customer Voice Portal (CVP) Multiple 2: Cisco Unified Customer Voice Portal (CVP) Multiple Vulnerabilities V-152: Cisco Unified Customer Voice Portal (CVP) Multiple Vulnerabilities May 9, 2013 - 6:00am Addthis PROBLEM: Multiple vulnerabilities have been reported in Cisco Unified Customer Voice Portal (CVP) PLATFORM: The vulnerabilities are reported in versions prior to 9.0.1 ES 11 ABSTRACT: Various components of Cisco Unified CVP are affected. These vulnerabilities can be exploited independently; however, more than one vulnerability could be exploited on the same device. REFERENCE LINKS: Secunia Advisory SA53306 Cisco Advisory ID cisco-sa-20130508-cvp Cisco Applied Mitigation Bulletin CVE-2013-1220 CVE-2013-1221 CVE-2013-1222 CVE-2013-1223 CVE-2013-1224 CVE-2013-1225 IMPACT ASSESSMENT: Medium DISCUSSION:

267

V-081: Wireshark Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

1: Wireshark Multiple Vulnerabilities 1: Wireshark Multiple Vulnerabilities V-081: Wireshark Multiple Vulnerabilities January 31, 2013 - 12:21am Addthis PROBLEM: Wireshark Multiple Vulnerabilities PLATFORM: The vulnerabilities are reported in versions prior to 1.8.5 and 1.6.13. ABSTRACT: Multiple vulnerabilities have been reported in Wireshark REFERENCE LINKS: Wireshark 1.8.5 Release Notes Secunia Advisory SA51968 IMPACT ASSESSMENT: High DISCUSSION: 1) Errors in the Bluetooth HCI, CSN.1, DCP-ETSI DOCSIS CM-STAUS, IEEE 802.3 Slow Protocols, MPLS, R3, RTPS, SDP, and SIP dissectors can be exploited to trigger infinite loops and consume CPU resources via specially crafted packets. 2) An error in the CLNP dissector when processing certain packets can be exploited to cause a crash via a specially crafted packet.

268

U-179: IBM Java 7 Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

9: IBM Java 7 Multiple Vulnerabilities 9: IBM Java 7 Multiple Vulnerabilities U-179: IBM Java 7 Multiple Vulnerabilities May 30, 2012 - 7:00am Addthis PROBLEM: IBM has acknowledged multiple vulnerabilities in IBM Java PLATFORM: IBM Java 7.x ABSTRACT: Vulnerabilities can be exploited by malicious users to disclose certain information and by malicious people to disclose potentially sensitive information, hijack a user's session, conduct DNS cache poisoning attacks, manipulate certain data, cause a DoS (Denial of Service), and compromise a vulnerable system. Reference Links: Secunia Advisory 49333 CVE-2011-3389 Vendor Advisory IMPACT ASSESSMENT: High Discussion: IBM released a patch to address vulerabilities in IBM Java 7. IBM 7 SR1 is available for download. Impact: Hijacking Manipulation of data Exposure of sensitive information

269

V-178: IBM Data Studio Web Console Java Multiple Vulnerabilities |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

8: IBM Data Studio Web Console Java Multiple Vulnerabilities 8: IBM Data Studio Web Console Java Multiple Vulnerabilities V-178: IBM Data Studio Web Console Java Multiple Vulnerabilities June 14, 2013 - 6:00am Addthis PROBLEM: IBM has acknowledged a weakness and two vulnerabilities in IBM Data Studio PLATFORM: IBM Data Studio 3.x ABSTRACT: IBM Data Studio Web Console uses the IBM Java Runtime Environment (JRE) and might be affected by vulnerabilities in the IBM JRE REFERENCE LINKS: Secunia Advisory SA53778 IBM Flash Alert 1640533 CVE-2013-0169 CVE-2013-0440 CVE-2013-0443 IMPACT ASSESSMENT: High DISCUSSION: An unspecified vulnerability within the JSSE component could allow: 1) A remote attacker to cause a denial of service 2) To statistically observe the time necessary to generate/receive error messages and deduce the plaintext after a relatively small number of

270

V-074: IBM Informix Genero libpng Integer Overflow Vulnerability |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

4: IBM Informix Genero libpng Integer Overflow Vulnerability 4: IBM Informix Genero libpng Integer Overflow Vulnerability V-074: IBM Informix Genero libpng Integer Overflow Vulnerability January 22, 2013 - 12:11am Addthis PROBLEM: IBM Informix Genero libpng Integer Overflow Vulnerability PLATFORM: IBM Informix Genero releases prior to 2.41 - all platforms ABSTRACT: A vulnerability has been reported in libpng. REFERENCE LINKS: IBM Security Bulletin: 1620982 Secunia Advisory SA51905 Secunia Advisory SA48026 CVE-2011-3026 IMPACT ASSESSMENT: Medium DISCUSSION: The libpng library used by IBM Informix Genero contains an integer overflow vulnerability. If you use IBM Informix Genero to handle PNG (Portable Network Graphics) image files and an attacker causes your IBM Informix Genero program to open or display a malicious PNG file, your IBM Informix

271

V-092: Pidgin Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

2: Pidgin Multiple Vulnerabilities 2: Pidgin Multiple Vulnerabilities V-092: Pidgin Multiple Vulnerabilities February 15, 2013 - 6:00am Addthis PROBLEM: Multiple vulnerabilities have been reported in Pidgin PLATFORM: Vulnerabilities are reported in version 2.10.6. Prior versions may also be affected. ABSTRACT: Multiple vulnerabilities have been reported in Pidgin, which can be exploited by malicious people to manipulate certain data, cause a DoS (Denial of Service), and compromise a user's system. REFERENCE LINKS: Secunia Advisory SA52178 Pidgin CVE-2013-0271 CVE-2013-0272 CVE-2013-0273 CVE-2013-0274 IMPACT ASSESSMENT: High DISCUSSION: 1) An error within the MXit protocol plugin when saving images can be exploited to overwrite certain files. 2) A boundary error within the "mxit_cb_http_read()" function

272

V-001: Mozilla Security vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

1: Mozilla Security vulnerabilities 1: Mozilla Security vulnerabilities V-001: Mozilla Security vulnerabilities October 12, 2012 - 6:00am Addthis PROBLEM: Mozilla Security vulnerabilities PLATFORM: Vulnerabilities are reported in Firefox and Thunderbird versions prior to 16.0.1 and SeaMonkey versions prior to 2.13.1. ABSTRACT: Mozilla Firefox / Thunderbird / SeaMonkey Multiple Vulnerabilities REFERENCE LINKS: Secunia Advisory SA50932 Mozilla Security Blog Mozilla Foundation Security Advisory 2012-88 Mozilla Foundation Security Advisory 2012-89 SecurityTracker Alert ID: 1027653 SecurityTracker Alert ID: 1027652 SecurityTracker Alert ID: 1027651 CVE-2012-4190 CVE-2012-4191 CVE-2012-4192 CVE-2012-4193 IMPACT ASSESSMENT: High DISCUSSION: 1) The protected "location" object is accessible by other domain objects,

273

V-116: Google Picasa BMP and TIFF Images Processing Vulnerabilities |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

6: Google Picasa BMP and TIFF Images Processing Vulnerabilities 6: Google Picasa BMP and TIFF Images Processing Vulnerabilities V-116: Google Picasa BMP and TIFF Images Processing Vulnerabilities March 21, 2013 - 6:00am Addthis PROBLEM: Two vulnerabilities have been discovered in Google Picasa PLATFORM: Google Picasa Version 3.9.0 build 136.09 for Windows/3.9.14.34 for Mac ABSTRACT: Two vulnerabilities have been discovered in Google Picasa, which can be exploited by malicious people to compromise a user's system. REFERENCE LINKS: Secunia Advisory SA51652 Picasa Release Notes IMPACT ASSESSMENT: High DISCUSSION: 1) A sign extension error when processing the color table of a BMP image can be exploited to cause a heap-based buffer overflow via a BMP image with a specially crafted "biBitCount" field. 2) The application bundles a vulnerable version of LibTIFF.

274

T-550: Apache Denial of Service Vulnerability | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

550: Apache Denial of Service Vulnerability 550: Apache Denial of Service Vulnerability T-550: Apache Denial of Service Vulnerability February 4, 2011 - 3:03am Addthis PROBLEM: Apache 'APR-util' is prone to a vulnerability that may allow attackers to cause a denial-of-service condition. PLATFORM: Versions prior to 'APR-util' 1.3.10 are vulnerable. ABSTRACT: Apache 'APR-util' is prone to a vulnerability that may allow attackers to cause a denial-of-service condition. Memory leak in the apr_brigade_split_line function in buckets/apr_brigade.c in the Apache Portable Runtime Utility library (aka APR-util) before 1.3.10, as used in the mod_reqtimeout module in the Apache HTTP Server and other software, may allow remote users to cause a Denial of Service (DoS - memory consumption). reference LINKS: Securityfocus

275

E-Print Network 3.0 - aortocoronary bypass graft Sample Search...  

NLE Websites -- All DOE Office Websites (Extended Search)

Materials Summary: . Holmes, Jr., and H. V. Schaff. Aortocoronary bypass grafting with expanded polytetrafluoroethylene: 12... , synthetic polymers currently used as artificial...

276

E-Print Network 3.0 - artery bypass operations Sample Search...  

NLE Websites -- All DOE Office Websites (Extended Search)

by intravenous delivery of salt and water. This route of delivery bypasses ... Source: Brand, Paul H. - Department of Physiology and Pharmacology, University of Toledo...

277

Cyber Security Vulnerability Impact on I&C Reliability  

SciTech Connect

We present a discussion of the cyber security vulnerability impact on instrument and control reliability. In the discussion we demonstrate the likely vector of attack and vulnerabilities associated with commodity hardware, protocols and communication media. The current fleet of nuclear power plants in the United States utilizes aging analog instrument and control systems which are more frequently suffering from obsolescence and failure. The commodity equipment available now and in the near future incorporates features from information technology systems which compound cyber vulnerabilities.

Hadley, Mark D.; McBride, Justin B.

2006-11-01T23:59:59.000Z

278

JC3 Bulletin Archive | Department of Energy  

NLE Websites -- All DOE Office Websites (Extended Search)

Bulletin Archive Bulletin Archive JC3 Bulletin Archive RSS September 9, 2013 V-237: TYPO3 Security Bypass Vulnerabilities TYPO3 comes with the possibility to restrict editors to certain file actions (copy, delete, move etc.) and to restrict these actions to be performed in certain locations September 6, 2013 V-236: MediaWiki CentralAuth Extension Authentication Bypass Vulnerability A vulnerability has been reported in the CentralAuth extension for MediaWik that allows people to bypass certain security restrictions September 5, 2013 V-235: Cisco Mobility Services Engine Configuration Error Lets Remote Users Login Anonymously A vulnerability was reported in Cisco Mobility Services Engine where a remote user can login anonymously. September 4, 2013 V-234: EMC RSA Archer GRC Open Redirection Weakness and Security Bypass

279

GTRI: Removing Vulnerable Civilian Nuclear and Radiological Material |  

National Nuclear Security Administration (NNSA)

Removing Vulnerable Civilian Nuclear and Radiological Material | Removing Vulnerable Civilian Nuclear and Radiological Material | National Nuclear Security Administration Our Mission Managing the Stockpile Preventing Proliferation Powering the Nuclear Navy Emergency Response Recapitalizing Our Infrastructure Continuing Management Reform Countering Nuclear Terrorism About Us Our Programs Our History Who We Are Our Leadership Our Locations Budget Our Operations Media Room Congressional Testimony Fact Sheets Newsletters Press Releases Speeches Events Social Media Video Gallery Photo Gallery NNSA Archive Federal Employment Apply for Our Jobs Our Jobs Working at NNSA Blog Home > Media Room > Fact Sheets > GTRI: Removing Vulnerable Civilian Nuclear and Radiological Material Fact Sheet GTRI: Removing Vulnerable Civilian Nuclear and Radiological Material

280

GTRI: Removing Vulnerable Civilian Nuclear and Radiological Material |  

NLE Websites -- All DOE Office Websites (Extended Search)

Removing Vulnerable Civilian Nuclear and Radiological Material | Removing Vulnerable Civilian Nuclear and Radiological Material | National Nuclear Security Administration Our Mission Managing the Stockpile Preventing Proliferation Powering the Nuclear Navy Emergency Response Recapitalizing Our Infrastructure Continuing Management Reform Countering Nuclear Terrorism About Us Our Programs Our History Who We Are Our Leadership Our Locations Budget Our Operations Media Room Congressional Testimony Fact Sheets Newsletters Press Releases Speeches Events Social Media Video Gallery Photo Gallery NNSA Archive Federal Employment Apply for Our Jobs Our Jobs Working at NNSA Blog Home > Media Room > Fact Sheets > GTRI: Removing Vulnerable Civilian Nuclear and Radiological Material Fact Sheet GTRI: Removing Vulnerable Civilian Nuclear and Radiological Material

Note: This page contains sample records for the topic "authentication bypass vulnerability" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


281

Vulnerability in Climate Change Research: A Comprehensive Conceptual Framework  

E-Print Network (OSTI)

hazards assessments, for instance, have regarded naturaladdressing natural hazards and vulnerability assessments ad-assessment developed by Klein and Nicholls (1999) sees natural

Fssel, HansMartin

2005-01-01T23:59:59.000Z

282

AFTER A Framework for electrical power sysTems vulnerability...  

Open Energy Info (EERE)

Germany) Jump to: navigation, search Project Name AFTER A Framework for electrical power sysTems vulnerability identification, dEfense and Restoration Country Germany Coordinates...

283

Mapping Climate Change Vulnerability and Impact Scenarios - A...  

Open Energy Info (EERE)

Sub-national Planners Jump to: navigation, search Tool Summary LAUNCH TOOL Name: Mapping Climate Change Vulnerability and Impact Scenarios - A Guidebook for Sub-national Planners...

284

Antioch University and EPA Webinar: Assessing Vulnerability of...  

Energy Savers (EERE)

Antioch University and EPA Webinar: Assessing Vulnerability of Water Conveyance Infrastructure from a Changing Climate in the Context of a Changing Landscape Antioch University and...

285

Comprehensive Vulnerability and Threat Analysis | ornl.gov  

NLE Websites -- All DOE Office Websites (Extended Search)

Vulnerability and Threat Analysis Our world is characterized by ever-changing threats to critical facilities, national assets and international interests. Understanding...

286

Hardware device to physical structure binding and authentication  

DOE Patents (OSTI)

Detection and deterrence of device tampering and subversion may be achieved by including a cryptographic fingerprint unit within a hardware device for authenticating a binding of the hardware device and a physical structure. The cryptographic fingerprint unit includes an internal physically unclonable function ("PUF") circuit disposed in or on the hardware device, which generate an internal PUF value. Binding logic is coupled to receive the internal PUF value, as well as an external PUF value associated with the physical structure, and generates a binding PUF value, which represents the binding of the hardware device and the physical structure. The cryptographic fingerprint unit also includes a cryptographic unit that uses the binding PUF value to allow a challenger to authenticate the binding.

Hamlet, Jason R.; Stein, David J.; Bauer, Todd M.

2013-08-20T23:59:59.000Z

287

Improving the security of quantum direct communication with authentication  

E-Print Network (OSTI)

Two protocols of quantum direct communication with authentication [Phys. Rev. A {\\bf 73}, 042305 (2006)] are recently proposed by Lee, Lim and Yang. In this paper we will show that in the two protocols the authenticator Trent should be prevented from knowing the secret message of communication. The first protocol can be eavesdropped by Trent using the the intercept-measure-resend attack, while the second protocol can be eavesdropped by Trent using single-qubit measurement. To fix these leaks, I revise the original versions of the protocols by using the Pauli-Z operation $\\sigma_z$ instead of the original bit-flip operation $X$. As a consequence, the protocol securities are improved.

Zhan-jun Zhang

2006-04-18T23:59:59.000Z

288

Simultaneous Authentication and Certification of Arms-Control Measurement Systems  

SciTech Connect

Most arms-control-treaty-monitoring scenarios involve a host party that makes a declaration regarding its nuclear material or items and a monitoring party that verifies that declaration. A verification system developed for such a use needs to be trusted by both parties. The first concern, primarily from the host party's point of view, is that any sensitive information that is collected must be protected without interfering in the efficient operation of the facility being monitored. This concern is addressed in what can be termed a 'certification' process. The second concern, of particular interest to the monitoring party, is that it must be possible to confirm the veracity of both the measurement system and the data produced by this measurement system. The monitoring party addresses these issues during an 'authentication' process. Addressing either one of these concerns independently is relatively straightforward. However, it is more difficult to simultaneously satisfy host party certification concerns and monitoring party authentication concerns. Typically, both parties will want the final access to the measurement system. We will describe an alternative approach that allows both parties to gain confidence simultaneously. This approach starts with (1) joint development of the measurement system followed by (2) host certification of several copies of the system and (3) random selection by the inspecting party of one copy to be use during the monitoring visit and one (or more) copy(s) to be returned to the inspecting party's facilities for (4) further hardware authentication; any remaining copies are stored under joint seal for use as spares. Following this process, the parties will jointly (5) perform functional testing on the selected measurement system and then (6) use this system during the monitoring visit. Steps (1) and (2) assure the host party as to the certification of whichever system is eventually used in the monitoring visit. Steps (1), (3), (4), and (5) increase the monitoring party's confidence in the authentication of the measurement system.

MacArthur, Duncan W. [Los Alamos National Laboratory; Hauck, Danielle K. [Los Alamos National Laboratory; Thron, Jonathan L. [Los Alamos National Laboratory

2012-07-09T23:59:59.000Z

289

Authenticated group Diffie-Hellman key exchange: theory and practice  

SciTech Connect

Authenticated two-party Diffie-Hellman key exchange allows two principals A and B, communicating over a public network, and each holding a pair of matching public/private keys to agree on a session key. Protocols designed to deal with this problem ensure A (B resp.)that no other principals aside from B (A resp.) can learn any information about this value. These protocols additionally often ensure A and B that their respective partner has actually computed the shared secret value. A natural extension to the above cryptographic protocol problem is to consider a pool of principals agreeing on a session key. Over the years several papers have extended the two-party Diffie-Hellman key exchange to the multi-party setting but no formal treatments were carried out till recently. In light of recent developments in the formalization of the authenticated two-party Diffie-Hellman key exchange we have in this thesis laid out the authenticated group Diffie-Hellman key exchange on firmer foundations.

Chevassut, Olivier

2002-10-03T23:59:59.000Z

290

Vulnerability Analysis of Energy Delivery Control Systems  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

0-18381 0-18381 Vulnerability Analysis of Energy Delivery Control Systems September 2011 Idaho National Laboratory Idaho Falls, Idaho 83415 http://www.inl.gov Prepared for the U.S. Department of Energy Office of Electricity Delivery and Energy Reliability Under DOE Idaho Operations Office Contract DE-AC07-05ID14517 The INL is a U.S. Department of Energy National Laboratory operated by Battelle Energy Alliance DISCLAIMER This information was prepared as an account of work sponsored by an agency of the U.S. Government. Neither the U.S. Government nor any agency thereof, nor any of their employees, makes any warranty, expressed or implied, or assumes any legal liability or responsibility for the accuracy, completeness, or usefulness, of any information, apparatus, product, or

291

E-Print Network 3.0 - authentic cost calculations Sample Search...  

NLE Websites -- All DOE Office Websites (Extended Search)

cost calculations Search Powered by Explorit Topic List Advanced Search Sample search results for: authentic cost calculations Page: << < 1 2 3 4 5 > >> 1 A Lightweight...

292

E-Print Network 3.0 - authentications algorithms based Sample...  

NLE Websites -- All DOE Office Websites (Extended Search)

functionality based... . 2.1 Authentication systems and techniques ... Source: Brunato, Mauro - Dipartimento di Ingegneria e Scienza dell'Informazione, Universit di Trento...

293

E-Print Network 3.0 - authenticated key agreement Sample Search...  

NLE Websites -- All DOE Office Websites (Extended Search)

for authentication and managing and secret-key based proce... . An ... Source: Brunato, Mauro - Dipartimento di Ingegneria e Scienza dell'Informazione, Universit di Trento...

294

New foundations for efficient authentication, commutative cryptography, and private disjointness testing  

E-Print Network (OSTI)

This dissertation presents new constructions and security definitions related to three areas: authentication, cascadable and commutative crytpography, and private set operations. Existing works relevant to each of these ...

Weis, Stephen August, 1978-

2006-01-01T23:59:59.000Z

295

Counterfeit-resistant materials and a method and apparatus for authenticating materials  

DOE Patents (OSTI)

Fluorescent dichroic fibers randomly incorporated within a media provide an improved method for authentication and counterfeiting protection. The dichroism is provided by an alignment of fluorescent molecules along the length of the fibers. The fluorescent fibers provide an authentication mechanism of varying levels of capability. The authentication signature depends on four parameters; the x,y position, the dichroism and the local environment. The availability of so many non-deterministic variables makes production of counterfeit articles (e.g., currency, credit cards, etc.) essentially impossible. Counterfeit-resistant articles, an apparatus for authenticating articles, and a process for forming counterfeit-resistant media are also provided.

Ramsey, J. Michael (Knoxville, TN); Klatt, Leon N. (Oak Ridge, TN)

2000-01-01T23:59:59.000Z

296

Attacking Systems ecurity vulnerabilities related to buffer overruns  

E-Print Network (OSTI)

Attacking Systems S ecurity vulnerabilities related to buffer overruns account for the largest exploits that take ad- vantage of the vulnerability to attack a system. The traditional approach and even security profession- als seemingly assume that all buffer overrun exploits operate in a similar

Sekar, R.

297

Automatic Discovery of API-Level Vulnerabilities Vinod Ganapathy  

E-Print Network (OSTI)

Automatic Discovery of API-Level Vulnerabilities Vinod Ganapathy , Sanjit A. Seshia , Somesh Jha-MADISON COMPUTER SCIENCES TECHNICAL REPORT: UW-CS-TR-1512, JULY 2004. Abstract A system is vulnerable to an API-level attack if its security can be compromised by invoking an allowed sequence of operations from its API. We

Ganapathy, Vinod

298

HVAC filter bypass modelling and experimental validation Jeffrey A. Siegel1,*  

E-Print Network (OSTI)

standards that address HVAC filtration efficacy including ASHRAE Standard 52.2 (ASHRAE, 2007) and EN 779HVAC filter bypass modelling and experimental validation Jeffrey A. Siegel1,* , David B. Chojnowski of filter bypass, an ASHRAE Standard 52.2-2007 compliant apparatus was modified to accept filters

Siegel, Jeffrey

299

2009 ASHRAE 199 The issue of filter bypass has long been a topic of much  

E-Print Network (OSTI)

©2009 ASHRAE 199 ABSTRACT The issue of filter bypass has long been a topic of much interest in the HVAC industry, but to date, there has been limited work that quantifies the effect of bypass. A matrix consisting of filters ranging from MERV 2 to MERV 14, different gap geometries, and gap sizes

Siegel, Jeffrey

300

Mapping Climate Change Vulnerability and Impact Scenarios - A Guidebook for  

Open Energy Info (EERE)

Mapping Climate Change Vulnerability and Impact Scenarios - A Guidebook for Mapping Climate Change Vulnerability and Impact Scenarios - A Guidebook for Sub-national Planners Jump to: navigation, search Tool Summary Name: Mapping Climate Change Vulnerability and Impact Scenarios - A Guidebook for Sub-national Planners Agency/Company /Organization: United Nations Development Programme (UNDP) Resource Type: Guide/manual Website: www.beta.undp.org/content/dam/aplaws/publication/en/publications/envir Language: English Mapping Climate Change Vulnerability and Impact Scenarios - A Guidebook for Sub-national Planners Screenshot This guidebook assists planners working at the sub-national levels to identify and map the nature of current and future vulnerability to long-term climate change so that appropriate policies and intervention can

Note: This page contains sample records for the topic "authentication bypass vulnerability" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


301

V-173: Plesk 0-Day Vulnerability | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

3: Plesk 0-Day Vulnerability 3: Plesk 0-Day Vulnerability V-173: Plesk 0-Day Vulnerability June 7, 2013 - 6:00am Addthis PROBLEM: There is a command injection vulnerability in Plesk which is currently being exploited in the wild PLATFORM: Plesk versions 8.6, 9.0, 9.2, 9.3, and 9.5.4 ABSTRACT: The vulnerability is caused due to PHP misconfiguration in the affected application REFERENCE LINKS: Seclist.org TrendMicro SIB isc.sans.edu Paritynews.com slashdot.org IMPACT ASSESSMENT: High DISCUSSION: The exploit makes use of specially crafted HTTP queries that inject PHP commands. The exploit uses POST request to launch a PHP interpreter and the attacker can set any configuration parameters through the POST request. The exploit code published calls the PHP interpreter directly with allow_url_include=on, safe_mode=off and suhosin.simulation=on arguments.

302

T-731:Symantec IM Manager Code Injection Vulnerability | Department of  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

T-731:Symantec IM Manager Code Injection Vulnerability T-731:Symantec IM Manager Code Injection Vulnerability T-731:Symantec IM Manager Code Injection Vulnerability September 30, 2011 - 8:30am Addthis PROBLEM: Symantec IM Manager Code Injection Vulnerability. PLATFORM: IM Manager versions prior to 8.4.18 are affected. ABSTRACT: Symantec IM Manager is prone to a vulnerability that will let attackers run arbitrary code. referecnce LINKS: Symantec Security Advisory SYM11-012 Symantec Security Updates Bugtraq ID: 49742 IMPACT ASSESSMENT: High Discussion: Symantec was notified of Cross-Site Scripting and Code injection/execution issues present in the Symantec IM Manager management console. The management console fails to properly filter/validate external inputs. Successful exploitation of SQL Injection or Remote Code execution might

303

Assessing Climate Change Impacts, Vulnerability and Adaptation: The Case of  

Open Energy Info (EERE)

Impacts, Vulnerability and Adaptation: The Case of Impacts, Vulnerability and Adaptation: The Case of Pantabangan-Carranglan Watershed Jump to: navigation, search Name Assessing Climate Change Impacts, Vulnerability and Adaptation: The Case of Pantabangan-Carranglan Watershed Agency/Company /Organization World Agroforestry Centre Sector Land Focus Area Forestry Topics Adaptation, Background analysis, Co-benefits assessment Resource Type Publications Website http://www.worldagroforestry.o Country Philippines UN Region South-Eastern Asia References Assessing Climate Change Impacts, Vulnerability and Adaptation: The Case of Pantabangan-Carranglan Watershed[1] Assessing Climate Change Impacts, Vulnerability and Adaptation: The Case of Pantabangan-Carranglan Watershed Screenshot This article is a stub. You can help OpenEI by expanding it.

304

V-119: IBM Security AppScan Enterprise Multiple Vulnerabilities |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

9: IBM Security AppScan Enterprise Multiple Vulnerabilities 9: IBM Security AppScan Enterprise Multiple Vulnerabilities V-119: IBM Security AppScan Enterprise Multiple Vulnerabilities March 26, 2013 - 12:56am Addthis PROBLEM: IBM Security AppScan Enterprise Multiple Vulnerabilities PLATFORM: IBM Rational AppScan 5.x IBM Rational AppScan 8.x ABSTRACT: IBM has acknowledged multiple vulnerabilities REFERENCE LINKS: IBM Reference #:1626264 Secunia Advisory SA52764 CVE-2008-4033 CVE-2012-4431 CVE-2012-5081 CVE-2013-0473 CVE-2013-0474 CVE-2013-0510 CVE-2013-0511 CVE-2013-0512 CVE-2013-0513 CVE-2013-0532 IMPACT ASSESSMENT: Medium DISCUSSION: 1) The application allows users to perform certain actions via HTTP requests without performing proper validity checks to verify the requests. This can be exploited to e.g. cause a DoS when a logged-in user visits a

305

V-111: Multiple vulnerabilities have been reported in Puppet | Department  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

1: Multiple vulnerabilities have been reported in Puppet 1: Multiple vulnerabilities have been reported in Puppet V-111: Multiple vulnerabilities have been reported in Puppet March 14, 2013 - 12:12am Addthis PROBLEM: Multiple vulnerabilities have been reported in Puppet PLATFORM: Puppet 2.x Puppet 3.x Puppet Enterprise 1.x Puppet Enterprise 2.x ABSTRACT: Puppet Multiple Vulnerabilities REFERENCE LINKS: Puppet Blog Secunia Advisory SA52596 CVE-2013-1640 CVE-2013-1652 CVE-2013-1653 CVE-2013-1654 CVE-2013-1655 CVE-2013-2274 CVE-2013-2275 IMPACT ASSESSMENT: High DISCUSSION: 1) An unspecified error exists when invoking the "template" or "inline_template" functions while responding to a catalog request and can be exploited to execute arbitrary code via a specially crafted catalog request. 2) An input validation error exists in the application and can be exploited

306

U-174: Serendipity Unspecified SQL Injection Vulnerability | Department of  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

4: Serendipity Unspecified SQL Injection Vulnerability 4: Serendipity Unspecified SQL Injection Vulnerability U-174: Serendipity Unspecified SQL Injection Vulnerability May 22, 2012 - 7:00am Addthis PROBLEM: Serendipity Unspecified SQL Injection Vulnerability PLATFORM: 1.6.1 and prior versions ABSTRACT: A vulnerability was reported in Serendipity. A remote user can inject SQL commands. Reference Links: SecurityTracker Alert ID: 1027079 Secunia Advisory SA49234 CVE-2012-2762 IMPACT ASSESSMENT: Medium Discussion: The 'include/functions_trackbacks.inc.php' script does not properly validate user-supplied input. A remote user can supply a specially crafted parameter value to execute SQL commands on the underlying database. Impact: A remote user can execute SQL commands on the underlying database. Solution: The vendor has issued a fix (1.6.2).

307

T-625: Opera Frameset Handling Memory Corruption Vulnerability | Department  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

5: Opera Frameset Handling Memory Corruption Vulnerability 5: Opera Frameset Handling Memory Corruption Vulnerability T-625: Opera Frameset Handling Memory Corruption Vulnerability May 18, 2011 - 3:05pm Addthis PROBLEM: A vulnerability has been reported in Opera, which can be exploited by malicious people to compromise a user's system. PLATFORM: Opera versions prior to 11.11 ABSTRACT: The vulnerability is caused due to an error when handling certain frameset constructs during page unloading and can be exploited to corrupt memory via a specially crafted web page. reference LINKS: Secunia Advisory: SA44611 Opera Knowledge Base Opera 11.11 for Windows Opera Download Opera Mobile IMPACT ASSESSMENT: High Discussion: Framesets allow web pages to hold other pages inside them. Certain frameset constructs are not handled correctly when the page is unloaded, causing a

308

V-094: IBM Multiple Products Multiple Vulnerabilities | Department of  

NLE Websites -- All DOE Office Websites (Extended Search)

94: IBM Multiple Products Multiple Vulnerabilities 94: IBM Multiple Products Multiple Vulnerabilities V-094: IBM Multiple Products Multiple Vulnerabilities February 19, 2013 - 1:41am Addthis PROBLEM: IBM Multiple Products Multiple Vulnerabilities PLATFORM: IBM Maximo Asset Management versions 7.5, 7.1, and 6.2 IBM Maximo Asset Management Essentials versions 7.5, 7.1, and 6.2 IBM SmartCloud Control Desk version 7.5 IBM Tivoli Asset Management for IT versions 7.2, 7.1, and 6.2 IBM Tivoli Change and Configuration Management Database versions 7.2 and 7.1 IBM Tivoli Service Request Manager versions 7.2, 7.1, and 6.2 ABSTRACT: A weakness and multiple vulnerabilities have been reported in multiple IBM products. REFERENCE LINKS: IBM Reference #:1625624 IBM Product Security Incident Response Blog Secunia Advisory SA52132

309

Analyses Of Two End-User Software Vulnerability Exposure Metrics  

SciTech Connect

The risk due to software vulnerabilities will not be completely resolved in the near future. Instead, putting reliable vulnerability measures into the hands of end-users so that informed decisions can be made regarding the relative security exposure incurred by choosing one software package over another is of importance. To that end, we propose two new security metrics, average active vulnerabilities (AAV) and vulnerability free days (VFD). These metrics capture both the speed with which new vulnerabilities are reported to vendors and the rate at which software vendors fix them. We then examine how the metrics are computed using currently available datasets and demonstrate their estimation in a simulation experiment using four different browsers as a case study. Finally, we discuss how the metrics may be used by the various stakeholders of software and to software usage decisions.

Jason L. Wright; Miles McQueen; Lawrence Wellman

2012-08-01T23:59:59.000Z

310

V-022: Attachmate Reflection Products Java Multiple Vulnerabilities |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

2: Attachmate Reflection Products Java Multiple Vulnerabilities 2: Attachmate Reflection Products Java Multiple Vulnerabilities V-022: Attachmate Reflection Products Java Multiple Vulnerabilities November 13, 2012 - 1:00am Addthis PROBLEM: Attachmate Reflection Products Java Multiple Vulnerabilities PLATFORM: Reflection X 2011 Reflection Suite for X 2011 Reflection for Secure IT Server for Windows Reflection for Secure IT Client and Server for UNIX ABSTRACT: Security issues related to Reflection PKI Services Manager REFERENCE LINKS: PKI Services Manager Technical Note 2560 Secunia Advisory SA51256 CVE-2012-0551 CVE-2012-1711 CVE-2012-1713 CVE-2012-1716 CVE-2012-1717 CVE-2012-1718 CVE-2012-1719 CVE-2012-1720 CVE-2012-1721 CVE-2012-1722 CVE-2012-1723 CVE-2012-1724 CVE-2012-1725 CVE-2012-1726 IMPACT ASSESSMENT: High DISCUSSION: Attachmate has acknowledged multiple vulnerabilities in some Reflection

311

India-Vulnerability Assessment and Enhancing Adaptive Capacities to Climate  

Open Energy Info (EERE)

Vulnerability Assessment and Enhancing Adaptive Capacities to Climate Vulnerability Assessment and Enhancing Adaptive Capacities to Climate Change Jump to: navigation, search Name India-Vulnerability Assessment and Enhancing Adaptive Capacities to Climate Change Agency/Company /Organization Swiss Agency for Development and Cooperation Sector Energy, Land, Water Focus Area Agriculture Topics Co-benefits assessment, Background analysis Resource Type Lessons learned/best practices Website http://www.intercooperation.or Country India Southern Asia References India-Vulnerability Assessment and Enhancing Adaptive Capacities to Climate Change[1] India-Vulnerability Assessment and Enhancing Adaptive Capacities to Climate Change Screenshot Contents 1 Introduction [1] 2 Community-based Institutions [2] 3 Pasture Land Development [3]

312

Mitigations for Security Vulnerabilities Found in Control System Networks |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

Mitigations for Security Vulnerabilities Found in Control System Mitigations for Security Vulnerabilities Found in Control System Networks Mitigations for Security Vulnerabilities Found in Control System Networks Industry is aware of the need for Control System (CS) security, but in on-site assessments, Idaho National Laboratory (INL) has observed that security procedures and devices are not consistently and effectively implemented. The Department of Homeland Security (DHS), National Cyber Security Division (NCSD), established the Control Systems Security Center (CSSC) at INL to help industry and government improve the security of the CSs used in the nation's critical infrastructures. One of the main CSSC objectives is to identify control system vulnerabilities and develop effective mitigations for them. This paper discusses common problems and vulnerabilities seen in

313

V-173: Plesk 0-Day Vulnerability | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

3: Plesk 0-Day Vulnerability 3: Plesk 0-Day Vulnerability V-173: Plesk 0-Day Vulnerability June 7, 2013 - 6:00am Addthis PROBLEM: There is a command injection vulnerability in Plesk which is currently being exploited in the wild PLATFORM: Plesk versions 8.6, 9.0, 9.2, 9.3, and 9.5.4 ABSTRACT: The vulnerability is caused due to PHP misconfiguration in the affected application REFERENCE LINKS: Seclist.org TrendMicro SIB isc.sans.edu Paritynews.com slashdot.org IMPACT ASSESSMENT: High DISCUSSION: The exploit makes use of specially crafted HTTP queries that inject PHP commands. The exploit uses POST request to launch a PHP interpreter and the attacker can set any configuration parameters through the POST request. The exploit code published calls the PHP interpreter directly with allow_url_include=on, safe_mode=off and suhosin.simulation=on arguments.

314

JC3 Bulletin Archive | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

28, 2012 28, 2012 U-246: Tigase XMPP Dialback Protection Bypass Vulnerability A vulnerability has been reported in Tigase, which can be exploited by malicious people to bypass certain security restrictions. August 27, 2012 U-245: Critical Java 0-day flaw exploited Targeted attacks exploiting a zero-day Java vulnerability to deliver the Poison Ivy RAT onto the unsuspecting victims' machines August 27, 2012 U-244: McAfee Email Gateway Lets Remote Users Bypass Authentication and Conduct Cross-Site Scripting and Directory Traversal Attacks Several vulnerabilities were reported in McAfee Email Gateway. August 24, 2012 U-243: libvirt virTypedParameterArrayClear() Memory Access Error Lets Remote Users Deny Service A vulnerability was reported in libvirt. August 23, 2012 U-242: Linux Kernel Netlink SCM_CREDENTIALS Processing Flaw Lets Local

315

JC3 Bulletin Archive | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

28, 2012 28, 2012 V-057: eXtplorer "ext_find_user()" Authentication Bypass Vulnerability A vulnerability has been reported in eXtplorer, which can be exploited by malicious people to bypass certain security restrictions. December 27, 2012 V-056: FreeType BDF Glyph Processing Buffer Overflow Vulnerability Several vulnerabilities were reported in FreeType. A remote user can cause arbitrary code to be executed on the target user's system. December 26, 2012 V-055: Firefly Media Server Null Pointer Dereference Lets Remote Users Deny Service A vulnerability was reported in Firefly Media Server December 25, 2012 V-054: IBM WebSphere Application Server for z/OS Arbitrary Command Execution Vulnerability A vulnerability was reported in the IBM HTTP Server component 5.3 in IBM

316

Chlamydial DNA polymerase I can bypass lesions in vitro  

SciTech Connect

We found that DNA polymerase I from Chlamydiophila pneumoniae AR39 (CpDNApolI) presents DNA-dependent DNA polymerase activity, but has no detectable 3' exonuclease activity. CpDNApolI-dependent DNA synthesis was performed using DNA templates carrying different lesions. DNAs containing 2'-deoxyuridine (dU), 2'-deoxyinosine (dI) or 2'-deoxy-8-oxo-guanosine (8-oxo-dG) served as templates as effectively as unmodified DNAs for CpDNApolI. Furthermore, the CpDNApolI could bypass natural apurinic/apyrimidinic sites (AP sites), deoxyribose (dR), and synthetic AP site tetrahydrofuran (THF). CpDNApolI could incorporate any dNMPs opposite both of dR and THF with the preference to dAMP-residue. CpDNApolI preferentially extended primer with 3'-dAMP opposite dR during DNA synthesis, however all four primers with various 3'-end nucleosides (dA, dT, dC, and dG) opposite THF could be extended by CpDNApolI. Efficiently bypassing of AP sites by CpDNApolI was hypothetically attributed to lack of 3' exonuclease activity.

Liu Xipeng [College of Life Sciences and Technology, Shanghai Jiaotong University, 800 Dongchuan Road, Shanghai 200240 (China); Hou Jingli [College of Life Sciences and Technology, Shanghai Jiaotong University, 800 Dongchuan Road, Shanghai 200240 (China); Liu Jianhua [College of Life Sciences and Technology, Shanghai Jiaotong University, 800 Dongchuan Road, Shanghai 200240 (China)]. E-mail: jianhualiudl@sjtu.edu.cn

2006-07-07T23:59:59.000Z

317

Rankine cycle condenser pressure control using an energy conversion device bypass valve  

DOE Patents (OSTI)

The disclosure provides a waste heat recovery system and method in which pressure in a Rankine cycle (RC) system of the WHR system is regulated by diverting working fluid from entering an inlet of an energy conversion device of the RC system. In the system, an inlet of a controllable bypass valve is fluidly coupled to a working fluid path upstream of an energy conversion device of the RC system, and an outlet of the bypass valve is fluidly coupled to the working fluid path upstream of the condenser of the RC system such that working fluid passing through the bypass valve bypasses the energy conversion device and increases the pressure in a condenser. A controller determines the temperature and pressure of the working fluid and controls the bypass valve to regulate pressure in the condenser.

Ernst, Timothy C; Nelson, Christopher R; Zigan, James A

2014-04-01T23:59:59.000Z

318

Benjamin Livshits and Monica S. Lam 1. PHPList Admin Page SQL Injection Vulnerability  

E-Print Network (OSTI)

Escalation Vulnerability 8. Vim ModeLines Further Variant Arbitrary Command Execution Vulnerability 9. Zlib Local Race Condition Privilege Escalation Vulnerability 8. Vim ModeLines Further Variant Arbitrary

Livshits, Ben

319

V-051: Oracle Solaris Java Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

1: Oracle Solaris Java Multiple Vulnerabilities 1: Oracle Solaris Java Multiple Vulnerabilities V-051: Oracle Solaris Java Multiple Vulnerabilities December 20, 2012 - 12:15am Addthis PROBLEM: Oracle Solaris Java Multiple Vulnerabilities PLATFORM: Oracle Solaris 11.x ABSTRACT: Oracle has acknowledged multiple vulnerabilities in Java included in Solaris REFERENCE LINKS: Secunia Advisory: SA51618 Secunia Advisory: SA50949 Third Party Vulnerability Resolution Blog in Java 7U9 Third Party Vulnerability Resolution Blog in Java 6U37 CVE-2012-1531 CVE-2012-1532 CVE-2012-1533 CVE-2012-3143 CVE-2012-3159 CVE-2012-3216 CVE-2012-4416 CVE-2012-5067 CVE-2012-5068 CVE-2012-5069 CVE-2012-5070 CVE-2012-5071 CVE-2012-5072 CVE-2012-5073 CVE-2012-5074 CVE-2012-5075 CVE-2012-5076 CVE-2012-5077 CVE-2012-5079 CVE-2012-5081 CVE-2012-5083 CVE-2012-5084

320

Authentication of medicinal plant material by DNA fingerprinting  

Science Journals Connector (OSTI)

Based on their positive therapeutic results, herbal medicines are gaining popularity worldwide for human wellbeing and healthcare. Unfortunately, one major hurdle that might impair their potential future as 'medicine of choice' is the lack of standardisation. Many scientific studies on adulteration of herbal medicines have demonstrated that health consequences of adulterants may vary from life threatening to death. Fortunately, the breakthrough in genetic analysis and identification promise herbal medicines challenging era. Genetics permit the capacity to police adulterants to protect patients and public from dangerous fraud. This article highlights useful analytical techniques that can be employed to analyse DNA for quality assurance, control and authentication of medicinal plant species.

Sundus Tewfik

2008-01-01T23:59:59.000Z

Note: This page contains sample records for the topic "authentication bypass vulnerability" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


321

CSP, PVS and a Recursive Authentication Protocol Jeremy Bryans and Steve Schneider  

E-Print Network (OSTI)

CSP, PVS and a Recursive Authentication Protocol Jeremy Bryans and Steve Schneider Department In this paper we consider the nature of machine proofs used in the CSP approach to the veri cation of authentication protocols using the process algebra CSP Hoa85]. The CSP syntax provides a natural and precise way

Doran, Simon J.

322

A Trustful Authentication and Key Exchange Scheme (TAKES) for Ad Hoc Networks  

E-Print Network (OSTI)

A Trustful Authentication and Key Exchange Scheme (TAKES) for Ad Hoc Networks Tony Cheneau National public key distribution scheme adapted to ad hoc networks called TAKES for Trustful Authentication, or even implementing a light naming system can be enabled on top of ad hoc networks. TAKES is formally

Paris-Sud XI, Université de

323

Dynamic Key-Updating: Privacy-Preserving Authentication for RFID Systems , Jinsong Han2  

E-Print Network (OSTI)

Dynamic Key-Updating: Privacy-Preserving Authentication for RFID Systems Li Lu1 , Jinsong Han2 an emerging requirement ­ protecting user privacy [13] in RFID authentications. In most RFID systems, tags sensitive information. For example, without pri- vacy protection, any reader can identify a consumer's ID

Liu, Yunhao

324

Dynamic Key-Updating: Privacy-Preserving Authentication for RFID Systems , Jinsong Han2  

E-Print Network (OSTI)

- sitive information. For example, without privacy pro- tection, any reader can identify a consumer's IDDynamic Key-Updating: Privacy-Preserving Authentication for RFID Systems Li Lu1 , Jinsong Han2 an emerging requirement ­ protecting user privacy [13] in RFID authentications. In most RFID systems, tags

Liu, Yunhao

325

End-to-end aggregate authentication of time-series data  

Science Journals Connector (OSTI)

We consider the problem of providing integrity of aggregate result in the presence of an untrusted data aggregator who may introduce errors into data fusion, causing the final aggregate result to far deviate from the true result determined by participating ... Keywords: aggregate authentication, computation over authenticated data, time-series

Di Ma; Yan Zhu; Mengyang Yu

2013-05-01T23:59:59.000Z

326

Comparative studies on authentication and key exchange methods for 802.11 wireless LAN  

Science Journals Connector (OSTI)

IEEE 802.11 wireless LAN has become one of the hot topics on the design and development of network access technologies. In particular, its authentication and key exchange (AKE) aspects, which form a vital building block for modern security mechanisms, ... Keywords: Authentication, Confidentiality, Key exchange, Security, WLAN

Jun Lei, Xiaoming Fu, Dieter Hogrefe, Jianrong Tan

2007-08-01T23:59:59.000Z

327

eSeal -A System for Enhanced Electronic Assertion of Authenticity and Integrity  

E-Print Network (OSTI)

in the network and a communication protocol. The system is able to control various kinds of integrity settings to claim and assert the authenticity and integrity of goods, documents or other valued objects in storageeSeal - A System for Enhanced Electronic Assertion of Authenticity and Integrity Christian Decker1

Beigl, Michael

328

AUDIO FORENSIC AUTHENTICATION BASED ON MOCC BETWEEN ENF AND REFERENCE SIGNALS  

E-Print Network (OSTI)

AUDIO FORENSIC AUTHENTICATION BASED ON MOCC BETWEEN ENF AND REFERENCE SIGNALS Zhisheng Lv1 of Warwick, Coventry CV4 7AL, UK ABSTRACT This paper proposes a new audio authenticity detection algorithm Frequency) signal and the reference signal. We first extract the ENF signal from a query audio signal

Li, Chang-Tsun

329

US Energy Sector Vulnerabilities to Climate Change  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

On the cover: Trans-Alaska oil pipeline; aerial view of New Jersey refinery; coal barges on Mississippi River in St. Paul, Minnesota; power plant in Prince On the cover: Trans-Alaska oil pipeline; aerial view of New Jersey refinery; coal barges on Mississippi River in St. Paul, Minnesota; power plant in Prince George's County, Maryland; Grand Coulee Dam in Washington State; corn field near Somers, Iowa; wind turbines in Texas. Photo credits: iStockphoto U.S. ENERGY SECTOR VULNERABILITIES TO CLIMATE CHANGE AND EXTREME WEATHER Acknowledgements This report was drafted by the U.S. Department of Energy's Office of Policy and International Affairs (DOE-PI) and the National Renewable Energy Laboratory (NREL). The coordinating lead author and a principal author was Craig Zamuda of DOE-PI; other principal authors included Bryan Mignone of DOE-PI, and Dan Bilello, KC Hallett, Courtney Lee, Jordan Macknick, Robin Newmark, and Daniel Steinberg of NREL. Vince Tidwell of Sandia National Laboratories, Tom Wilbanks of

330

New Seals - Vulnerability Assessment Team - Nuclear Engineering Division  

NLE Websites -- All DOE Office Websites (Extended Search)

More Information More Information VAT Projects Introducing the VAT Adversarial Vulnerability Assessments Safety Tags & Product Counterfeiting Election Security Spoofing GPS Defeating Existing Tamper-Indicating Seals Specialty Field Tools & Sampling Tools Insider Threat Mitigation Drug Testing Security Microprocessor Prototypes The Journal of Physical Security Vulnerability Assessments Vulnerability Assessments Insanely Fast µProcessor Shop Insanely Fast µProcessor Shop Seals About Seals Applications of Seals Common Myths about Tamper Indicating Seals Definitions Findings and Lessons Learned New Seals Types of Seals Seals References Selected VAT Papers Selected VAT Papers Selected Invited Talks Self-Assessment Survey Security Maxims Devil's Dictionary of Security Terms Argonne's VAT (brochure)

331

Insanely Fast Microprocessor Shop - Vulnerability Assessment Team - Nuclear  

NLE Websites -- All DOE Office Websites (Extended Search)

Insanely Fast Microprocessor Shop Insanely Fast Microprocessor Shop VAT Projects Introducing the VAT Adversarial Vulnerability Assessments Safety Tags & Product Counterfeiting Election Security Spoofing GPS Defeating Existing Tamper-Indicating Seals Specialty Field Tools & Sampling Tools Insider Threat Mitigation Drug Testing Security Microprocessor Prototypes The Journal of Physical Security Vulnerability Assessments Vulnerability Assessments Insanely Fast µProcessor Shop Insanely Fast µProcessor Shop Seals About Seals Applications of Seals Common Myths about Tamper Indicating Seals Definitions Findings and Lessons Learned New Seals Types of Seals Seals References Selected VAT Papers Selected VAT Papers Selected Invited Talks Self-Assessment Survey Security Maxims Devil's Dictionary of Security Terms

332

About Seals - Vulnerability Assessment Team - Nuclear Engineering Division  

NLE Websites -- All DOE Office Websites (Extended Search)

Seals Seals VAT Projects Introducing the VAT Adversarial Vulnerability Assessments Safety Tags & Product Counterfeiting Election Security Spoofing GPS Defeating Existing Tamper-Indicating Seals Specialty Field Tools & Sampling Tools Insider Threat Mitigation Drug Testing Security Microprocessor Prototypes The Journal of Physical Security Vulnerability Assessments Vulnerability Assessments Insanely Fast µProcessor Shop Insanely Fast µProcessor Shop Seals About Seals Applications of Seals Common Myths about Tamper Indicating Seals Definitions Findings and Lessons Learned New Seals Types of Seals Seals References Selected VAT Papers Selected VAT Papers Selected Invited Talks Self-Assessment Survey Security Maxims Devil's Dictionary of Security Terms Argonne's VAT (brochure)

333

Findings and Lessons, Seals - Vulnerability Assessment Team - Nuclear  

NLE Websites -- All DOE Office Websites (Extended Search)

Findings and Lessons Learned Findings and Lessons Learned VAT Projects Introducing the VAT Adversarial Vulnerability Assessments Safety Tags & Product Counterfeiting Election Security Spoofing GPS Defeating Existing Tamper-Indicating Seals Specialty Field Tools & Sampling Tools Insider Threat Mitigation Drug Testing Security Microprocessor Prototypes The Journal of Physical Security Vulnerability Assessments Vulnerability Assessments Insanely Fast µProcessor Shop Insanely Fast µProcessor Shop Seals About Seals Applications of Seals Common Myths about Tamper Indicating Seals Definitions Findings and Lessons Learned New Seals Types of Seals Seals References Selected VAT Papers Selected VAT Papers Selected Invited Talks Self-Assessment Survey Security Maxims Devil's Dictionary of Security Terms

334

Rapid Sampling from Sealed Containers - Vulnerability Assessment Team -  

NLE Websites -- All DOE Office Websites (Extended Search)

Nonproliferation and Nonproliferation and National Security > VAT > Current Projects > Rapid Sampling Tools > ... from Sealed Containers VAT Projects Introducing the VAT Adversarial Vulnerability Assessments Safety Tags & Product Counterfeiting Election Security Spoofing GPS Defeating Existing Tamper-Indicating Seals Specialty Field Tools & Sampling Tools Tamper & Intrusion Detection Rapid Sampling from Sealed Containers Demo video Insider Threat Mitigation Drug Testing Security Microprocessor Prototypes The Journal of Physical Security Vulnerability Assessments Vulnerability Assessments Insanely Fast µProcessor Shop Insanely Fast µProcessor Shop Seals About Seals Applications of Seals Common Myths about Tamper Indicating Seals Definitions Findings and Lessons Learned

335

Common Myths about Tamper Indicating Seals - Vulnerability Assessment Team  

NLE Websites -- All DOE Office Websites (Extended Search)

Common Myths about Tamper Common Myths about Tamper Indicating Seals VAT Projects Introducing the VAT Adversarial Vulnerability Assessments Safety Tags & Product Counterfeiting Election Security Spoofing GPS Defeating Existing Tamper-Indicating Seals Specialty Field Tools & Sampling Tools Insider Threat Mitigation Drug Testing Security Microprocessor Prototypes The Journal of Physical Security Vulnerability Assessments Vulnerability Assessments Insanely Fast µProcessor Shop Insanely Fast µProcessor Shop Seals About Seals Applications of Seals Common Myths about Tamper Indicating Seals Definitions Findings and Lessons Learned New Seals Types of Seals Seals References Selected VAT Papers Selected VAT Papers Selected Invited Talks Self-Assessment Survey Security Maxims Devil's Dictionary of Security Terms

336

JC3 High Impact Assessment Bulletins | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

June 13, 2012 June 13, 2012 U-190: Microsoft Security Bulletin MS12-037 - Critical This security update resolves one publicly disclosed and twelve privately reported vulnerabilities in Internet Explorer. June 12, 2012 U-188: MySQL User Login Security Bypass and Unspecified Vulnerability An error when verifying authentication attempts can be exploited to bypass the authentication mechanism. June 11, 2012 U-187: Adobe Flash Player Multiple Vulnerabilities Adobe released security updates for Adobe Flash Player 11.2.202.235 and earlier versions for Windows, Macintosh and Linux, Adobe Flash Player 11.1.115.8 and earlier versions for Android 4.x, and Adobe Flash Player 11.1.111.9 and earlier versions for Android 3.x and 2.x. These updates address vulnerabilities that could cause a crash and potentially allow an

337

A Novel Trigon based Dual Authentication Protocol for Enhancing Security in Grid Environment  

E-Print Network (OSTI)

In recent times, a necessity has been raised in order to distribute computing applications often across grids. These applications are dependent on the services like data transfer or data portal services as well as submission of jobs. Security is of utmost importance in grid computing applications as grid resources are heterogeneous, dynamic, and multidomain. Authentication remains as the significant security challenge in grid environment. In traditional authentication protocol a single server stores the sensitive user credentials, like username and password. When such a server is compromised, a large number of user passwords, will be exposed. Our proposed approach uses a dual authentication protocol in order to improve the authentication service in grid environment. The protocol utilizes the fundamental concepts of trigon and based on the parameters of the trigon the user authentication will be performed. In the proposed protocol, the password is interpreted and alienated into more than one unit and these uni...

Ruckmani, V

2010-01-01T23:59:59.000Z

338

Pre-test CFD Calculations for a Bypass Flow Standard Problem  

SciTech Connect

The bypass flow in a prismatic high temperature gas-cooled reactor (HTGR) is the flow that occurs between adjacent graphite blocks. Gaps exist between blocks due to variances in their manufacture and installation and because of the expansion and shrinkage of the blocks from heating and irradiation. Although the temperature of fuel compacts and graphite is sensitive to the presence of bypass flow, there is great uncertainty in the level and effects of the bypass flow. The Next Generation Nuclear Plant (NGNP) program at the Idaho National Laboratory has undertaken to produce experimental data of isothermal bypass flow between three adjacent graphite blocks. These data are intended to provide validation for computational fluid dynamic (CFD) analyses of the bypass flow. Such validation data sets are called Standard Problems in the nuclear safety analysis field. Details of the experimental apparatus as well as several pre-test calculations of the bypass flow are provided. Pre-test calculations are useful in examining the nature of the flow and to see if there are any problems associated with the flow and its measurement. The apparatus is designed to be able to provide three different gap widths in the vertical direction (the direction of the normal coolant flow) and two gap widths in the horizontal direction. It is expected that the vertical bypass flow will range from laminar to transitional to turbulent flow for the different gap widths that will be available.

Rich Johnson

2011-11-01T23:59:59.000Z

339

Evaluation of a Stirling engine heater bypass with the NASA Lewis nodal-analysis performance code  

SciTech Connect

In support of the US Department of Energy's Stirling Engine Highway Vehicle Systems program, the NASA Lewis Research Center investigated whether bypassing the P-40 Stirling engine heater during regenerative cooling would improve the engine thermal efficiency. The investigation was accomplished by using the Lewis nodal-analysis Stirling engine computer model. Bypassing the P-40 Stirling engine heater at full power resulted in a rise in the indicated thermal efficiency from 40.6 to 41.0 percent. For the idealized (some losses not included) heater bypass that was analyzed, this benefit is not considered significant.

Sullivan, T.J.

1986-05-01T23:59:59.000Z

340

U-197: Cisco Adaptive Security Appliances Denial of Service Vulnerability |  

NLE Websites -- All DOE Office Websites (Extended Search)

97: Cisco Adaptive Security Appliances Denial of Service 97: Cisco Adaptive Security Appliances Denial of Service Vulnerability U-197: Cisco Adaptive Security Appliances Denial of Service Vulnerability June 22, 2012 - 7:00am Addthis PROBLEM: A vulnerability has been reported in Cisco Adaptive Security Appliances (ASA), which can be exploited by malicious people to cause a DoS (Denial of Service). PLATFORM: Cisco Adaptive Security Appliance (ASA) 8.x Cisco ASA 5500 Series Adaptive Security Appliances ABSTRACT: The vulnerability is caused due to an unspecified error when handling IPv6 transit traffic and can be exploited to cause a reload of the affected device. reference LINKS: Vendor Advisory Secunia ID 49647 CVE-2012-3058 IMPACT ASSESSMENT: High Discussion: Cisco ASA 5500 Series Adaptive Security Appliances (Cisco ASA) and Cisco

Note: This page contains sample records for the topic "authentication bypass vulnerability" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


341

T-622: Adobe Acrobat and Reader Unspecified Memory Corruption Vulnerability  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

22: Adobe Acrobat and Reader Unspecified Memory Corruption 22: Adobe Acrobat and Reader Unspecified Memory Corruption Vulnerability T-622: Adobe Acrobat and Reader Unspecified Memory Corruption Vulnerability May 13, 2011 - 3:25am Addthis PROBLEM: Adobe Acrobat and Reader contain a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code on the targeted system. PLATFORM: Adobe Reader versions 9.4.1 and prior, versions 8.2.5 and prior, and version 10.0 Acrobat Standard and Professional versions 9.4.1 and prior and version 10.0 Acrobat Standard and Professional versions 8.2.5 and prior Acrobat Professional Extended versions 9.4.1 and prior Acrobat 3D versions 8.2.5 and prior Adobe Flash Player versions 10.2.159.1 and prior for Windows, Macintosh, Linux, and Solaris ABSTRACT: The vulnerability is due to an unspecified error in the affected software

342

T-547: Microsoft Windows Human Interface Device (HID) Vulnerability |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

547: Microsoft Windows Human Interface Device (HID) Vulnerability 547: Microsoft Windows Human Interface Device (HID) Vulnerability T-547: Microsoft Windows Human Interface Device (HID) Vulnerability February 1, 2011 - 3:20am Addthis PROBLEM Microsoft Windows Human Interface Device (HID) Vulnerability. PLATFORM: Microsoft 2003 SP2, Vista SP2, 2008 SP2, XP SP3, 7; and prior service packs ABSTRACT: Microsoft Windows does not properly warn the user before enabling additional Human Interface Device (HID) functionality over USB, which allows user-assisted attackers to execute arbitrary programs via crafted USB data, as demonstrated by keyboard and mouse data sent by malware on a Smartphone that the user connected to the computer. reference LINKS: Security Lab: Reference CVE-2011-0638 CVE Details: Reference CVE-2011-0638 Mitre Reference: CVE-2011-0638

343

U-191: Oracle Java Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

91: Oracle Java Multiple Vulnerabilities 91: Oracle Java Multiple Vulnerabilities U-191: Oracle Java Multiple Vulnerabilities June 14, 2012 - 7:00am Addthis PROBLEM: Multiple vulnerabilities have been reported in Oracle Java, which can be exploited by malicious local users PLATFORM: Oracle Java JDK 1.7.x / 7.x Oracle Java JRE 1.7.x / 7.x Sun Java JDK 1.5.x Sun Java JDK 1.6.x / 6.x Sun Java JRE 1.4.x Sun Java JRE 1.5.x / 5.x Sun Java JRE 1.6.x / 6.x Sun Java SDK 1.4.x ABSTRACT: The Critical Patch Update for Java SE also includes non-security fixes. Critical Patch Updates are cumulative and each advisory describes only the security fixes added since the previous Critical Patch Update. Thus, prior Critical Patch Update Advisories should be reviewed for information regarding earlier accumulated security fixes.

344

OLADE-Central America Climate Change Vulnerability Program | Open Energy  

Open Energy Info (EERE)

OLADE-Central America Climate Change Vulnerability Program OLADE-Central America Climate Change Vulnerability Program Jump to: navigation, search Name OLADE-Central America Climate Change Vulnerability Program Agency/Company /Organization Latin America Energy Organization Partner Ministries of Energy and Energy Enterprises Sector Energy, Land Topics Background analysis Website http://www.olade.org/proyecto_ Program Start 2010 Program End 2011 Country Belize, Costa Rica, El Salvador, Guatemala, Honduras, Nicaragua, Panama Central America, Central America, Central America, Central America, Central America, Central America, Central America References OLADE Energy and Climate Change Projects[1] OLADE is a Latin American organization working with Central American countries on climate change vulnerability for hydroelectric systems and

345

U-035: Adobe Flash Player Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

35: Adobe Flash Player Multiple Vulnerabilities 35: Adobe Flash Player Multiple Vulnerabilities U-035: Adobe Flash Player Multiple Vulnerabilities November 14, 2011 - 10:15am Addthis PROBLEM: Adobe Flash Player Multiple Vulnerabilities. PLATFORM: Adobe Flash Player 11.0.1.152 and earlier versions for Windows, Macintosh, Linux and Solaris operating systems Adobe Flash Player 11.0.1.153 and earlier versions for Android Adobe AIR 3.0 and earlier versions for Windows, Macintosh, and Android ABSTRACT: Adobe recommends users of Adobe Flash Player 11.0.1.152 and earlier versions for Windows, Macintosh, Linux and Solaris update to Adobe Flash Player 11.1.102.55. Users of Adobe Flash Player 11.0.1.153 and earlier versions for Android should update to Adobe Flash Player 11.1.102.59 for Android. Users of Adobe AIR 3.0 for Windows, Macintosh, and Android should

346

V-161: IBM Maximo Asset Management Products Java Multiple Vulnerabilities |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

61: IBM Maximo Asset Management Products Java Multiple 61: IBM Maximo Asset Management Products Java Multiple Vulnerabilities V-161: IBM Maximo Asset Management Products Java Multiple Vulnerabilities May 22, 2013 - 12:46am Addthis PROBLEM: IBM Maximo Asset Management Products Java Multiple Vulnerabilities PLATFORM: IBM Maximo Asset Management 6.x IBM Maximo Asset Management 7.x IBM Maximo Asset Management Essentials 7.x ABSTRACT: Asset and Service Mgmt Products - Potential security exposure when using JavaTM based applications due to vulnerabilities in Java Software Developer Kits. REFERENCE LINKS: IBM Reference #:1638135 Secunia Advisory SA53451 CVE-2013-0401 CVE-2013-2433 CVE-2013-2434 CVE-2013-0402 CVE-2013-1488 CVE-2013-1491 CVE-2013-1518 CVE-2013-1537 CVE-2013-1540 CVE-2013-1557 CVE-2013-1558 CVE-2013-1561 CVE-2013-1563 CVE-2013-1564 CVE-2013-1569

347

V-180: IBM Application Manager For Smart Business Multiple Vulnerabilities  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

V-180: IBM Application Manager For Smart Business Multiple V-180: IBM Application Manager For Smart Business Multiple Vulnerabilities V-180: IBM Application Manager For Smart Business Multiple Vulnerabilities June 18, 2013 - 12:38am Addthis PROBLEM: IBM Application Manager For Smart Business Multiple Vulnerabilities PLATFORM: IBM Application Manager For Smart Business 1.x ABSTRACT: A security issue and multiple vulnerabilities have been reported in IBM Application Manager For Smart Business REFERENCE LINKS: Security Bulletin 1640752 Secunia Advisory SA53844 CVE-2012-1531 CVE-2012-1532 CVE-2012-1533 CVE-2012-2190 CVE-2012-2191 CVE-2012-2203 CVE-2012-3143 CVE-2012-3159 CVE-2012-3216 CVE-2012-4820 CVE-2012-4821 CVE-2012-4822 CVE-2012-4823 CVE-2012-5068 CVE-2012-5069 CVE-2012-5071 CVE-2012-5072 CVE-2012-5073 CVE-2012-5075 CVE-2012-5079

348

V-161: IBM Maximo Asset Management Products Java Multiple Vulnerabilities |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

1: IBM Maximo Asset Management Products Java Multiple 1: IBM Maximo Asset Management Products Java Multiple Vulnerabilities V-161: IBM Maximo Asset Management Products Java Multiple Vulnerabilities May 22, 2013 - 12:46am Addthis PROBLEM: IBM Maximo Asset Management Products Java Multiple Vulnerabilities PLATFORM: IBM Maximo Asset Management 6.x IBM Maximo Asset Management 7.x IBM Maximo Asset Management Essentials 7.x ABSTRACT: Asset and Service Mgmt Products - Potential security exposure when using JavaTM based applications due to vulnerabilities in Java Software Developer Kits. REFERENCE LINKS: IBM Reference #:1638135 Secunia Advisory SA53451 CVE-2013-0401 CVE-2013-2433 CVE-2013-2434 CVE-2013-0402 CVE-2013-1488 CVE-2013-1491 CVE-2013-1518 CVE-2013-1537 CVE-2013-1540 CVE-2013-1557 CVE-2013-1558 CVE-2013-1561 CVE-2013-1563 CVE-2013-1564 CVE-2013-1569

349

T-613: Microsoft Excel Axis Properties Remote Code Execution Vulnerability  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

613: Microsoft Excel Axis Properties Remote Code Execution 613: Microsoft Excel Axis Properties Remote Code Execution Vulnerability T-613: Microsoft Excel Axis Properties Remote Code Execution Vulnerability May 2, 2011 - 7:42am Addthis PROBLEM: Microsoft Excel is prone to a remote code-execution vulnerability because the applications fail to sufficiently validate user-supplied input. PLATFORM: Microsoft Excel (2002-2010) ABSTRACT: Microsoft Excel is prone to a remote code-execution vulnerability because the applications fails to sufficiently validate user-supplied input. Attackers can exploit this issue by enticing an unsuspecting user to open a specially crafted Excel file. Successful exploits can allow attackers to execute arbitrary code with the privileges of the user running the application. Failed exploit attempts will result in a denial-of-service

350

U-187: Adobe Flash Player Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

7: Adobe Flash Player Multiple Vulnerabilities 7: Adobe Flash Player Multiple Vulnerabilities U-187: Adobe Flash Player Multiple Vulnerabilities June 11, 2012 - 7:00am Addthis PROBLEM: Multiple vulnerabilities have been reported in Adobe Flash Player PLATFORM: Adobe Flash Player 11.2.202.235 and earlier for Windows, Macintosh and Linux Adobe Flash Player 11.1.115.8 and earlier for Android 4.x Adobe Flash Player 11.1.111.9 and earlier for Android 3.x and 2.x Adobe AIR 3.2.0.2070 and earlier for Windows, Macintosh and Android ABSTRACT: Adobe released security updates for Adobe Flash Player 11.2.202.235 and earlier versions for Windows, Macintosh and Linux, Adobe Flash Player 11.1.115.8 and earlier versions for Android 4.x, and Adobe Flash Player 11.1.111.9 and earlier versions for Android 3.x and 2.x. These updates

351

U-002:Adobe Photoshop Elements Multiple Memory Corruption Vulnerabilities |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

02:Adobe Photoshop Elements Multiple Memory Corruption 02:Adobe Photoshop Elements Multiple Memory Corruption Vulnerabilities U-002:Adobe Photoshop Elements Multiple Memory Corruption Vulnerabilities October 4, 2011 - 11:00am Addthis PROBLEM: Adobe Photoshop Elements Multiple Memory Corruption Vulnerabilities. PLATFORM: Adobe Photoshop Elements 8.0 and earlier versions for Windows. ABSTRACT: A remote user can create a file that, when loaded by the target user, will execute arbitrary code on the target user's system. reference LINKS: Adobe Advisory: APSA11-03 SecurityTracker Alert ID: 1026132 SecurityFocus: CVE-2011-2443 IMPACT ASSESSMENT: High Discussion: A vulnerability was reported in Adobe Photoshop Elements. A remote user can cause arbitrary code to be executed on the target user's system. A remote user can create a specially crafted '.grd' or '.abr' file that,

352

Chemical-Terrorism Vulnerability Information Guidance Document January 7, 2011  

E-Print Network (OSTI)

.215; Not currently applicable (2) Site Security Plans under §27.225; Not currently applicable (3) Documents relating to the Department's review and approval of Security Vulnerability Assessments and Site Security Plans, including

Pawlowski, Wojtek

353

Global Change and Human Vulnerability to Vector-Borne Diseases  

Science Journals Connector (OSTI)

...preventative measures in both developing...large part in reducing the vulnerability...preventative measures rather than...faster route to reducing the incidence...of the key greenhouse gases carbon dioxide...of a species related to its climatic...

Robert W. Sutherst

2004-01-01T23:59:59.000Z

354

Ethics of Vulnerability (ii): Imagining the Posthuman Future  

Science Journals Connector (OSTI)

Moreover, in contrast to determinist versions of transhumanism (as e.g. Singularity thinking)...some extent at leastinfluence what we are to become by trying to understand our current vulnerabilities, project ...

Mark Coeckelbergh

2013-01-01T23:59:59.000Z

355

U.S. Energy Sector Vulnerability Report | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

U.S. Energy Sector Vulnerability Report U.S. Energy Sector Vulnerability Report U.S. Energy Sector Vulnerability Report As part of the Administration's efforts to support national climate change adaptation planning through the Interagency Climate Change Adaptation Task Force and Strategic Sustainability Planning process -- and to advance the Energy Department's goal of promoting energy security -- the Department released the U.S. Energy Sector Vulnerability to Climate Change and Extreme Weather report. The report examines current and potential future impacts of climate change trends on the U.S. energy sector, including: Coastal energy infrastructure is at risk from sea level rise, increasing storm intensity and higher storm surge and flooding. Oil and gas production -- including refining, hydraulic fracturing

356

Abstract IA14: Functional genomics and cancer vulnerabilities  

Science Journals Connector (OSTI)

...Cancer Research. November 2014 meeting-abstract Genomics Genomics: Oral Presentations - Invited Abstracts Abstracts...2013; San Diego, CA Abstract IA14: Functional genomics and cancer vulnerabilities William C. Hahn Dana-Farber...

William C. Hahn

2014-11-01T23:59:59.000Z

357

A review of young people's vulnerabilities to online grooming  

Science Journals Connector (OSTI)

Abstract This review explores risk factors that may make a young person vulnerable to being groomed online. Even though research in this area is extremely limited, adolescents appear to be the age group most vulnerable to online grooming. Other vulnerabilities appear to be consistent with those associated with offline sexual abuse. The review suggests that behaviors specific to online grooming include: engaging in risk taking behavior online, high levels of internet access, and lack of parental involvement in the young person's internet use. Vulnerabilities to carry out these types of behavior and be more exposed to the risk of online grooming, are set within the context of the Ecological Model of child protection, consisting of: individual, family, community, and cultural risk factors. Patterns of vulnerability regarding living environment, ethnicity, socioeconomic status, and personality are tentative, but are often interconnected. The more risk taking behaviors the young person carries out, plus greater levels of vulnerability factors, the less resilient they are likely to be towards protecting themselves against online grooming. A protective factor appears to be parental involvement in their child's use of the internet. Therefore, this, in combination with internet safety education at school, is encouraged.

Helen Whittle; Catherine Hamilton-Giachritsis; Anthony Beech; Guy Collings

2013-01-01T23:59:59.000Z

358

Variations in Oral Vitamin and Mineral Supplementation Following Bariatric Gastric Bypass Surgery: A National Survey  

Science Journals Connector (OSTI)

Bariatric surgery (including gastric bypass) is associated with long-term deficiencies in vitamins and minerals, which may have deleterious effects on physiology. The American Association of Clinical Endocrino...

Matt J. D. Dunstan; Emma J. Molena; Kumaran Ratnasingham; Anna Kamocka

2014-11-01T23:59:59.000Z

359

Thermal Bypass Air Barriers in the 2009 International Energy Conservation Code- Building America Top Innovation  

Energy.gov (U.S. Department of Energy (DOE))

This Building America Innovations profile describes Building America research supporting Thermal Bypass Air Barrier requirements. Since these were adopted in the 2009 IECC, close to one million homes have been mandated to include this vitally important energy efficiency measure.

360

Initial Hydrologic Feasibility Analysis of the Proposed Ship Channel Bypass (lower Sacramento River, California  

E-Print Network (OSTI)

Project Modifications Works, Yolo County, CA. USACE (U.S.2006. Office Report: Yolo Bypass 2-D Hydraulic ModelPlan. Prepared by CDFG, Yolo Basin Foundation and EDAW.

Church, Tami C.

2012-01-01T23:59:59.000Z

Note: This page contains sample records for the topic "authentication bypass vulnerability" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


361

INSTRUCTIONS FOR USING HSPD-12 AUTHENTICATED OUTLOOK WEB ACCESS (OWA)  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

7/2013 Page 1 7/2013 Page 1 INSTRUCTIONS FOR USING HSPD-12 AUTHENTICATED OUTLOOK WEB ACCESS (OWA) Outlook Web Access provides access to unencrypted email only and is suitable for use from any computer. HSPD-12 OWA REQUIREMENTS:  An EITS provided Exchange email account  A DOE issued HSPD-12 badge  DOEnet or Internet access and a supported web browser  A smart card reader installed* on your computer (*Windows Vista, Windows XP, MAC OS X 10.7 & 10.8, will also require smart card software to be installed in order to read the HSPD-12 badge) HSPD-12 OWA LOGIN PROCEDURE: 1. Insert HSPD-12 badge into card reader

362

U-159: Red Hat Enterprise MRG Messaging Qpid Bug Lets Certain Remote Users  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

9: Red Hat Enterprise MRG Messaging Qpid Bug Lets Certain 9: Red Hat Enterprise MRG Messaging Qpid Bug Lets Certain Remote Users Bypass Authentication U-159: Red Hat Enterprise MRG Messaging Qpid Bug Lets Certain Remote Users Bypass Authentication May 1, 2012 - 7:00am Addthis PROBLEM: Red Hat Enterprise MRG Messaging Qpid Bug Lets Certain Remote Users Bypass Authentication PLATFORM: Red Hat Enterprise MRG v2 for Red Hat Enterprise Linux (version 6) ABSTRACT: A vulnerability was reported in Red Hat Enterprise MRG Messaging. A remote user can access cluster messages and view the internal configuration. reference LINKS: SecurityTracker Alert ID: 1026990 CVE-2011-3620 Red Hat advisory IMPACT ASSESSMENT: High Discussion: Qpid may accept arbitrary passwords and SASL mechanims. A remote user on the local private interconnect network with knowledge of a valid cluster

363

V-083: Oracle Java Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

3: Oracle Java Multiple Vulnerabilities 3: Oracle Java Multiple Vulnerabilities V-083: Oracle Java Multiple Vulnerabilities February 4, 2013 - 12:42am Addthis PROBLEM: Oracle Java Multiple Vulnerabilities PLATFORM: Oracle Java JDK 1.5.x / 5.x Oracle Java JDK 1.7.x / 7.x Oracle Java JRE 1.7.x / 7.x Oracle Java SDK 1.4.x / 4.x Sun Java JDK 1.4.x Sun Java JDK 1.6.x / 6.x Sun Java JRE 1.4.x / 4.x Sun Java JRE 1.5.x / 5.x Sun Java JRE 1.6.x / 6.x ABSTRACT: A Critical Patch Update is a collection of patches for multiple security vulnerabilities. The Critical Patch Update for Java SE also includes non-security fixes. Critical Patch Updates are cumulative and each advisory describes only the security fixes added since the previous Critical Patch Update and Security Alert. REFERENCE LINKS: Oracle Security Advisory February 2013

364

V-107: Wireshark Multiple Denial of Service Vulnerabilities | Department of  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

7: Wireshark Multiple Denial of Service Vulnerabilities 7: Wireshark Multiple Denial of Service Vulnerabilities V-107: Wireshark Multiple Denial of Service Vulnerabilities March 8, 2013 - 6:00am Addthis PROBLEM: Multiple vulnerabilities have been reported in Wireshark PLATFORM: Wireshark 1.6.x and 1.8.x ABSTRACT: Multiple vulnerabilities have been reported in Wireshark, which can be exploited by malicious people to cause a DoS (Denial of Service). REFERENCE LINKS: Secunia Advisory SA52471 Wireshark Release Notes 1.8.6 Wireshark Release Notes 1.6.1.4 CVE-2013-2475 CVE-2013-2476 CVE-2013-2477 CVE-2013-2478 CVE-2013-2479 CVE-2013-2480 CVE-2013-2481 CVE-2013-2482 CVE-2013-2483 CVE-2013-2484 CVE-2013-2485 CVE-2013-2486 CVE-2013-2487 CVE-2013-2488 IMPACT ASSESSMENT: Medium DISCUSSION: 1) An error in the TCP dissector when processing certain packets can be

365

V-107: Wireshark Multiple Denial of Service Vulnerabilities | Department of  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

7: Wireshark Multiple Denial of Service Vulnerabilities 7: Wireshark Multiple Denial of Service Vulnerabilities V-107: Wireshark Multiple Denial of Service Vulnerabilities March 8, 2013 - 6:00am Addthis PROBLEM: Multiple vulnerabilities have been reported in Wireshark PLATFORM: Wireshark 1.6.x and 1.8.x ABSTRACT: Multiple vulnerabilities have been reported in Wireshark, which can be exploited by malicious people to cause a DoS (Denial of Service). REFERENCE LINKS: Secunia Advisory SA52471 Wireshark Release Notes 1.8.6 Wireshark Release Notes 1.6.1.4 CVE-2013-2475 CVE-2013-2476 CVE-2013-2477 CVE-2013-2478 CVE-2013-2479 CVE-2013-2480 CVE-2013-2481 CVE-2013-2482 CVE-2013-2483 CVE-2013-2484 CVE-2013-2485 CVE-2013-2486 CVE-2013-2487 CVE-2013-2488 IMPACT ASSESSMENT: Medium DISCUSSION: 1) An error in the TCP dissector when processing certain packets can be

366

V-083: Oracle Java Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

3: Oracle Java Multiple Vulnerabilities 3: Oracle Java Multiple Vulnerabilities V-083: Oracle Java Multiple Vulnerabilities February 4, 2013 - 12:42am Addthis PROBLEM: Oracle Java Multiple Vulnerabilities PLATFORM: Oracle Java JDK 1.5.x / 5.x Oracle Java JDK 1.7.x / 7.x Oracle Java JRE 1.7.x / 7.x Oracle Java SDK 1.4.x / 4.x Sun Java JDK 1.4.x Sun Java JDK 1.6.x / 6.x Sun Java JRE 1.4.x / 4.x Sun Java JRE 1.5.x / 5.x Sun Java JRE 1.6.x / 6.x ABSTRACT: A Critical Patch Update is a collection of patches for multiple security vulnerabilities. The Critical Patch Update for Java SE also includes non-security fixes. Critical Patch Updates are cumulative and each advisory describes only the security fixes added since the previous Critical Patch Update and Security Alert. REFERENCE LINKS: Oracle Security Advisory February 2013

367

A Reduction for Automated Veri cation of Authentication Scott D. Stoller  

E-Print Network (OSTI)

A Reduction for Automated Veri cation of Authentication Protocols Scott D. Stoller Computer Science of those case studies were not rigorously justi ed. Reduction theorems are needed, which show

Stoller, Scott

368

Integrating an Efficient Authorization Protocol with Trigon-Based Authentication Mechanism for Improving Grid Security  

Science Journals Connector (OSTI)

Security is a vital part of an integrated grid application in which heterogeneous services and resources ... dynamically. Authentication and authorization are the major security concerns in grid environment. Most...

V. Ruckmani; G. Sudha Sadasivam

2010-01-01T23:59:59.000Z

369

Determination of 5-hydroxymethylfurfural after Winkler and by the HPLC method for authentication of honey  

Science Journals Connector (OSTI)

The quality and authenticity of commercially available honey from Slovak market and the development of HPLC method for determination of hydroxymethylfurfural (HMF) content of honey with fine separation efficie...

K. Kukurova; J. Karovi?ov; G. Greif; Z. Kohajdov; J. Lehkoivov

2006-06-01T23:59:59.000Z

370

V-195: RSA Authentication Manager Lets Local Users View the Administra...  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

can view the administrative account password SOLUTION: The vendor has issued a fix (Patch 26 (P26) for RSA Authentication Manager 7.1 Service Pack 4 (SP4) and Appliance 3.0...

371

U-212: RSA Authentication Manager Flaws Permit Cross-Site and...  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

actions on the site acting as the target user. Solution: The vendor has issued a fix (Patch 14 (P14) for RSA Authentication Manager 7.1 SP4 and Appliance 3.0 SP4). Addthis...

372

Subverting value hierarchies : essays on the causes and responses to shifts in demand for authenticity  

E-Print Network (OSTI)

This dissertation includes three essays on the causes and responses to shifts in demand for authenticity. In the first chapter, I answer the question: why do previously cast-off products, practices, or styles abruptly ...

Hahl, Oliver (Oliver Douglas)

2013-01-01T23:59:59.000Z

373

AFTER A Framework for electrical power sysTems vulnerability  

Open Energy Info (EERE)

vulnerability vulnerability identification, dEfense and Restoration (Smart Grid Project) (United Kingdom) Jump to: navigation, search Project Name AFTER A Framework for electrical power sysTems vulnerability identification, dEfense and Restoration Country United Kingdom Coordinates 55.378052°, -3.435973° Loading map... {"minzoom":false,"mappingservice":"googlemaps3","type":"ROADMAP","zoom":14,"types":["ROADMAP","SATELLITE","HYBRID","TERRAIN"],"geoservice":"google","maxzoom":false,"width":"600px","height":"350px","centre":false,"title":"","label":"","icon":"","visitedicon":"","lines":[],"polygons":[],"circles":[],"rectangles":[],"copycoords":false,"static":false,"wmsoverlay":"","layers":[],"controls":["pan","zoom","type","scale","streetview"],"zoomstyle":"DEFAULT","typestyle":"DEFAULT","autoinfowindows":false,"kml":[],"gkml":[],"fusiontables":[],"resizable":false,"tilt":0,"kmlrezoom":false,"poi":true,"imageoverlays":[],"markercluster":false,"searchmarkers":"","locations":[{"text":"","title":"","link":null,"lat":55.378052,"lon":-3.435973,"alt":0,"address":"","icon":"","group":"","inlineLabel":"","visitedicon":""}]}

374

Locating Climate Insecurity: Where Are the Most Vulnerable Places in  

Open Energy Info (EERE)

Locating Climate Insecurity: Where Are the Most Vulnerable Places in Locating Climate Insecurity: Where Are the Most Vulnerable Places in Africa? Jump to: navigation, search Tool Summary LAUNCH TOOL Name: Locating Climate Insecurity: Where Are the Most Vulnerable Places in Africa? Agency/Company /Organization: The Robert Strauss Center Topics: Co-benefits assessment, Background analysis Resource Type: Publications Website: ccaps.strausscenter.org/system/research_items/pdfs/19/original.pdf?128 UN Region: "Sub-Saharan Africa" is not in the list of possible values (Eastern Africa, Middle Africa, Northern Africa, Southern Africa, Western Africa, Caribbean, Central America, South America, Northern America, Central Asia, Eastern Asia, Southern Asia, South-Eastern Asia, Western Asia, Eastern Europe, Northern Europe, Southern Europe, Western Europe, Australia and New Zealand, Melanesia, Micronesia, Polynesia, Latin America and the Caribbean) for this property.

375

The Journal of Physical Security - Vulnerability Assessment Team - Argonne  

NLE Websites -- All DOE Office Websites (Extended Search)

Current Projects > The Journal of Physical Current Projects > The Journal of Physical Security VAT Projects Introducing the VAT Adversarial Vulnerability Assessments Safety Tags & Product Counterfeiting Election Security Spoofing GPS Defeating Existing Tamper-Indicating Seals Specialty Field Tools & Sampling Tools Insider Threat Mitigation Drug Testing Security Microprocessor Prototypes The Journal of Physical Security Vulnerability Assessments Vulnerability Assessments Insanely Fast µProcessor Shop Insanely Fast µProcessor Shop Seals About Seals Applications of Seals Common Myths about Tamper Indicating Seals Definitions Findings and Lessons Learned New Seals Types of Seals Seals References Selected VAT Papers Selected VAT Papers Selected Invited Talks Self-Assessment Survey Security Maxims Devil's Dictionary of Security Terms

376

T-657: Drupal Prepopulate - Multiple vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

7: Drupal Prepopulate - Multiple vulnerabilities 7: Drupal Prepopulate - Multiple vulnerabilities T-657: Drupal Prepopulate - Multiple vulnerabilities June 29, 2011 - 3:34pm Addthis PROBLEM: Prepopulate module enables pre-populating forms in Drupal using the $_REQUEST vairable. PLATFORM: Prepopulate module for Drupal 6.x versions prior to 6.x-2.2 ABSTRACT: The module does not adequately validate user input leading to an cross-site scripting (XSS) possibility in certain circumstances. reference LINKS: Advisory ID: DRUPAL-SA-CONTRIB-2011-023 Prepopulate module Prepopulate 6.x-2.2 Update IMPACT ASSESSMENT: High Discussion: The Prepopulate module enables pre-populating forms in Drupal using the $_REQUEST vairable. The module does not adequately validate user input leading to an cross-site scripting (XSS) possibility in certain circumstances. Users privileged to

377

Vulnerability Analysis of Energy Delivery Control Systems - 2011 |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

Vulnerability Analysis of Energy Delivery Control Systems - 2011 Vulnerability Analysis of Energy Delivery Control Systems - 2011 Vulnerability Analysis of Energy Delivery Control Systems - 2011 Cybersecurity for energy delivery systems has emerged as one of the Nation's most serious grid modernization and infrastructure protection issues. Cyber adversaries are becoming increasingly targeted, sophisticated, and better financed. The energy sector must research, develop and deploy new cybersecurity capabilities faster than the adversary can launch new attack tools and techniques. The goal of the U.S. Department of Energy Office of Electricity Delivery and Energy Reliability (DOE/OE) National Supervisory Control and Data Acquisition (SCADA) Test Bed (NSTB) program is to enhance the reliability and resiliency of the Nation's energy infrastructure by reducing the risk

378

Agenda: Enhancing Energy Infrastructure Resiliency and Addressing Vulnerabilities  

Energy.gov (U.S. Department of Energy (DOE))

Quadrennial Energy Review Task Force Secretariat and Energy Policy and Systems Analysis Staff, U. S. Department of Energy (DOE) Public Meeting on Enhancing Resilience in Energy Infrastructure and Addressing Vulnerabilities On Friday, April 11, 2014, at 10 a.m. in room HVC-215 of the U.S. Capitol, the Department of Energy (DOE), acting as the Secretariat for the Quadrennial Energy Review Task Force, will hold a public meeting to discuss and receive comments on issues related to the Quadrennial Energy Review (QER). The meeting will focus on infrastructure vulnerabilities related to the electricity, natural gas and petroleum transmission, storage and distribution systems (TS&D). The meeting will consist of two facilitated panels of experts on identifying and addressing vulnerabilities within the nations energy TS&D infrastructure. Following the panels, an opportunity will be provided for public comment via an open microphone session.

379

Analysis of seismic vulnerability using remote sensing and GIS techniques  

Science Journals Connector (OSTI)

This paper presents a framework to integrate several sources of spatial information to derive a map of seismic vulnerability for the city of Arica, Chile, which has been historically affected by this natural hazard. The proposed method is based on generating a geographical database with different variables that are related to human activity, considering factors of potential reduction and increase of damage caused by a future earthquake. The spatial information was obtained from different sources, mainly remote sensing images, national and local census and field data collection. The map of seismic vulnerability was based on the estimated location of population, as well as the situation of critical installations and a map of construction fragility. Since population activity changes through the day, a dynamic cartography of vulnerability was produced, based on population density levels for different time periods. Construction fragility maps were derived from digital classification of an IRS-1C image, using textural features.

Patricio Zavala; Emilio Chuvieco

2003-01-01T23:59:59.000Z

380

Developing new methodology for nuclear power plants vulnerability assessment  

Science Journals Connector (OSTI)

The fundamental aim of an efficient regulatory emergency preparedness and response system is to provide sustained emergency readiness and to prevent emergency situations and accidents. But when an event occurs, the regulatory mission is to mitigate consequences and to protect people and the environment against nuclear and radiological damage. The regulatory emergency response system, which would be activated in the case of a nuclear and/or radiological emergency and release of radioactivity to the environment, is an important element of a comprehensive national regulatory system of nuclear and radiation safety. In the past, national emergency systems explicitly did not include vulnerability assessments of the critical nuclear infrastructure as an important part of a comprehensive preparedness framework. But after the huge terrorist attack on 11/09/2001, decision-makers became aware that critical nuclear infrastructure could also be an attractive target to terrorism, with the purpose of using the physical and radioactive properties of the nuclear material to cause mass casualties, property damage, and detrimental economic and/or environmental impacts. The necessity to evaluate critical nuclear infrastructure vulnerability to threats like human errors, terrorist attacks and natural disasters, as well as preparation of emergency response plans with estimation of optimized costs, are of vital importance for assurance of safe nuclear facilities operation and national security. In this paper presented new methodology and solution methods for vulnerability assessment can help the overall national energy sector to identify and understand the terrorist threats to and vulnerabilities of its critical infrastructure. Moreover, adopted methodology could help national regulators and agencies to develop and implement a vulnerability awareness and education programs for their critical assets to enhance the security and a safe operation of the entire energy infrastructure. New methods can also assist nuclear power plants to develop, validate, and disseminate assessment and surveys of new efficient countermeasures. Consequently, concise description of developed new quantitative method and adapted new methodology for nuclear regulatory vulnerability assessment of nuclear power plants are presented.

Venceslav Kostadinov

2011-01-01T23:59:59.000Z

Note: This page contains sample records for the topic "authentication bypass vulnerability" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


381

U-042: Mac RealPlayer Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

42: Mac RealPlayer Multiple Vulnerabilities 42: Mac RealPlayer Multiple Vulnerabilities U-042: Mac RealPlayer Multiple Vulnerabilities November 21, 2011 - 9:15am Addthis PROBLEM: Mac RealPlayer Multiple Vulnerabilities. PLATFORM: Versions 12.0.0.1701 and prior. ABSTRACT: Multiple vulnerabilities have been reported in Mac RealPlayer, which can be exploited by malicious people to compromise a user's system. reference LINKS: Secunia Advisory: SA46963 Secunia Vulnerability Report: Mac RealPlayer 12.x Secunia Advisory: SA46954 IMPACT ASSESSMENT: High Discussion: Multiple vulnerabilities have been reported in RealPlayer, which can be exploited by malicious people to compromise a user's system. Successful exploitation of the vulnerabilities may allow execution of arbitrary code. The vulnerabilities are reported in the versions 14.0.7 and prior.

382

U-042: Mac RealPlayer Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

2: Mac RealPlayer Multiple Vulnerabilities 2: Mac RealPlayer Multiple Vulnerabilities U-042: Mac RealPlayer Multiple Vulnerabilities November 21, 2011 - 9:15am Addthis PROBLEM: Mac RealPlayer Multiple Vulnerabilities. PLATFORM: Versions 12.0.0.1701 and prior. ABSTRACT: Multiple vulnerabilities have been reported in Mac RealPlayer, which can be exploited by malicious people to compromise a user's system. reference LINKS: Secunia Advisory: SA46963 Secunia Vulnerability Report: Mac RealPlayer 12.x Secunia Advisory: SA46954 IMPACT ASSESSMENT: High Discussion: Multiple vulnerabilities have been reported in RealPlayer, which can be exploited by malicious people to compromise a user's system. Successful exploitation of the vulnerabilities may allow execution of arbitrary code. The vulnerabilities are reported in the versions 14.0.7 and prior.

383

Vulnerability Analysis Considerations for the Transportation of Special Nuclear Material  

SciTech Connect

The vulnerability analysis methodology developed for fixed nuclear material sites has proven to be extremely effective in assessing associated transportation issues. The basic methods and techniques used are directly applicable to conducting a transportation vulnerability analysis. The purpose of this paper is to illustrate that the same physical protection elements (detection, delay, and response) are present, although the response force plays a dominant role in preventing the theft or sabotage of material. Transportation systems are continuously exposed to the general public whereas the fixed site location by its very nature restricts general public access.

Nicholson, Lary G.; Purvis, James W.

1999-07-21T23:59:59.000Z

384

Investigation on the Core Bypass Flow in a Very High Temperature Reactor  

SciTech Connect

Uncertainties associated with the core bypass flow are some of the key issues that directly influence the coolant mass flow distribution and magnitude, and thus the operational core temperature profiles, in the very high-temperature reactor (VHTR). Designers will attempt to configure the core geometry so the core cooling flow rate magnitude and distribution conform to the design values. The objective of this project is to study the bypass flow both experimentally and computationally. Researchers will develop experimental data using state-of-the-art particle image velocimetry in a small test facility. The team will attempt to obtain full field temperature distribution using racks of thermocouples. The experimental data are intended to benchmark computational fluid dynamics (CFD) codes by providing detailed information. These experimental data are urgently needed for validation of the CFD codes. The following are the project tasks: Construct a small-scale bench-top experiment to resemble the bypass flow between the graphite blocks, varying parameters to address their impact on bypass flow. Wall roughness of the graphite block walls, spacing between the blocks, and temperature of the blocks are some of the parameters to be tested. Perform CFD to evaluate pre- and post-test calculations and turbulence models, including sensitivity studies to achieve high accuracy. Develop the state-of-the art large eddy simulation (LES) using appropriate subgrid modeling. Develop models to be used in systems thermal hydraulics codes to account and estimate the bypass flows. These computer programs include, among others, RELAP3D, MELCOR, GAMMA, and GAS-NET. Actual core bypass flow rate may vary considerably from the design value. Although the uncertainty of the bypass flow rate is not known, some sources have stated that the bypass flow rates in the Fort St. Vrain reactor were between 8 and 25 percent of the total reactor mass flow rate. If bypass flow rates are on the high side, the quantity of cooling flow through the core may be considerably less than the nominal design value, causing some regions of the core to operate at temperatures in excess of the design values. These effects are postulated to lead to localized hot regions in the core that must be considered when evaluating the VHTR operational and accident scenarios.

Hassan, Yassin

2013-10-22T23:59:59.000Z

385

Oil Bypass Filter Technology Evaluation, Fourth Quarterly Report, July--September 2003  

SciTech Connect

This fourth Oil Bypass Filter Technology Evaluation report details the ongoing fleet evaluation of an oil bypass filter technology by the Idaho National Engineering and Environmental Laboratory (INEEL) for the U.S. Department of Energys FreedomCAR & Vehicle Technologies Program. Eight four-cycle diesel-engine buses used to transport INEEL employees on various routes have been equipped with oil bypass filter systems from the puraDYN Corporation. The bypass filters are reported to have engine oil filtering capability of <1 micron and a built-in additive package to facilitate extended oil-drain intervals. To date, the eight buses have accumulated 259,398 test miles. This represents an avoidance of 21 oil changes, which equates to 740 quarts (185 gallons) of oil not used or disposed of. To validate the extended oil-drain intervals, an oil-analysis regime evaluates the fitness of the oil for continued service by monitoring the presence of necessary additives, undesirable contaminants, and engine-wear metals. For bus 73450, higher values of iron have been reported, but the wear rate ratio (parts per million of iron per thousand miles driven) has remained consistent. In anticipation of also evaluating oil bypass systems on six Chevrolet Tahoe sport utility vehicles, the oil is being sampled on each of the Tahoes to develop a characterization history or baseline for each engine.

James E. Francfort; Larry Zirker

2003-11-01T23:59:59.000Z

386

JC3 Bulletin Archive | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

30, 2013 30, 2013 V-167: GnuTLS TLS Record Decoding Denial of Service Vulnerability A vulnerability has been reported in GnuTLS, which can be exploited by malicious people to cause a DoS (Denial of Service) May 29, 2013 V-166: HP-UX Directory Server Discloses Passwords to Remote Authenticated and Local Users Two vulnerabilities were reported in HP-UX Directory Server. May 28, 2013 V-165: Cisco WebEx for iOS Certificate Validation Flaw Lets Remote Users Spoof the Server A vulnerability was reported in Cisco WebEx for iOS. May 27, 2013 V-164: Apple QuickTime Multiple Flaws Let Remote Users Execute Arbitrary Code Apple QuickTime Multiple Vulnerabilities May 24, 2013 V-163: Red Hat Network Satellite Server Inter-Satellite Sync Remote Authentication Bypass The system does not properly validate all Inter-Satellite Sync operations

387

Vulnerability analysis for complex networks using aggressive abstraction.  

SciTech Connect

Large, complex networks are ubiquitous in nature and society, and there is great interest in developing rigorous, scalable methods for identifying and characterizing their vulnerabilities. This paper presents an approach for analyzing the dynamics of complex networks in which the network of interest is first abstracted to a much simpler, but mathematically equivalent, representation, the required analysis is performed on the abstraction, and analytic conclusions are then mapped back to the original network and interpreted there. We begin by identifying a broad and important class of complex networks which admit vulnerability-preserving, finite state abstractions, and develop efficient algorithms for computing these abstractions. We then propose a vulnerability analysis methodology which combines these finite state abstractions with formal analytics from theoretical computer science to yield a comprehensive vulnerability analysis process for networks of realworld scale and complexity. The potential of the proposed approach is illustrated with a case study involving a realistic electric power grid model and also with brief discussions of biological and social network examples.

Colbaugh, Richard; Glass, Kristin L.

2010-06-01T23:59:59.000Z

388

NV: Nessus Vulnerability Visualization for the Web Lane Harrison  

E-Print Network (OSTI)

NV: Nessus Vulnerability Visualization for the Web Lane Harrison Oak Ridge National Laboratory Oak Ridge TN, USA harrisonlt@ornl.gov Riley Spahn Oak Ridge National Laboratory Oak Ridge TN, USA spahnrb1@ornl.gov Mike Iannacone Oak Ridge National Laboratory Oak Ridge TN, USA iannaconemd@ornl.gov Evan

Kaiser, Gail E.

389

Climate Change: Conflict, Security and Vulnerability Professor of Climate Change  

E-Print Network (OSTI)

Climate Change: Conflict, Security and Vulnerability Mike Hulme Professor of Climate Change Science, Society and Sustainability Group School of Environmental Sciences Rethinking Climate Change, Conflict security" "increase risk of conflicts among and within nations" #12;· from `climatic change' to `climate-change

Hulme, Mike

390

Experimental Investigation of Microwave Vulnerabilities in CMOS Inverters  

E-Print Network (OSTI)

Experimental Investigation of Microwave Vulnerabilities in CMOS Inverters Agis A. Iliadis effects on single CMOS inverters, the fundamental building block of logic ICs, consisting of an NMOS and a PMOS transistor. The inverters were designed in our group and fabricated in the AMI-1.5µm MOSIS line

Anlage, Steven

391

Safeguarding Vulnerable Groups Policy Purpose of this Document  

E-Print Network (OSTI)

1 Safeguarding Vulnerable Groups Policy Purpose of this Document This document contains guidelines in university activities or visiting university premises. Author: Students in Classrooms & Safeguarding Children.0 Jamie Marshall January 2014 Added contents Amended e-safety Updated Safeguarding Officer Details Andy

Evans, Paul

392

Safeguarding Vulnerable Groups Policy 1. WHAT IS SAFEGUARDING?  

E-Print Network (OSTI)

Safeguarding Vulnerable Groups Policy 1. WHAT IS SAFEGUARDING? 1.1Safeguarding is defined by the Children Act 1989 and Joint Chief Inspectors Report on Arrangements to Safeguard Children (2002) as meaning with other local agencies'. 2. WHO ARE WE SAFEGUARDING? 2.1 Safeguarding practices are most commonly applied

Aickelin, Uwe

393

An assessment of fire vulnerability for aged electrical relays  

SciTech Connect

There has been some concern that, as nuclear power plants age, protective measures taken to control and minimize the impact of fire may become ineffective, or significantly less effective, and hence result in an increased fire risk. One objective of the Fire Vulnerability of Aged Electrical Components Program is to assess the effects of aging and service wear on the fire vulnerability of electrical equipment. An increased fire vulnerability of components may lead to an overall increase in fire risk to the plant. Because of their widespread use in various electrical safety systems, electromechanical relays were chosen to be the initial components for evaluation. This test program assessed the impact of operational and thermal aging on the vulnerability of these relays to fire-induced damage. Only thermal effects of a fire were examined in this test program. The impact of smoke, corrosive materials, or fire suppression effects on relay performance were not addressed in this test program. The purpose of this test program was to assess whether the fire vulnerability of electrical relays increased with aging. The sequence followed for the test program was to: identify specific relay types, develop three fire scenarios, artificially age several relays, test the unaged and aged relays in the fire exposure scenarios, and compare the results. The relays tested were Agastat GPI, General Electric (GE) HMA, HGA, and HFA. At least two relays of each type were artificially aged and at least two relays of each type were new. Relays were operationally aged by cycling the relay under rated load for 2,000 operations. These relays were then thermally aged for 60 days with their coil energized.

Vigil, R.A. [Sandia National Labs., Albuquerque, NM (United States)]|[Science and Engineering Associates, Inc., Albuquerque, NM (United States); Nowlen, S.P. [Sandia National Labs., Albuquerque, NM (United States)

1995-03-01T23:59:59.000Z

394

Computations of high-pressure steam flow in the turbine bypass valve  

SciTech Connect

The objective of the present study is to investigate the steam flow behavior through the high-pressure turbine bypass valve. Efforts have mainly been directed at investigating the process of steam flow and property variations aforementioned bypass valve as well as to obtain correlations between the flow rate and the valve opening ratio. Modeling of the high-pressure turbulent steam flow was performed on a three-dimensional non-staggered grid system by employing the finite volume method and by solving the three-dimensional, turbulent, compressible Navier-Stokes, and energy equations. Through this research, numerous data have been acquired and analyzed. These efforts enable one to obtain a correlation data set for the valve opening versus flow rate coefficient of the valve. One of the significant accomplishments is to use the model presented here to further improve a design of a turbine bypass flow valve.

Amano, R.S.; Draxler, G.R.

1999-07-01T23:59:59.000Z

395

JC3 Bulletin Archive | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

January 25, 2013 January 25, 2013 V-077: Barracuda SSL VPN Bug Lets Remote Users Bypass Authentication A remote user can gain administrative access to the target system. January 24, 2013 V-076: Cisco Wireless LAN Controller Bugs Let Remote Users Deny Service and Remote Authenticated Users Modify the Configuration and Execute Arbitrary Code A remote authenticated user can execute arbitrary code on the target system. A remote authenticated user can modify the configuration on the target system. A remote user can cause denial of service conditions. January 23, 2013 V-075: EMC AlphaStor Command Injection and Format String Flaws Let Remote Users Execute Arbitrary Code Two vulnerabilities were reported in EMC AlphaStor. January 22, 2013 V-074: IBM Informix Genero libpng Integer Overflow Vulnerability

396

Multi-Objective Analysis for Ecosystem Reconciliation on an Engineered Floodplain: The Yolo Bypass in California's Central Valley  

E-Print Network (OSTI)

i Multi-Objective Analysis for Ecosystem Reconciliation on an Engineered Floodplain: The Yolo on an Engineered Floodplain: the Yolo Bypass in California's Central Valley Abstract Floodplains in California. Results suggest several land use changes and inundation management strategies on the Yolo Bypass that can

Pasternack, Gregory B.

397

T-629: Avaya WinPDM Multiple Buffer Overflow Vulnerabilities | Department  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

9: Avaya WinPDM Multiple Buffer Overflow Vulnerabilities 9: Avaya WinPDM Multiple Buffer Overflow Vulnerabilities T-629: Avaya WinPDM Multiple Buffer Overflow Vulnerabilities May 24, 2011 - 3:35pm Addthis PROBLEM: Avaya WinPDM Multiple Buffer Overflow Vulnerabilities. PLATFORM: Avaya versions prior to 3.8.5 (confirmed in 3.8.2) ABSTRACT: Vulnerabilities where malicious people are able to gain system access and execute arbitrary code with the privileges of a local user. refrence LINKS: Avaya Security Advisory: ASA-2011-143 Secunia Advisory: SA44062 Securelist ID: SA44062 Vulnerability Report: Avaya WinPDM 3.x IMPACT ASSESSMENT: High Discussion: Multiple vulnerabilities in Avaya WinPDM, which can be exploited by malicious people to compromise a vulnerable system. 1) A boundary error in the Unite Host Router service (UniteHostRouter.exe)

398

U-158: HP NonStop Server Java Multiple Vulnerabilities | Department of  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

8: HP NonStop Server Java Multiple Vulnerabilities 8: HP NonStop Server Java Multiple Vulnerabilities U-158: HP NonStop Server Java Multiple Vulnerabilities April 30, 2012 - 7:00am Addthis PROBLEM: HP NonStop Server Java Multiple Vulnerabilities PLATFORM: HP NonStop Server 6.x ABSTRACT: Multiple vulnerabilities have been reported in HP NonStop Server Reference links: Secunia Advisory SA48977 CVE-2011-3547 CVE-2011-3551 CVE-2011-3553 IMPACT ASSESSMENT: High Discussion: HP has acknowledged multiple vulnerabilities in HP NonStop Server, which can be exploited by malicious users to disclose sensitive information and by malicious people to disclose sensitive information, manipulate certain data, cause a DoS (Denial of Service), and compromise a vulnerable system. Impact: Successful exploitation of this vulnerability may allow remote manipulation

399

U-196: Cisco AnyConnect VPN Client Two Vulnerabilities | Department of  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

6: Cisco AnyConnect VPN Client Two Vulnerabilities 6: Cisco AnyConnect VPN Client Two Vulnerabilities U-196: Cisco AnyConnect VPN Client Two Vulnerabilities June 21, 2012 - 7:00am Addthis PROBLEM: Two vulnerabilities have been reported in Cisco AnyConnect VPN Client, which can be exploited by malicious people to compromise a user's system. PLATFORM: Cisco AnyConnect VPN Client 2.x Cisco AnyConnect VPN Client 3.x ABSTRACT: The Cisco AnyConnect Secure Mobility Client is affected by the following vulnerabilities: Cisco AnyConnect Secure Mobility Client VPN Downloader Arbitrary Code Execution Vulnerability Cisco AnyConnect Secure Mobility Client VPN Downloader Software Downgrade Vulnerability Cisco AnyConnect Secure Mobility Client and Cisco Secure Desktop HostScan Downloader Software Downgrade Vulnerability Cisco AnyConnect Secure Mobility Client 64-bit Java VPN Downloader

400

T-629: Avaya WinPDM Multiple Buffer Overflow Vulnerabilities | Department  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

29: Avaya WinPDM Multiple Buffer Overflow Vulnerabilities 29: Avaya WinPDM Multiple Buffer Overflow Vulnerabilities T-629: Avaya WinPDM Multiple Buffer Overflow Vulnerabilities May 24, 2011 - 3:35pm Addthis PROBLEM: Avaya WinPDM Multiple Buffer Overflow Vulnerabilities. PLATFORM: Avaya versions prior to 3.8.5 (confirmed in 3.8.2) ABSTRACT: Vulnerabilities where malicious people are able to gain system access and execute arbitrary code with the privileges of a local user. refrence LINKS: Avaya Security Advisory: ASA-2011-143 Secunia Advisory: SA44062 Securelist ID: SA44062 Vulnerability Report: Avaya WinPDM 3.x IMPACT ASSESSMENT: High Discussion: Multiple vulnerabilities in Avaya WinPDM, which can be exploited by malicious people to compromise a vulnerable system. 1) A boundary error in the Unite Host Router service (UniteHostRouter.exe)

Note: This page contains sample records for the topic "authentication bypass vulnerability" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


401

TO APPEAR IN IEEE TRANSACTIONS ON POWER SYSTEMS 1 Vulnerability Assessment of Cybersecurity for  

E-Print Network (OSTI)

TO APPEAR IN IEEE TRANSACTIONS ON POWER SYSTEMS 1 Vulnerability Assessment of Cybersecurity Govindarasu, Member, IEEE Abstract--Vulnerability assessment is a requirement of NERC's cybersecurity within the substation networks. Countermeasures are identified for improvement of the cybersecurity

Manimaran, Govindarasu

402

T-551: Cisco Security Advisory: Multiple Cisco WebEx Player Vulnerabilities  

Energy.gov (U.S. Department of Energy (DOE))

Multiple buffer overflow vulnerabilities exist in the WRF and ARF players. The vulnerabilities may lead to a crash of the player application or, in some cases, remote code execution could occur.

403

Oil Bypass Filter Technology Evaluation Ninth Quarterly Report OctoberDecember 2004  

SciTech Connect

This Oil Bypass Filter Technology Evaluation quarterly report (OctoberDecember 2004) details the ongoing fleet evaluation of oil bypass filter technologies being conducted by the Idaho National Laboratory (INL; formerly Idaho National Engineering and Environmental Laboratory) for the U.S. Department of Energys FreedomCAR & Vehicle Technologies Program. Eight INL four-cycle diesel-engine buses used to transport INL employees on various routes and six INL Chevrolet Tahoes with gasoline engines are equipped with oil bypass filter systems from the puraDYN Corporation. This quarter, three additional buses were equipped with bypass filters from Refined Global Solutions. Oil bypass filters are reported to have an engine oil filtering capability of less than 1 micron. Both the puraDYN and Refined Global Solutions bypass filters have a heating chamber to remove liquid contaminate from the oil. During the quarter, the eleven diesel engine buses traveled 62,188 miles, and as of January 3, 2005 the buses had accumulated 643,036 total test miles. Two buses had their engine oil changed this quarter. In one bus, the oil was changed due to its degraded quality as determined by a low total base number (<3.0 mg KOH/g). The other bus had high oxidation and nitration numbers (>30.0 Abs/cm). Although a total of six buses have had their oil changed during the last 26 months, by using the oil bypass filters the buses in the evaluation avoided 48 oil changes, which equates to 1,680 quarts (420 gallons) of new oil not consumed and 1,680 quarts of waste oil not generated. Therefore, over 80% of the oil normally required for oil-changes was not used, and, consequently, the evaluation achieved over 80% reduction in the amount of waste oil normally generated. The six Tahoe test vehicles traveled 39,514 miles, and as of January 3, 2005 the Tahoes had accumulated 189,970 total test miles. The Tahoe filter test is in transition. To increase the rate of bypass filter oil flow on the Tahoes, puraDYN provided a larger orifice assembly, and these are being changed out as the Tahoes come in for regular service.

Larry Zirker; James Francfort; Jordan Fielding

2005-02-01T23:59:59.000Z

404

EFFECTS OF GRAPHITE SURFACE ROUGHNESS ON BYPASS FLOW COMPUTATIONS FOR AN HTGR  

SciTech Connect

Bypass flow in a prismatic high temperature gas reactor (HTGR) occurs between graphite blocks as they sit side by side in the core. Bypass flow is not intentionally designed to occur in the reactor, but is present because of tolerances in manufacture, imperfect installation and expansion and shrinkage of the blocks from heating and irradiation. It is desired to increase the knowledge of the effects of such flow, which has been estimated to be as much as 20% of the total helium coolant flow. Computational fluid dynamic (CFD) simulations can provide estimates of the scale and impacts of bypass flow. Previous CFD calculations have examined the effects of bypass gap width, level and distribution of heat generation and effects of shrinkage. The present contribution examines the effects of graphite surface roughness on the bypass flow for different relative roughness factors on three gap widths. Such calculations should be validated using specific bypass flow measurements. While such experiments are currently underway for the specific reference prismatic HTGR design for the next generation nuclear plant (NGNP) program of the U. S. Dept. of Energy, the data are not yet available. To enhance confidence in the present calculations, wall shear stress and heat transfer results for several turbulence models and their associated wall treatments are first compared for flow in a single tube that is representative of a coolant channel in the prismatic HTGR core. The results are compared to published correlations for wall shear stress and Nusselt number in turbulent pipe flow. Turbulence models that perform well are then used to make bypass flow calculations in a symmetric onetwelfth sector of a prismatic block that includes bypass flow. The comparison of shear stress and Nusselt number results with published correlations constitutes a partial validation of the CFD model. Calculations are also compared to ones made previously using a different CFD code. Results indicate that increasing surface roughness increases the maximum fuel and helium temperatures as do increases in gap width. However, maximum coolant temperature variation due to increased gap width is not changed by surface roughness.

Rich Johnson; Yu-Hsin Tung; Hiroyuki Sato

2011-07-01T23:59:59.000Z

405

Effects of 60 minutes of hyperoxia followed by normoxia before coronary artery bypass grafting on the inflammatory response profile and myocardial injury  

Science Journals Connector (OSTI)

Pre-treatment with hyperoxia followed by normoxia before coronary artery bypass grafting does not protect against myocardial injury.

Inga Karu; Peeter Thepld; Arno Ruusalepp; Kersti Zilmer; Mihkel Zilmer; Joel Starkopf

2012-09-14T23:59:59.000Z

406

Climate Change Vulnerability of Native and Alien Freshwater Fishes of California: A Systematic Assessment  

E-Print Network (OSTI)

Climate Change Vulnerability of Native and Alien Freshwater Fishes of California: A Systematic and climate change vulnerability scores were derived for 121 native and 43 alien fish species. The two scores baseline and greater climate change vulnerability than did alien species. Fifty percent of California

407

ISS-011, Vulnerability Assessment Standard 1/3 UCIT INFORMATION SECURITY STANDARDS  

E-Print Network (OSTI)

ISS-011, Vulnerability Assessment Standard 1/3 UCIT INFORMATION SECURITY STANDARDS Vulnerability Assessment Standard Rationale 1 To enable timely identification and mitigation of vulnerabilities and security flaws affecting computing devices within UofC's computing environment. Scope 2 2.1 This standard

Habib, Ayman

408

ShieldGen: Automatic Data Patch Generation for Unknown Vulnerabilities with Informed Probing  

E-Print Network (OSTI)

ShieldGen: Automatic Data Patch Generation for Unknown Vulnerabilities with Informed Probing generating a data patch or a vulnerability signature for an unknown vulnerability, given a zero-day attack. In this paper, we aim to automate this process and enable fast, patch-level pro- tection generation

Locasto, Michael E.

409

Climate Change and Infrastructure, Urban Systems, and Vulnerabilities  

SciTech Connect

This Technical Report on Climate Change and Infrastructure, Urban Systems, and Vulnerabilities has been prepared for the U.S. Department of Energy by the Oak Ridge National Laboratory in support of the U.S. National Climate Assessment (NCA). It is a summary of the currently existing knowledge base on its topic, nested within a broader framing of issues and questions that need further attention in the longer run. The report arrives at a number of assessment findings, each associated with an evaluation of the level of consensus on that issue within the expert community, the volume of evidence available to support that judgment, and the section of the report that provides an explanation for the finding. Cross-sectoral issues related to infrastructures and urban systems have not received a great deal of attention to date in research literatures in general and climate change assessments in particular. As a result, this technical report is breaking new ground as a component of climate change vulnerability and impact assessments in the U.S., which means that some of its assessment findings are rather speculative, more in the nature of propositions for further study than specific conclusions that are offered with a high level of confidence and research support. But it is a start in addressing questions that are of interest to many policymakers and stakeholders. A central theme of the report is that vulnerabilities and impacts are issues beyond physical infrastructures themselves. The concern is with the value of services provided by infrastructures, where the true consequences of impacts and disruptions involve not only the costs associated with the clean-up, repair, and/or replacement of affected infrastructures but also economic, social, and environmental effects as supply chains are disrupted, economic activities are suspended, and/or social well-being is threatened. Current knowledge indicates that vulnerability concerns tend to be focused on extreme weather events associated with climate change that can disrupt infrastructure services, often cascading across infrastructures because of extensive interdependencies threatening health and local economies, especially in areas where human populations and economic activities are concentrated in urban areas. Vulnerabilities are especially large where infrastructures are subject to multiple stresses, beyond climate change alone; when they are located in areas vulnerable to extreme weather events; and if climate change is severe rather than moderate. But the report also notes that there are promising approaches for risk management, based on emerging lessons from a number of innovative initiatives in U.S. cities and other countries, involving both structural and non-structural (e.g., operational) options.

Wilbanks, Thomas J [ORNL] [ORNL; Fernandez, Steven J [ORNL] [ORNL

2014-01-01T23:59:59.000Z

410

Protecting Vulnerable Research Subjects in Critical Care Trials: Enhancing the Informed Consent Process and Recommendations for Safeguards  

Science Journals Connector (OSTI)

Although critically ill patients represent a vulnerable group of individuals, guidelines in research ethics assert that ethically acceptable research may proceed with such vulnerable subjects if additional safeguards

Henry Silverman

2011-04-01T23:59:59.000Z

411

T-596: 0-Day Windows Network Interception Configuration Vulnerability |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

6: 0-Day Windows Network Interception Configuration 6: 0-Day Windows Network Interception Configuration Vulnerability T-596: 0-Day Windows Network Interception Configuration Vulnerability April 6, 2011 - 5:48am Addthis PROBLEM: 0-Day exploit of IPv4 and IPv6 mechanics and how it applies to Microsoft Windows Operating systems. PLATFORM: Microsoft Operating Systems (OS) Windows Vista, Windows 7, and Windows 2008 Server ABSTRACT: The links below describe a parasitic IPv6 layered over a native IPv4 network. This attack can be used to stage potential man-in-the-middle (MITM) attacks on IPv4 traffic. Please see the "Other Links" section below, as it provides an external URL reference. reference LINKS: InfoSec Institute - SLAAC Attack Cisco Threat Comparison and Best-Practice White Paper IMPACT ASSESSMENT: High

412

Seismic vulnerability assessment of a high voltage disconnect switch  

Science Journals Connector (OSTI)

Abstract This paper deals with the seismic vulnerability of high voltage equipment typically installed in electric substations. In particular, the seismic response of a 380kV vertical disconnect switch has been investigated based on the results of an experimental campaign carried out at Roma Tre University. According to a series of non-linear analyses, the influence of the most significant parameters on the seismic behavior of this apparatus has been analyzed and the corresponding fragility curves have been evaluated by using the Effective Fragility Analysis method. The results showed a limited vulnerability of the disconnect switch, whose most critical parts are the bottom joint of the ceramic support column and the steel column base.

Fabrizio Paolacci; Renato Giannini; Silvia Alessandri; Gianmarco De Felice

2014-01-01T23:59:59.000Z

413

JC3 High Impact Assessment Bulletins | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

1, 2012 1, 2012 U-159: Red Hat Enterprise MRG Messaging Qpid Bug Lets Certain Remote Users Bypass Authentication A vulnerability was reported in Red Hat Enterprise MRG Messaging. A remote user can access cluster messages and view the internal configuration. April 30, 2012 U-158: HP NonStop Server Java Multiple Vulnerabilities Multiple vulnerabilities have been reported in HP NonStop Server April 24, 2012 U-154: IBM Rational ClearQuest ActiveX Control Buffer Overflow Vulnerability A vulnerability was reported in IBM Rational ClearQuest. A remote user can cause arbitrary code to be executed on the target user's system. April 20, 2012 U-152: OpenSSL "asn1_d2i_read_bio()" DER Format Data Processing Vulnerability The vulnerability is caused due to a type casting error in the

414

Scatter secure code authentication for efficient reprogramming in wireless sensor networks  

Science Journals Connector (OSTI)

Currently proposed solutions to secure code dissemination in wireless sensor networks (WSNs) involve the use of expensive public-key digital signatures. In this work, we present Scatter, a secure code dissemination protocol that enables sensor nodes to authenticate the program image efficiently. To achieve this, we use a scheme that offers source authentication in the group setting like a public-key signature scheme, but with signature and verification times much closer to those of a MAC (message authentication code). In this way, Scatter avoids the use of elliptic curve cryptography and manages to surpass all previous attempts for secure code dissemination in terms of energy consumption, memory and time efficiency. Besides the design and theoretical analysis of the protocol, we also report the experimental evaluation of Scatter in two different hardware platforms, Mica2 and MicaZ, which proves its efficiency in practice.

Ioannis Krontiris; Tassos Dimitriou

2011-01-01T23:59:59.000Z

415

PAP: A privacy and authentication protocol for passive RFID tags Alex X. Liu *, LeRoy A. Bailey  

E-Print Network (OSTI)

people about consumer privacy protection and other security loopholes that make RFID tags an easy targetPAP: A privacy and authentication protocol for passive RFID tags Alex X. Liu *, LeRoy A. Bailey 2009 Accepted 20 March 2009 Available online 31 March 2009 Keywords: RFID Privacy Authentication

Liu, Alex X.

416

V-190: ASUS RT-N66U Router AiCloud Security Bypass Security Issue |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

0: ASUS RT-N66U Router AiCloud Security Bypass Security Issue 0: ASUS RT-N66U Router AiCloud Security Bypass Security Issue V-190: ASUS RT-N66U Router AiCloud Security Bypass Security Issue July 2, 2013 - 12:38am Addthis PROBLEM: ASUS RT-N66U Router AiCloud Security Bypass Security Issue PLATFORM: ASUS RT-N66U Router firmware versions 3.0.0.4.270 and 3.0.0.4.354. ABSTRACT: A security issue in ASUS RT-N66U Router has been reported REFERENCE LINKS: Secunia Advisory SA53931 neohapsis IMPACT ASSESSMENT: Medium DISCUSSION: The security issue is caused due to the device not properly restricting access when processing certain HTTPS requests and can be exploited to gain access to otherwise restricted functionality and e.g. disclose the contents of arbitrary files and directories. Successful exploitation requires the AiCloud web service to be enabled.

417

THE CRESCENT BYPASS: A RIPARIAN RESTORATION PROJECT ON THE KINGS RIVER (FRESNO COUNTY)1  

E-Print Network (OSTI)

THE CRESCENT BYPASS: A RIPARIAN RESTORATION PROJECT ON THE KINGS RIVER (FRESNO COUNTY)1 Jonathan A-24, 1988; Davis, California. 2 Staff Biologist and Environmental Division Chief, respectively, Kings River Conservation District, Fresno, Calif. Abstract: The Kings River Conservation District planted over 1200 plants

Standiford, Richard B.

418

T-626: Xen Multiple Buffer Overflow and Integer Overflow Vulnerabilities |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

6: Xen Multiple Buffer Overflow and Integer Overflow 6: Xen Multiple Buffer Overflow and Integer Overflow Vulnerabilities T-626: Xen Multiple Buffer Overflow and Integer Overflow Vulnerabilities May 19, 2011 - 3:05pm Addthis PROBLEM: Xen Multiple Buffer Overflow and Integer Overflow Vulnerabilities PLATFORM: XenSource Xen 3.3.1, XenSource Xen 3.3, XenSource Xen 3.2, XenSource Xen 3.1.2, XenSource Xen 3.1.1, XenSource Xen 3.0.3, XenSource Xen 4.0, XenSource Xen 3.0, RedHat Enterprise Linux Virtualization 5 server, RedHat Enterprise Linux Desktop Multi OS 5 client ,RedHat Enterprise Linux 5 server, Red Hat Fedora 15 ,and Red Hat Enterprise Linux Desktop 5 client ABSTRACT: It was found that the xc_try_bzip2_decode() and xc_try_lzma_decode() decode routines did not correctly check for a possible buffer size overflow in the

419

AFTER A Framework for electrical power sysTems vulnerability  

Open Energy Info (EERE)

AFTER A Framework for electrical power sysTems vulnerability AFTER A Framework for electrical power sysTems vulnerability identification, dEfense and Restoration (Smart Grid Project) (Norway) Jump to: navigation, search Project Name AFTER A Framework for electrical power sysTems vulnerability identification, dEfense and Restoration Country Norway Coordinates 60.472023°, 8.468946° Loading map... {"minzoom":false,"mappingservice":"googlemaps3","type":"ROADMAP","zoom":14,"types":["ROADMAP","SATELLITE","HYBRID","TERRAIN"],"geoservice":"google","maxzoom":false,"width":"600px","height":"350px","centre":false,"title":"","label":"","icon":"","visitedicon":"","lines":[],"polygons":[],"circles":[],"rectangles":[],"copycoords":false,"static":false,"wmsoverlay":"","layers":[],"controls":["pan","zoom","type","scale","streetview"],"zoomstyle":"DEFAULT","typestyle":"DEFAULT","autoinfowindows":false,"kml":[],"gkml":[],"fusiontables":[],"resizable":false,"tilt":0,"kmlrezoom":false,"poi":true,"imageoverlays":[],"markercluster":false,"searchmarkers":"","locations":[{"text":"","title":"","link":null,"lat":60.472023,"lon":8.468946,"alt":0,"address":"","icon":"","group":"","inlineLabel":"","visitedicon":""}]}

420

The vulnerability of renewable energy to climate change in Brazil  

Science Journals Connector (OSTI)

Energy supply in Brazil relies heavily on renewable energy source. The production of energy from renewable sources, however, greatly depends on climatic conditions, which may be impacted in the future due to global climate change (GCC). This paper analyzes the vulnerabilities of renewable energy production in Brazil for the cases of hydropower generation and liquid biofuels production, given a set of long-term climate projections for the A2 and B2 IPCC emission scenarios. The most important result found in this study is the increasing energy vulnerability of the poorest regions of Brazil to GCC. Both biofuels production (particularly biodiesel) and electricity generation (particularly hydropower) may negatively suffer from changes in the climate of those regions. Other renewable energy sourcessuch as wind power generationmay also be vulnerable, raising the need for further research. However, the results found are fundamentally dependent on the climate projections which, in turn, are still highly uncertain with respect to the future evolution of greenhouse gas emissions, greenhouse gas concentrations in the atmosphere and GCC. Therefore, in such long-term scenario analyses, the trends and directions derived are the ones to be emphasized rather than the precise results one arrives.

Andr Frossard Pereira de Lucena; Alexandre Salem Szklo; Roberto Schaeffer; Raquel Rodrigues de Souza; Bruno Soares Moreira Cesar Borba; Isabella Vaz Leal da Costa; Amaro Olimpio Pereira Jnior; Sergio Henrique Ferreira da Cunha

2009-01-01T23:59:59.000Z

Note: This page contains sample records for the topic "authentication bypass vulnerability" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


421

Report to Congress on Insular Area energy vulnerability  

SciTech Connect

This report was prepared in response to Section 1406 of the Energy Policy Act of 1992 (Public Law 102-486), which directed the Department of Energy (DOE) to ``conduct a study of the implications of the unique vulnerabilities of the insular areas to an oil supply disruption,`` and to ``outline how the insular areas shall gain access to vital oil supplies during times of national emergency.`` The Act defines the insular areas to be the US Virgin Islands and Puerto Rico in the Caribbean, and Guam, American Samoa, the Commonwealth of the Northern Mariana Islands (CNMI), and Palau in the Pacific. In the study, ``unique vulnerabilities`` were defined as susceptibility to: (1) more frequent or more likely interruptions of oil supplies compared to the US Mainland, and/or (2) disproportionately larger or more likely economic losses in the event of an oil supply disruption. In order to assess unique vulnerabilities, the study examined the insular areas` experience during past global disruptions of oil supplies and during local emergencies caused by natural disasters. The effects of several possible future global disruptions and local emergencies were also analyzed. Analyses were based on historical data, simulations using energy and economic models, and interviews with officials in the insular governments and the energy industry.

Not Available

1994-05-01T23:59:59.000Z

422

Climate Change Vulnerability Assessment for Idaho National Laboratory  

SciTech Connect

The University of Idaho (UI) was asked to participate in the development of a climate change vulnerability assessment for Idaho National Laboratory (INL). This report describes the outcome of that assessment. The climate change happening now, due in large part to human activities, is expected to continue in the future. UI and INL used a common framework for assessing vulnerability that considers exposure (future climate change), sensitivity (system or component responses to climate), impact (exposure combined with sensitivity), and adaptive capacity (capability of INL to modify operations to minimize climate change impacts) to assess vulnerability. Analyses of climate change (exposure) revealed that warming that is ongoing at INL will continue in the coming decades, with increased warming in later decades and under scenarios of greater greenhouse gas emissions. Projections of precipitation are more uncertain, with multi model means exhibiting somewhat wetter conditions and more wet days per year. Additional impacts relevant to INL include estimates of more burned area and increased evaporation and transpiration, leading to reduced soil moisture and plant growth.

Christopher P. Ischay; Ernest L. Fossum; Polly C. Buotte; Jeffrey A. Hicke; Alexander Peterson

2014-10-01T23:59:59.000Z

423

Putting vulnerability to climate change on the map: a review of approaches, benefits, and risks  

SciTech Connect

There is growing demand among stakeholders across public and private institutions for spatially-explicit information regarding vulnerability to climate change at the local scale. However, the challenges associated with mapping the geography of climate change vulnerability are non-trivial, both conceptually and technically, suggesting the need for more critical evaluation of this practice. Here, we review climate change vulnerability mapping in the context of four key questions that are fundamental to assessment design. First, what are the goals of the assessment? A review of published assessments yields a range of objective statements that emphasize problem orientation or decision-making about adaptation actions. Second, how is the assessment of vulnerability framed? Assessments vary with respect to what values are assessed (vulnerability of what) and the underlying determinants of vulnerability that are considered (vulnerability to what). The selected frame ultimately influences perceptions of the primary driving forces of vulnerability as well as preferences regarding management alternatives. Third, what are the technical methods by which an assessment is conducted? The integration of vulnerability determinants into a common map remains an emergent and subjective practice associated with a number of methodological challenges. Fourth, who participates in the assessment and how will it be used to facilitate change? Assessments are often conducted under the auspices of benefiting stakeholders, yet many lack direct engagement with stakeholders. Each of these questions is reviewed in turn by drawing on an illustrative set of 45 vulnerability mapping studies appearing in the literature. A number of pathways for placing vulnerability

Preston, Benjamin L [ORNL

2011-01-01T23:59:59.000Z

424

T-543: Wireshark 0.8.20 through 1.2.8 Multiple Vulnerabilities | Department  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

3: Wireshark 0.8.20 through 1.2.8 Multiple Vulnerabilities 3: Wireshark 0.8.20 through 1.2.8 Multiple Vulnerabilities T-543: Wireshark 0.8.20 through 1.2.8 Multiple Vulnerabilities January 26, 2011 - 7:35am Addthis PROBLEM: Wireshark is prone to multiple denial-of-service and buffer-overflow vulnerabilities. PLATFORM: Wireshark 0.8.20 through 1.2.8. ABSTRACT: Wireshark is prone to multiple denial-of-service and buffer-overflow vulnerabilities. Exploiting these issues may allow attackers to crash the application and deny service to legitimate users. Attackers may also execute arbitrary code in the context of vulnerable users running the application. reference LINKS: Securityfocus IMPACT ASSESSMENT: Medium Discussion: Wireshark is prone to multiple denial-of-service and buffer-overflow vulnerabilities.Exploiting these issues may allow attackers to crash the

425

U-218: Cisco Linksys WMB54G TFTP Command Injection Vulnerability |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

18: Cisco Linksys WMB54G TFTP Command Injection Vulnerability 18: Cisco Linksys WMB54G TFTP Command Injection Vulnerability U-218: Cisco Linksys WMB54G TFTP Command Injection Vulnerability July 23, 2012 - 6:49am Addthis PROBLEM: Cisco Linksys WMB54G TFTP Command Injection Vulnerability PLATFORM: Cisco Linksys WMB54G 1.x ABSTRACT: System access from local network reference LINKS: Bugtraq ID: 54615 Original Advisory Secunia Advisory SA49868 Cisco Advisory ID: cisco-sa-20111019-cs IMPACT ASSESSMENT: Medium Discussion: A vulnerability in Cisco Linksys WMB54G was reported, which can be exploited by malicious people to compromise a vulnerable device. The vulnerability is caused due to missing input validation in the TFTP service when running the firmware update functionality and can be exploited to inject and execute arbitrary shell commands. Additionally, it may be

426

U-099: MySQL Unspecified Code Execution Vulnerability | Department of  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

099: MySQL Unspecified Code Execution Vulnerability 099: MySQL Unspecified Code Execution Vulnerability U-099: MySQL Unspecified Code Execution Vulnerability February 9, 2012 - 7:00am Addthis PROBLEM: A vulnerability has been reported in MySQL, which can be exploited by malicious people to compromise a vulnerable system. PLATFORM: MySQL 5.x ABSTRACT: Successful exploitation allows execution of arbitrary code. Reference LINKS: Secunia Advisory SA47894 No CVE references currently available. IMPACT ASSESSMENT: Medium Discussion: The vulnerability is reported in version 5.5.20. Other versions may also be affected. The exploit has been tested with mysql-5.5.20-debian6.0-i686.deb on Debian 6.0. Impact: System access from local network Solution: An effective workaround cannot currently be provided due to limited vulnerability details.

427

V-114: RealPlayer MP4 Processing Buffer Overflow Vulnerability | Department  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

14: RealPlayer MP4 Processing Buffer Overflow Vulnerability 14: RealPlayer MP4 Processing Buffer Overflow Vulnerability V-114: RealPlayer MP4 Processing Buffer Overflow Vulnerability March 19, 2013 - 12:01am Addthis PROBLEM: RealPlayer MP4 Processing Buffer Overflow Vulnerability PLATFORM: Versions prior to 16.0.1.18. ABSTRACT: A vulnerability has been reported in RealPlayer REFERENCE LINKS: RealNetworks, Inc Secunia Advisory SA52692 CVE-2013-1750 IMPACT ASSESSMENT: High DISCUSSION: The vulnerability is caused due to an error when processing MP4 files and can be exploited to cause a heap-based buffer overflow via a specially crafted MP4 file. IMPACT: Successful exploitation may allow execution of arbitrary code. SOLUTION: Update to version 16.0.1.18. Addthis Related Articles U-042: Mac RealPlayer Multiple Vulnerabilities V-228: RealPlayer Buffer Overflow and Memory Corruption Error Let Remote

428

T-716: Google SketchUp v8.x - '.DAE' File Memory Corruption Vulnerability |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

6: Google SketchUp v8.x - '.DAE' File Memory Corruption 6: Google SketchUp v8.x - '.DAE' File Memory Corruption Vulnerability T-716: Google SketchUp v8.x - '.DAE' File Memory Corruption Vulnerability September 14, 2011 - 9:28am Addthis PROBLEM: Attackers may exploit this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions. PLATFORM: Google SketchUp 8 is vulnerable; other versions may also be affected. ABSTRACT: Google SketchUp v8.x - '.DAE' File Memory Corruption Vulnerability reference LINKS: Vulnerability-Lab SketchUp Downloads IMPACT ASSESSMENT: Medium Discussion: A Memory Corruption vulnerability is detected on the Google s SketchUp v8.x. The vulnerability is caused by an memory corruption when processing corrupt DAE files through the filter, which could be exploited by attackers

429

V-070: Apache CouchDB Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

0: Apache CouchDB Multiple Vulnerabilities 0: Apache CouchDB Multiple Vulnerabilities V-070: Apache CouchDB Multiple Vulnerabilities January 16, 2013 - 1:00am Addthis PROBLEM: Apache CouchDB Multiple Vulnerabilities PLATFORM: The vulnerabilities are reported in versions prior to 1.0.4, 1.1.2, and 1.2.1. ABSTRACT: Multiple vulnerabilities have been reported in Apache CouchDB REFERENCE LINKS: Secunia Advisory SA51765 Seclists.org/fulldisclosure/2013/Jan/80 Seclists.org/fulldisclosure/2013/Jan/81 Seclists.org/fulldisclosure/2013/Jan/82 CVE-2012-5641 CVE-2012-5649 CVE-2012-5650 IMPACT ASSESSMENT: Medium DISCUSSION: Multiple vulnerabilities have been reported in Apache CouchDB, which can be exploited by malicious people to conduct cross-site scripting attacks and disclose potentially sensitive information. 1) Input passed via the query parameters to browser-based test suite is not

430

JC3 Bulletin Archive | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

4, 2011 4, 2011 T-576: Oracle Solaris Adobe Flash Player Multiple Vulnerabilities Oracle Solaris Adobe Flash Player Multiple Vulnerabilities. March 11, 2011 T-575: OpenLDAP back-ndb Lets Remote Users Authenticate Without a Valid Password OpenLDAP back-ndb Lets Remote Users Authenticate Without a Valid Password March 10, 2011 T-574: Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code Multiple vulnerabilities have been reported in Google Chrome, where some have an unknown impact while others can be exploited by malicious people bypass certain security restrictions, disclose system information, and compromise a user's system. March 9, 2011 T-573: Windows Remote Desktop Client DLL Loading Error Lets Remote Users Execute Arbitrary Code A vulnerability was reported in Windows Remote Desktop Client. A remote

431

Multielemental Fingerprinting as a Tool for Authentication of Organic Wheat, Barley, Faba Bean, and Potato  

Science Journals Connector (OSTI)

Multielemental Fingerprinting as a Tool for Authentication of Organic Wheat, Barley, Faba Bean, and Potato ... Potato peels were also manually removed by a ceramic peeler on selected subsamples to allow comparison with automatically peeled potatoes. ... Analysis of automatically and manually peeled potatoes as well as potato peels confirmed that the automatic peeling process did not induce any systematic and significant contamination. ...

Kristian H. Laursen; Jan K. Schjoerring; Jrgen E. Olesen; Margrethe Askegaard; Ulrich Halekoh; Sren Husted

2011-03-21T23:59:59.000Z

432

Reliable and Semi-reliable Communication with Authentication in Mobile Ad Hoc Networks  

E-Print Network (OSTI)

Reliable and Semi-reliable Communication with Authentication in Mobile Ad Hoc Networks Falko of wireless ad hoc sensor networks is the error-proneness and, therefore, the unreliability of communication describe a new approach and an according protocol for usage in ad hoc networks that provides reliable

Breu, Ruth

433

Project List 1. Project Name: Efficient Anonymous Private Authentication Protocol for RFID Systems  

E-Print Network (OSTI)

based authentication. Publication: · Md. Endadul Hoque, Farzana Rahman, and Sheikh I. Ahamed, "Anon's geocoding and mapping API. Publication: ···· Farzana Rahman, Casey O'Brien, Sheikh I. Ahamed, He Zhang'Brien, Kristine Manning, Jason Cowdy, Sheikh Iqbal Ahamed, "Let EcoDrive be Your Guide: Development of a Mobile

Brylow, Dennis

434

Heart-to-Heart (H2H): Authentication for Implanted Medical Devices  

E-Print Network (OSTI)

Heart-to-Heart (H2H): Authentication for Implanted Medical Devices Masoud Rostami Rice University Rice University Houston, TX farinaz@rice.edu ABSTRACT We present Heart-to-Heart (H2H), a system patients to over-the-air attack and physical harm. H2H makes use of ECG (heartbeat data

435

Biometric authentication system using reduced joint feature vector of iris and face  

Science Journals Connector (OSTI)

In this paper, we present the biometric authentication system based on the fusion of two user-friendly biometric modalities: Iris and Face. Using one biometric feature can lead to good results, but there is no reliable way to verify the classification. ...

Byungjun Son; Yillbyung Lee

2005-07-01T23:59:59.000Z

436

Distillation Codes and Applications to DoS Resistant Multicast Authentication  

E-Print Network (OSTI)

Distillation Codes and Applications to DoS Resistant Multicast Authentication Chris Karlof UC We introduce distillation codes, a method for streaming and storing data. Like erasure codes, distillation codes allow information to be decoded from a sufficiently large quorum of symbols. In contrast

Perrig, Adrian

437

Providing Hop-by-Hop Authentication and Source Privacy in Wireless Sensor Networks  

E-Print Network (OSTI)

Sciences Temple University Philadelphia, PA 19122 Email: jiewu@temple.edu Abstract--Message authentication by the degree of the polynomial: when the number of messages transmitted is larger than this threshold allows any node to transmit an unlimited number of messages without suffering the threshold problem

Wu, Jie

438

Hardware Acceleration of the SRP Authentication Protocol Peter Groen1,2  

E-Print Network (OSTI)

Hardware Acceleration of the SRP Authentication Protocol Peter Groen1,2 , Panu H¨am¨al¨ainen2 , Ben employed is the Secure Remote Password (SRP) authenti- cation protocol [15]. It makes extensive use of hash that can be called from soft- ware routines in the SRP protocol. This paper is structured as follows

Kuzmanov, Georgi

439

Integration of IEEE 802.21 services and pre-authentication framework  

Science Journals Connector (OSTI)

Providing multi-interface device users the ability to roam between different access networks is becoming a key requirement for service providers. The availability of multiple mobile broadband access technologies together with increasing use of real ... Keywords: IEEE 80221, MIH, MPA, authentication, handover performance, heterogeneous networks, media-independent handover, media-independent pre-, multi-interface devices, seamless mobility, testbed

Miriam Tauil; Ashutosh Dutta; Yuu-Heng Cheng; Subir Das; Donald Baker; Maya Yajnik; David Famolari; Yoshihiro Ohba; Kenichi Taniuchi; Victor Fajardo; Henning Schulzrinne

2010-07-01T23:59:59.000Z

440

ECG-Based Authentication Fahim Sufi, Ibrahim Khalil, and Jiankun Hu  

E-Print Network (OSTI)

ECG-Based Authentication Fahim Sufi, Ibrahim Khalil, and Jiankun Hu 17 Contents 17.1 Background of ECG . . . . . . . . . . . . . . . . . . . . . . 310 17.1.1 Physiology of ECG . . . . . . . . . . . . . . . . . . 310 17.1.2 Rhythm Analysis . . . . . . . . . . . . . . . . . . . . 312 17.2 What Can ECG Based

Hu, Jiankun

Note: This page contains sample records for the topic "authentication bypass vulnerability" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


441

CFD Analysis of Core Bypass Flow and Crossflow in the Prismatic Very High Temperature Gas-cooled Nuclear Reactor  

E-Print Network (OSTI)

Very High Temperature Rector (VHTR) had been designated as one of those promising reactors for the Next Generation (IV) Nuclear Plant (NGNP). For a prismatic core VHTR, one of the most crucial design considerations is the bypass flow and crossflow...

Wang, Huhu 1985-

2012-12-13T23:59:59.000Z

442

Left ventricular thrombosis following coronary artery bypass grafting in a patient with nephrotic syndrome: Report of a case  

Science Journals Connector (OSTI)

We present herein the case of a 63-year-old man with nephrotic syndrome who developed an apical infarction 4 days after undergoing coronary artery bypass grafting. Echocardiography done 2 weeks postoperatively...

Yukio Kioka; Hiroyuki Iri; Masahiro Okada; Nobuyuki Yamada

1995-01-01T23:59:59.000Z

443

V-086: IntegraXor ActiveX Control Buffer Overflow Vulnerability |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

6: IntegraXor ActiveX Control Buffer Overflow Vulnerability 6: IntegraXor ActiveX Control Buffer Overflow Vulnerability V-086: IntegraXor ActiveX Control Buffer Overflow Vulnerability February 7, 2013 - 6:00am Addthis PROBLEM: A vulnerability has been reported in IntegraXor PLATFORM: Integraxor Versions prior to 4.x ABSTRACT: The vulnerability is caused due to an error in the PE3DO32A.ocx ActiveX control and can be exploited to cause a buffer overflow. REFERENCE LINKS: Secunia Advisory SA52073 CVE-2012-4700 US-CERT Advisory IMPACT ASSESSMENT: High DISCUSSION: Successfully exploiting this vulnerability could lead to a DoS for the application or could allow an attacker to execute arbitrary code. IMPACT: Successful exploitation may allow execution of arbitrary code. SOLUTION: Update to version 4.00 build 4280.0 Addthis Related Articles

444

U-214: HP Network Node Manager Java JDK / JRE Multiple Vulnerabilities |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

U-214: HP Network Node Manager Java JDK / JRE Multiple U-214: HP Network Node Manager Java JDK / JRE Multiple Vulnerabilities U-214: HP Network Node Manager Java JDK / JRE Multiple Vulnerabilities July 17, 2012 - 7:00am Addthis PROBLEM: HP Network Node Manager Java JDK / JRE Multiple Vulnerabilities PLATFORM: The vulnerabilities are reported in version 9.0x running on HP-UX, Linux, Solaris, and Windows. ABSTRACT: Vulnerabilities could be remotely exploited resulting in unauthorized information disclosure, modification, Denial of Service (DoS). reference LINKS: HP Support document ID: c03405642 Secunia Advisory SA49966 IMPACT ASSESSMENT: High Discussion: HP has acknowledged some vulnerabilities in HP Network Node Manager, which can be exploited by malicious, local users to disclose potentially sensitive information and by malicious people to disclose potentially

445

U-086:Linux Kernel "/proc//mem" Privilege Escalation Vulnerability |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

U-086:Linux Kernel "/proc//mem" Privilege Escalation Vulnerability U-086:Linux Kernel "/proc//mem" Privilege Escalation Vulnerability U-086:Linux Kernel "/proc//mem" Privilege Escalation Vulnerability January 23, 2012 - 9:00am Addthis PROBLEM: Linux Kernel "/proc//mem" Privilege Escalation Vulnerability. PLATFORM: Linux Kernel 2.6.x ABSTRACT: A vulnerability has been discovered in the Linux Kernel, which can be exploited by malicious, local users to gain escalated privileges reference LINKS: Linux Kernel Update CVE-2012-0056 Red Hat Bugzilla Bug 782642 IMPACT ASSESSMENT: Medium Discussion: The vulnerability is caused due to the kernel not properly restricting access to "/proc//mem" file, which can be exploited to gain escalated privileges by e.g. writing into the memory of a privileged process.

446

V-185: Apache OpenOffice SDK Oracle Java JavaDoc Spoofing Vulnerability |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

5: Apache OpenOffice SDK Oracle Java JavaDoc Spoofing 5: Apache OpenOffice SDK Oracle Java JavaDoc Spoofing Vulnerability V-185: Apache OpenOffice SDK Oracle Java JavaDoc Spoofing Vulnerability June 25, 2013 - 12:41am Addthis PROBLEM: Apache OpenOffice SDK Oracle Java JavaDoc Spoofing Vulnerability PLATFORM: Apache OpenOffice SDK 3.x ABSTRACT: Apache has acknowledged a vulnerability in Apache OpenOffice SDK REFERENCE LINKS: Apache OpenOffice Secunia Advisory SA53963 Secunia Advisory SA53846 CVE-2013-1571 IMPACT ASSESSMENT: Medium DISCUSSION: The vulnerability is caused due to a UDK 3.2.7 Java API Reference JavaDoc file having been generated using a vulnerable version of Oracle Java. IMPACT: Apache can be exploited by malicious people to conduct spoofing attacks. SOLUTION: The vendor has issued a fix. Addthis Related Articles

447

U-224: ISC DHCP Multiple Denial of Service Vulnerabilities | Department of  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

4: ISC DHCP Multiple Denial of Service Vulnerabilities 4: ISC DHCP Multiple Denial of Service Vulnerabilities U-224: ISC DHCP Multiple Denial of Service Vulnerabilities July 31, 2012 - 7:00am Addthis PROBLEM: ISC DHCP Multiple Denial of Service Vulnerabilities PLATFORM: ISC DHCP before versions DHCP 4.1-ESV-R6 or DHCP 4.2.4-P1 ABSTRACT: ISC DHCP is prone to multiple denial-of-service vulnerabilities. reference LINKS: BIND and DHCP Security Updates Released Bugtraq ID: 54665 Secunia Advisory SA50018 CVE-2012-3571 CVE-2012-3570 CVE-2012-3954 IMPACT ASSESSMENT: Medium Discussion: Multiple vulnerabilities have been reported in ISC DHCP, which can be exploited by malicious people to cause a DoS (Denial of Service). 1) An error when handling client identifiers can be exploited to trigger an endless loop and prevent the server from processing further client requests

448

U-214: HP Network Node Manager Java JDK / JRE Multiple Vulnerabilities |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

4: HP Network Node Manager Java JDK / JRE Multiple 4: HP Network Node Manager Java JDK / JRE Multiple Vulnerabilities U-214: HP Network Node Manager Java JDK / JRE Multiple Vulnerabilities July 17, 2012 - 7:00am Addthis PROBLEM: HP Network Node Manager Java JDK / JRE Multiple Vulnerabilities PLATFORM: The vulnerabilities are reported in version 9.0x running on HP-UX, Linux, Solaris, and Windows. ABSTRACT: Vulnerabilities could be remotely exploited resulting in unauthorized information disclosure, modification, Denial of Service (DoS). reference LINKS: HP Support document ID: c03405642 Secunia Advisory SA49966 IMPACT ASSESSMENT: High Discussion: HP has acknowledged some vulnerabilities in HP Network Node Manager, which can be exploited by malicious, local users to disclose potentially sensitive information and by malicious people to disclose potentially

449

V-211: IBM iNotes Multiple Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

211: IBM iNotes Multiple Vulnerabilities 211: IBM iNotes Multiple Vulnerabilities V-211: IBM iNotes Multiple Vulnerabilities August 5, 2013 - 6:00am Addthis PROBLEM: Multiple vulnerabilities have been reported in IBM Lotus iNotes PLATFORM: IBM iNotes 9.x ABSTRACT: IBM iNotes has two cross-site scripting vulnerabilities and an ActiveX Integer overflow vulnerability REFERENCE LINKS: Secunia Advisory SA54436 IBM Security Bulletin 1645503 CVE-2013-3027 CVE-2013-3032 CVE-2013-3990 IMPACT ASSESSMENT: High DISCUSSION: 1) Certain input related to MIME mail is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 2) An integer overflow error within the DWA9W ActiveX control can be exploited to execute arbitrary code.

450

U-020: McAfee Web Gateway Web Access Cross Site Scripting Vulnerability |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

0: McAfee Web Gateway Web Access Cross Site Scripting 0: McAfee Web Gateway Web Access Cross Site Scripting Vulnerability U-020: McAfee Web Gateway Web Access Cross Site Scripting Vulnerability October 26, 2011 - 9:00am Addthis PROBLEM: McAfee Web Gateway Web Access Cross Site Scripting Vulnerability. PLATFORM: The vulnerability is reported in versions prior to 7.1.5.2. ABSTRACT: Cross-Site Scripting vulnerabilities allow a third party to manipulate the content or behavior of a web application in a user's browser, without compromising the underlying system. Attackers can exploit this issue by enticing an unsuspecting user to follow a malicious URI. reference LINKS: McAfee Web Gateway Release Notes Bugtraq ID: 50341 Secunia Advisory: SA46570 IMPACT ASSESSMENT: Medium Discussion: A vulnerability has been reported in McAfee Web Gateway, which can be

451

V-213: PuTTY SSH Handshake Integer Overflow Vulnerabilities | Department of  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

3: PuTTY SSH Handshake Integer Overflow Vulnerabilities 3: PuTTY SSH Handshake Integer Overflow Vulnerabilities V-213: PuTTY SSH Handshake Integer Overflow Vulnerabilities August 7, 2013 - 6:00am Addthis PROBLEM: SEARCH-LAB has reported some vulnerabilities in PuTTY PLATFORM: PuTTY 0.x ABSTRACT: The vulnerabilities can be exploited by malicious people to potentially compromise a user's system. REFERENCE LINKS: Secunia Advisory SA54354 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3520 CVE-2013-4206 CVE-2013-4207 CVE-2013-4208 CVE-2013-4852 IMPACT ASSESSMENT: Medium DISCUSSION: The vulnerabilities are caused due to some integer overflow errors when handling the SSH handshake and can be exploited to cause heap-based buffer overflows via a negative handshake message length. IMPACT: Successful exploitation of may allow execution of arbitrary code

452

U-272: IBM WebSphere Commerce User Information Disclosure Vulnerability |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

2: IBM WebSphere Commerce User Information Disclosure 2: IBM WebSphere Commerce User Information Disclosure Vulnerability U-272: IBM WebSphere Commerce User Information Disclosure Vulnerability October 2, 2012 - 6:00am Addthis PROBLEM: IBM WebSphere Commerce User Information Disclosure Vulnerability PLATFORM: WebSphere Commerce Versions 6.0.0.0 to 6.0.0.11 WebSphere Commerce Versions 7.0.0.0 to 7.0.0.6 ABSTRACT: A vulnerability in WebSphere Commerce could allow disclosure of user personal data. reference LINKS: IBM Security Bulletin 1612484 X-Force Vulnerability Database (78867) Secunia Advisory SA50821 CVE-2012-4830 IMPACT ASSESSMENT: Medium Discussion: A remote unauthenticated attacker could exploit a security vulnerability in WebSphere Commerce to expose user personal data. The attack can be performed manually and the effort required is comparatively low.

453

U-065: Microsoft Windows win32k.sys Memory Corruption Vulnerability |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

5: Microsoft Windows win32k.sys Memory Corruption Vulnerability 5: Microsoft Windows win32k.sys Memory Corruption Vulnerability U-065: Microsoft Windows win32k.sys Memory Corruption Vulnerability December 20, 2011 - 9:45am Addthis PROBLEM: Microsoft Windows win32k.sys Memory Corruption Vulnerability. PLATFORM: Operating System Microsoft Windows 7 ABSTRACT: Successful exploitation may allow execution of arbitrary code with kernel-mode privileges. reference LINKS: Secunia Advisory SA47237 MS11-087:Article ID: 2639417 IMPACT ASSESSMENT: High Discussion: A vulnerability has been discovered in Microsoft Windows, which can be exploited by malicious people to potentially compromise a user's system. The vulnerability is caused due to an error in win32k.sys and can be exploited to corrupt memory via e.g. a specially crafted web page

454

V-082: Novell GroupWise Client Two Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

2: Novell GroupWise Client Two Vulnerabilities 2: Novell GroupWise Client Two Vulnerabilities V-082: Novell GroupWise Client Two Vulnerabilities February 1, 2013 - 6:00am Addthis PROBLEM: Two vulnerabilities have been reported in Novell GroupWise Client PLATFORM: Novell GroupWise 2012 Novell GroupWise Client 2012 Novell GroupWise Client 8.x Novell GroupWise Server 8.x ABSTRACT: Two vulnerabilities have been reported in Novell GroupWise Client which can be exploited by malicious people to compromise a user's system. REFERENCE LINKS: Secunia Advisory SA52031 CVE-2012-0439 CVE-2013-0804 Novell KB 7011687 Novell KB 7011688 IMPACT ASSESSMENT: High DISCUSSION: The GroupWise Client for Windows is vulnerable to an ActiveX Control exploit where by enticing a target user to open a malicious file or visit a malicious page, a remote attacker could execute arbitrary code on

455

U-276: VMware vCenter Operations Cross-Site Scripting Vulnerability |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

76: VMware vCenter Operations Cross-Site Scripting Vulnerability 76: VMware vCenter Operations Cross-Site Scripting Vulnerability U-276: VMware vCenter Operations Cross-Site Scripting Vulnerability October 8, 2012 - 7:00am Addthis PROBLEM: VMware vCenter Operations Cross-Site Scripting Vulnerability PLATFORM: VMware vCenter Operations 1.x ABSTRACT: A vulnerability has been reported in VMware vCenter Operations, which can be exploited by malicious people to conduct cross-site scripting attacks. reference LINKS: Original Advisory Secunia Advisory SA50795 CVE-2012-5050 IMPACT ASSESSMENT: Medium Discussion: Certain unspecified input is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Impact: A vulnerability in VMware vCenter Operations, which can be exploited to

456

T-655: Mozilla Firefox CVE-2011-2369 HTML Injection Vulnerability |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

5: Mozilla Firefox CVE-2011-2369 HTML Injection Vulnerability 5: Mozilla Firefox CVE-2011-2369 HTML Injection Vulnerability T-655: Mozilla Firefox CVE-2011-2369 HTML Injection Vulnerability June 27, 2011 - 4:31pm Addthis PROBLEM: Mozilla Firefox CVE-2011-2369 HTML Injection Vulnerability PLATFORM: Mozilla Firefox ABSTRACT: Mozilla Firefox is prone to an HTML-injection vulnerability because it fails to properly sanitize user-supplied input before using it in dynamically generated content. reference LINKS: Securityfocus Mozilla Firefox Homepage MFSA 2011-27: XSS encoding hazard with inline SVG IMPACT ASSESSMENT: High Discussion: Mozilla Firefox is prone to an HTML-injection vulnerability because it fails to properly sanitize user-supplied input before using it in dynamically generated content. Successful exploits will allow attacker-supplied HTML and script code to

457

U-228: BlackBerry Tablet OS Flash Player Multiple Vulnerabilities |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

8: BlackBerry Tablet OS Flash Player Multiple Vulnerabilities 8: BlackBerry Tablet OS Flash Player Multiple Vulnerabilities U-228: BlackBerry Tablet OS Flash Player Multiple Vulnerabilities August 6, 2012 - 7:00am Addthis PROBLEM: BlackBerry Tablet OS Flash Player Multiple Vulnerabilities PLATFORM: Adobe Flash Player versions included with BlackBerry PlayBook tablet software versions 2.0.1.358 and earlier. ABSTRACT: Vulnerabilities in Adobe Flash Player version included with the BlackBerry PlayBook tablet software reference LINKS: BlackBerry Article ID: KB31675 Secunia Advisory SA50164 CVE-2012-0752 CVE-2012-0753 CVE-2012-0754 CVE-2012-0755 CVE-2012-0756 CVE-2012-0767 CVE-2012-0768 CVE-2012-0769 CVE-2012-0773 CVE-2012-0779 IMPACT ASSESSMENT: High Discussion: Multiple vulnerabilities have been reported in BlackBerry Tablet OS, which

458

Oil Bypass Filter Technology Evaluation Eleventh Quarterly Report April- June 2005  

NLE Websites -- All DOE Office Websites (Extended Search)

651 651 U.S. Department of Energy FreedomCAR & Vehicle Technologies Program Oil Bypass Filter Technology Evaluation Eleventh Quarterly Report April-June 2005 TECHNICAL REPORT Larry Zirker James Francfort Jordan Fielding September 2005 Idaho National Laboratory Operated by Battelle Energy Alliance INL/EXT-05-00651 U.S. Department of Energy FreedomCAR & Vehicle Technologies Program Oil Bypass Filter Technology Evaluation Eleventh Quarterly Report April-June 2005 Larry Zirker James Francfort Jordan Fielding September 2005 Idaho National Laboratory Transportation Technology Department Idaho Falls, Idaho 83415 Prepared for the U.S. Department of Energy Assistant Secretary for Energy Efficiency and Renewable Energy Under DOE Idaho Operations Office

459

Chemical Safety Vulnerability Working Group report. Volume 2  

SciTech Connect

The Chemical Safety Vulnerability (CSV) Working Group was established to identify adverse conditions involving hazardous chemicals at DOE facilities that might result in fires or explosions, release of hazardous chemicals to the environment, or exposure of workers or the public to chemicals. A CSV Review was conducted in 148 facilities at 29 sites. Eight generic vulnerabilities were documented related to: abandoned chemicals and chemical residuals; past chemical spills and ground releases; characterization of legacy chemicals and wastes; disposition of legacy chemicals; storage facilities and conditions; condition of facilities and support systems; unanalyzed and unaddressed hazards; and inventory control and tracking. Weaknesses in five programmatic areas were also identified related to: management commitment and planning; chemical safety management programs; aging facilities that continue to operate; nonoperating facilities awaiting deactivation; and resource allocations. Volume 2 consists of seven appendices containing the following: Tasking memorandums; Project plan for the CSV Review; Field verification guide for the CSV Review; Field verification report, Lawrence Livermore National Lab.; Field verification report, Oak Ridge Reservation; Field verification report, Savannah River Site; and the Field verification report, Hanford Site.

Not Available

1994-09-01T23:59:59.000Z

460

Does topological information matter for power grid vulnerability?  

Science Journals Connector (OSTI)

Power grids which are playing an important role in supporting the economy of a region as well as the life of its citizens could be attacked by terrorists or enemies to damage the region. Depending on different levels of power grid information collected by the terrorists their attack strategies might be different. This paper groups power grid information into four levels: no information purely topological information (PTI) topological information with generator and load nodes (GLNI) and full information (including component physical properties and flow parameters information) and then identifies possible attack strategies for each information level. Analyzing and comparing power grid vulnerability under these attack strategies from both terrorists' and utility companies' point of view give rise to an approach to quantify the relative values of these three types of information including PTI GLNI and component parameter information (CPI). This approach can provide information regarding the extent to which topological information matters for power system vulnerability decisions. Taking several test systems as examples results show that for small attacks with p ? ? ?0.1 CPI matters the most; when taking attack cost into consideration and assuming that the terrorists take the optimum cost-efficient attack intensity then CPI has the largest cost-based information value.

2014-01-01T23:59:59.000Z

Note: This page contains sample records for the topic "authentication bypass vulnerability" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


461

JC3 High Impact Assessment Bulletins | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

May 22, 2013 May 22, 2013 V-161: IBM Maximo Asset Management Products Java Multiple Vulnerabilities Asset and Service Mgmt Products - Potential security exposure when using JavaTM based applications due to vulnerabilities in Java Software Developer Kits. May 17, 2013 V-158: BlackBerry Tablet OS Flash Player Multiple Vulnerabilities Multiple vulnerabilities have been reported in BlackBerry Tablet OS, which can be exploited by malicious people to bypass certain security restrictions and compromise a user's system. May 16, 2013 V-157: Adobe Reader / Acrobat Multiple Vulnerabilities These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system May 14, 2013 V-155: Apache Tomcat FORM Authenticator Lets Remote Users Conduct Session

462

JC3 High Impact Assessment Bulletins | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

31, 2013 31, 2013 V-081: Wireshark Multiple Vulnerabilities Multiple vulnerabilities have been reported in Wireshark January 30, 2013 V-080: Apple iOS Multiple Vulnerabilities Apple iOS Multiple Vulnerabilities January 25, 2013 V-077: Barracuda SSL VPN Bug Lets Remote Users Bypass Authentication A remote user can gain administrative access to the target system. January 18, 2013 V-072: Red Hat update for java-1.7.0-openjdk Red Hat has issued an update for java-1.7.0-openjdk. January 15, 2013 V-069: BlackBerry Tablet OS Adobe Flash Player and Samba Multiple Vulnerabilities Multiple vulnerabilities have been reported in BlackBerry Tablet OS January 11, 2013 V-067: Oracle Java Flaw Lets Remote Users Execute Arbitrary Code Oracle Java Flaw Lets Remote Users Execute Arbitrary Code

463

JC3 Bulletin Archive | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

14, 2012 14, 2012 V-047: IBM Lotus Foundation Multiple Cross Site Scripting Two vulnerabilities have been reported in IBM Lotus Foundations. December 13, 2012 V-046: Adobe Flash Player Bugs Let Remote Users Execute Arbitrary Code Several vulnerabilities were reported in Adobe Flash Player. December 12, 2012 V-045: Adobe ColdFusion Lets Local Users Bypass Sandbox Restrictions A vulnerability was reported in Adobe ColdFusion. December 11, 2012 V-044: IBM Informix Buffer Overflow in Processing SQL Statements Lets Remote Authenticated Users Execute Arbitrary Code A vulnerability was reported in IBM Informix. December 10, 2012 V-043: Perl Locale::Maketext Module '_compile()' Multiple Code Injection Vulnerabilities Two vulnerabilities have been reported in Locale::Maketext module for Perl

464

U-159: Red Hat Enterprise MRG Messaging Qpid Bug Lets Certain...  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

9: Red Hat Enterprise MRG Messaging Qpid Bug Lets Certain Remote Users Bypass Authentication U-159: Red Hat Enterprise MRG Messaging Qpid Bug Lets Certain Remote Users Bypass...

465

Effect of beta on Seismic Vulnerability Curve for RC Bridge Based on Double Damage Criterion  

SciTech Connect

In the analysis of seismic vulnerability curve based on double damage criterion, the randomness of structural parameter and randomness of seismic should be considered. Firstly, the distribution characteristics of structure capability and seismic demand are obtained based on IDA and PUSHOVER, secondly, the vulnerability of the bridge is gained based on ANN and MC and a vulnerability curve according to this bridge and seismic is drawn. Finally, the analysis for a continuous bridge is displayed as an example, and parametric analysis for the effect of beta is done, which reflects the bridge vulnerability overall from the point of total probability, and in order to reduce the discreteness, large value of beta are suggested.

Feng Qinghai [CCCC Highway, CO., Ltd. (China); Yuan Wancheng [Bridge Department, Tongji University, Shanghai (China)

2010-05-21T23:59:59.000Z

466

Offshore blow-out accidents : an analysis of causes of vulnerability exposing technological systems to accidents.  

E-Print Network (OSTI)

??This thesis is about understanding causes of vulnerabilities leading to specific type of accidents on offshore oil and gas installations. Blow-out accidents have disastrous potential (more)

Stren, Thomas G.

2007-01-01T23:59:59.000Z

467

E-Print Network 3.0 - areas vulnerabilities impacts Sample Search...  

NLE Websites -- All DOE Office Websites (Extended Search)

9 InformationSystemsResearch Vol. 21, No. 1, March 2010, pp. 115132 Summary: Vendors' Patch Release Behavior: Impact of Vulnerability Disclosure Ashish Arora, Ramayya Krishnan,...

468

IEEE TRANSACTIONS ON WIRELESS COMMUNICATIONS, VOL. 5, NO. 9, SEPTEMBER 2006 2569 Mutual Authentication and Key Exchange Protocols  

E-Print Network (OSTI)

compromise and service abuse, etc. Several authentication Manuscript received February 3, 2005; revised May}@bbcr.uwaterloo.ca). Digital Object Identifier 10.1109/TWC.2006.05063. Internet B's home network, home agent (H) Fixed Internet

Shen, Xuemin "Sherman"

469

ID-based One-pass Authenticated Key Establishment M. Choudary Gorantla Colin Boyd Juan Manuel Gonzalez Nieto  

E-Print Network (OSTI)

ID-based One-pass Authenticated Key Establishment M. Choudary Gorantla Colin Boyd Juan Manuel Gonz, Brisbane, QLD 4001, Australia. Email: mc.gorantla@isi.qut.edu.au, {c.boyd

Boyd, Colin

470

AFTER A Framework for electrical power sysTems vulnerability  

Open Energy Info (EERE)

Czech Czech Republic) Jump to: navigation, search Project Name AFTER A Framework for electrical power sysTems vulnerability identification, dEfense and Restoration Country Czech Republic Coordinates 49.817493°, 15.472962° Loading map... {"minzoom":false,"mappingservice":"googlemaps3","type":"ROADMAP","zoom":14,"types":["ROADMAP","SATELLITE","HYBRID","TERRAIN"],"geoservice":"google","maxzoom":false,"width":"600px","height":"350px","centre":false,"title":"","label":"","icon":"","visitedicon":"","lines":[],"polygons":[],"circles":[],"rectangles":[],"copycoords":false,"static":false,"wmsoverlay":"","layers":[],"controls":["pan","zoom","type","scale","streetview"],"zoomstyle":"DEFAULT","typestyle":"DEFAULT","autoinfowindows":false,"kml":[],"gkml":[],"fusiontables":[],"resizable":false,"tilt":0,"kmlrezoom":false,"poi":true,"imageoverlays":[],"markercluster":false,"searchmarkers":"","locations":[{"text":"","title":"","link":null,"lat":49.817493,"lon":15.472962,"alt":0,"address":"","icon":"","group":"","inlineLabel":"","visitedicon":""}]}

471

AFTER A Framework for electrical power sysTems vulnerability  

Open Energy Info (EERE)

Ireland) Ireland) Jump to: navigation, search Project Name AFTER A Framework for electrical power sysTems vulnerability identification, dEfense and Restoration Country Ireland Coordinates 53.41291°, -8.24389° Loading map... {"minzoom":false,"mappingservice":"googlemaps3","type":"ROADMAP","zoom":14,"types":["ROADMAP","SATELLITE","HYBRID","TERRAIN"],"geoservice":"google","maxzoom":false,"width":"600px","height":"350px","centre":false,"title":"","label":"","icon":"","visitedicon":"","lines":[],"polygons":[],"circles":[],"rectangles":[],"copycoords":false,"static":false,"wmsoverlay":"","layers":[],"controls":["pan","zoom","type","scale","streetview"],"zoomstyle":"DEFAULT","typestyle":"DEFAULT","autoinfowindows":false,"kml":[],"gkml":[],"fusiontables":[],"resizable":false,"tilt":0,"kmlrezoom":false,"poi":true,"imageoverlays":[],"markercluster":false,"searchmarkers":"","locations":[{"text":"","title":"","link":null,"lat":53.41291,"lon":-8.24389,"alt":0,"address":"","icon":"","group":"","inlineLabel":"","visitedicon":""}]}

472

Topology and vulnerability of the Iranian power grid  

Science Journals Connector (OSTI)

Abstract In this paper we investigated the structural properties of the ultra high voltage power transmission network of Iran. We modeled the power grid as a network with 105 nodes and 142 connection links. We found that the Iranian power grid displays a relatively moderate clustering coefficientmuch larger than that of corresponding random networksand small characteristics path length comparable to that of corresponding random networks; i.e. the power grid is a small-world network with exponential degree distribution. Global efficiency was considered as an indicator of grids performance and the influence of random and intentional nodal failures on the efficiency was investigated. We also studied the influence of cascaded failures on the largest connected component of the network. The power grid was vulnerable against cascaded failures, which should be considered serious in redesigning the network topology.

Momhammad Ali Saniee Monfared; Mahdi Jalili; Zohreh Alipour

2014-01-01T23:59:59.000Z

473

Using vulnerability assessments to design facility safeguards and security systems  

SciTech Connect

The Weapons Complex Reconfiguration (WCR) Program is meant to prepare the Department of Energy (DOE) weapons complex to meet the needs of the next century through construction of now facilities or upgrades-in-place at existing facilities. This paper describes how a vulnerability (VA) was used to identify potential S&S features for the conceptual design for a plutonium storage facility as part of the WCR Program. We distinguish those features of the design that need to be investigated at the conceptual stage from those that can be evaluated later. We also examined what protection features may allow reduced S&S operating costs, with the main focus on protective force costs. While some of these concepts hold the promise for significantly reducing life-cycle protective force costs, their use depends on resolving long-standing tradeoffs between S&S and safety, which are discussed in the study.

Snell, M.; Jaeger, C.

1994-08-01T23:59:59.000Z

474

Assessing Vulnerabilities, Risks, and Consequences of Damage to Critical Infrastructure  

SciTech Connect

Since the publication of 'Critical Foundations: Protecting America's Infrastructure,' there has been a keen understanding of the complexity, interdependencies, and shared responsibility required to protect the nation's most critical assets that are essential to our way of life. The original 5 sectors defined in 1997 have grown to 18 Critical Infrastructures and Key Resources (CIKR), which are discussed in the 2009 National Infrastructure Protection Plan (NIPP) and its supporting sector-specific plans. The NIPP provides the structure for a national program dedicated to enhanced protection and resiliency of the nation's infrastructure. Lawrence Livermore National Laboratory (LLNL) provides in-depth, multi-disciplinary assessments of threat, vulnerability, and consequence across all 18 sectors at scales ranging from specific facilities to infrastructures spanning multi-state regions, such as the Oil and Natural Gas (ONG) sector. Like many of the CIKR sectors, the ONG sector is comprised of production, processing, distribution, and storage of highly valuable and potentially dangerous commodities. Furthermore, there are significant interdependencies with other sectors, including transportation, communication, finance, and government. Understanding the potentially devastating consequences and collateral damage resulting from a terrorist attack or natural event is an important element of LLNL's infrastructure security programs. Our work began in the energy sector in the late 1990s and quickly expanded other critical infrastructure sectors. We have performed over 600 physical assessments with a particular emphasis on those sectors that utilize, store, or ship potentially hazardous materials and for whom cyber security is important. The success of our approach is based on building awareness of vulnerabilities and risks and working directly with industry partners to collectively advance infrastructure protection. This approach consists of three phases: The Pre-Assessment Phase brings together infrastructure owners and operators to identify critical assets and help the team create a structured information request. During this phase, we gain information about the critical assets from those who are most familiar with operations and interdependencies, making the time we spend on the ground conducting the assessment much more productive and enabling the team to make actionable recommendations. The Assessment Phase analyzes 10 areas: Threat environment, cyber architecture, cyber penetration, physical security, physical penetration, operations security, policies and procedures, interdependencies, consequence analysis, and risk characterization. Each of these individual tasks uses direct and indirect data collection, site inspections, and structured and facilitated workshops to gather data. Because of the importance of understanding the cyber threat, LLNL has built both fixed and mobile cyber penetration, wireless penetration and supporting tools that can be tailored to fit customer needs. The Post-Assessment Phase brings vulnerability and risk assessments to the customer in a format that facilitates implementation of mitigation options. Often the assessment findings and recommendations are briefed and discussed with several levels of management and, if appropriate, across jurisdictional boundaries. The end result is enhanced awareness and informed protective measures. Over the last 15 years, we have continued to refine our methodology and capture lessons learned and best practices. The resulting risk and decision framework thus takes into consideration real-world constraints, including regulatory, operational, and economic realities. In addition to 'on the ground' assessments focused on mitigating vulnerabilities, we have integrated our computational and atmospheric dispersion capability with easy-to-use geo-referenced visualization tools to support emergency planning and response operations. LLNL is home to the National Atmospheric Release Advisory Center (NARAC) and the Interagency Modeling and Atmospheric Assessment Center (IMAAC). NA

Suski, N; Wuest, C

2011-02-04T23:59:59.000Z

475

AFTER A Framework for electrical power sysTems vulnerability  

Open Energy Info (EERE)

Belgium) Belgium) Jump to: navigation, search Project Name AFTER A Framework for electrical power sysTems vulnerability identification, dEfense and Restoration Country Belgium Coordinates 50.359482°, 4.63623° Loading map... {"minzoom":false,"mappingservice":"googlemaps3","type":"ROADMAP","zoom":14,"types":["ROADMAP","SATELLITE","HYBRID","TERRAIN"],"geoservice":"google","maxzoom":false,"width":"600px","height":"350px","centre":false,"title":"","label":"","icon":"","visitedicon":"","lines":[],"polygons":[],"circles":[],"rectangles":[],"copycoords":false,"static":false,"wmsoverlay":"","layers":[],"controls":["pan","zoom","type","scale","streetview"],"zoomstyle":"DEFAULT","typestyle":"DEFAULT","autoinfowindows":false,"kml":[],"gkml":[],"fusiontables":[],"resizable":false,"tilt":0,"kmlrezoom":false,"poi":true,"imageoverlays":[],"markercluster":false,"searchmarkers":"","locations":[{"text":"","title":"","link":null,"lat":50.359482,"lon":4.63623,"alt":0,"address":"","icon":"","group":"","inlineLabel":"","visitedicon":""}]}

476

Enhancing security of electronic health records through grid-based user authentication scheme  

Science Journals Connector (OSTI)

Medical research and electronic health record (EHR) maintenance involves large databases that are geographically distributed which calls naturally for a grid computing environment. Huge data in medical image analysis, storage and genome processing demand large medical data storage and computing power. Data sharing, software specialisation and data processing which occur in a heterogeneous way tend to make use of the grid computing environment for the medical field. The security solution for authentication in the existing grid environment is non-scalable. This major drawback can hinder the growth of the user community in the medical field. A simple user authentication scheme is proposed, which enhances the security of the overall system but takes less time for execution and lesser communication cost.

G. Jaspher Willsie Kathrine; E. Kirubakaran; Elijah Blessing Rajsingh

2014-01-01T23:59:59.000Z

477

Comparative studies on authentication and key exchange methods for 802.11 wireless LAN  

Science Journals Connector (OSTI)

IEEE 802.11 wireless LAN has become one of the hot topics on the design and development of network access technologies. In particular, its authentication and key exchange (AKE) aspects, which form a vital building block for modern security mechanisms, deserve further investigation. In this paper we first identify the general requirements used for WLAN authentication and key exchange (AKE) methods, and then classify them into three levels (mandatory, recommended, and additional operational requirements). We present a review of issues and proposed solutions for AKE in 802.11 WLANs. Three types of existing methods for addressing AKE issues are identified, namely, the legacy, layered and access control-based AKE methods. Then, we compare these methods against the identified requirements. Based on the analysis, a multi-layer AKE framework is proposed, together with a set of design guidelines, which aims at a flexible, extensible and efficient security as well as easy deployment.

Jun Lei; Xiaoming Fu; Dieter Hogrefe; Jianrong Tan

2007-01-01T23:59:59.000Z

478

Questioning the Meaning of Authenticity in Martin Heidegger's Being and Time  

E-Print Network (OSTI)

the proper context for authenticity will be to clarify those existential structures that describe what it means for Dasein to exist concretely in the world. Since Heidegger provides a fairly comprehensive account of the ontological constitution... the ontological and the ontic, and the existential and the existentiell. As a result, the traditional notions of selfhood and subjectivity get split between this new landscape of categories and subsequently lose their meaning. As Francois Raffoul points out...

Liwinski, Thomas

2011-10-21T23:59:59.000Z

479

Finding Semantic Vulnerabilities in PHP Applications The University of Texas at Austin  

E-Print Network (OSTI)

SAFERPHP: Finding Semantic Vulnerabilities in PHP Applications Sooel Son The University of Texas the first characterization of these types of vulner- abilities in PHP applications, develop novel inter-procedural algorithms for discovering them in PHP source code, and implement these algorithms as part of SAFERPHP

Shmatikov, Vitaly

480

SP 800-40 Version 2.0. Creating a Patch and Vulnerability Management Program  

Science Journals Connector (OSTI)

This document provides guidance on creating a security patch and vulnerability management program and testing the effectiveness of that program. The primary audience is security managers who are responsible for designing and implementing the program. ... Keywords: Computer security, security patches, vulnerability management

Peter M. Mell; Tiffany Bergeron; David Henning

2005-11-01T23:59:59.000Z

Note: This page contains sample records for the topic "authentication bypass vulnerability" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


481

Designing a minimum-functionality neutron and gamma measurement instrument with a focus on authentication  

SciTech Connect

During the design and construction of the Next-Generation Attribute-Measurement System, which included a largely commercial off-the-shelf (COTS), nondestructive assay (NDA) system, we realized that commercial NDA equipment tends to include numerous features that are not required for an attribute-measurement system. Authentication of the hardware, firmware, and software in these instruments is still required, even for those features not used in this application. However, such a process adds to the complexity, cost, and time required for authentication. To avoid these added authenticat ion difficulties, we began to design NDA systems capable of performing neutron multiplicity and gamma-ray spectrometry measurements by using simplified hardware and software that avoids unused features and complexity. This paper discusses one possible approach to this design: A hardware-centric system that attempts to perform signal analysis as much as possible in the hardware. Simpler processors and minimal firmware are used because computational requirements are kept to a bare minimum. By hard-coding the majority of the device's operational parameters, we could cull large sections of flexible, configurable hardware and software found in COTS instruments, thus yielding a functional core that is more straightforward to authenticate.

Karpius, Peter J [Los Alamos National Laboratory; Williams, Richard B [Los Alamos National Laboratory

2009-01-01T23:59:59.000Z

482

U-097: PHP "php_register_variable_ex()" Code Execution Vulnerability |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

097: PHP "php_register_variable_ex()" Code Execution 097: PHP "php_register_variable_ex()" Code Execution Vulnerability U-097: PHP "php_register_variable_ex()" Code Execution Vulnerability February 7, 2012 - 9:00am Addthis PROBLEM: PHP "php_register_variable_ex()" Code Execution Vulnerability PLATFORM: PHP 5.3.x ABSTRACT: Execution of arbitrary code via network as well as user access via network reference LINKS: PHP Security Archive SecurityTracker Alert ID: 1026631 Secunia Advisory SA47806 CVE-2012-0830 IMPACT ASSESSMENT: High Discussion: A vulnerability has been reported in PHP, which can be exploited by malicious people to compromise a vulnerable system. Impact: A remote user can send specially crafted data to trigger a memory error in php_register_variable_ex() and execute arbitrary code on the target system.

483

U-172: OpenOffice.org Two Vulnerabilities | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

72: OpenOffice.org Two Vulnerabilities 72: OpenOffice.org Two Vulnerabilities U-172: OpenOffice.org Two Vulnerabilities May 18, 2012 - 7:00am Addthis PROBLEM: OpenOffice.org Two Vulnerabilities PLATFORM: OpenOffice.org 3.3, Other versions may also be affected. ABSTRACT: Two vulnerabilities have been reported in OpenOffice.org, which can be exploited by malicious people to compromise a user's system. Reference LINKS: Secunia Advisory SA46992 CVE-2012-1149 CVE-2012-2149 IMPACT ASSESSMENT: High Discussion: 1) An integer overflow error in the vclmi.dll module when allocating memory for an embedded image object can be exploited to cause a heap-based buffer overflow e.g. via a specially crafted JPEG object within a DOC file. 2) An error within libwpd when parsing Wordperfect documents can be exploited to overwrite arbitrary memory via a specially crafted Wordperfect

484

U-069: Telnet code execution vulnerability: FreeBSD and Kerberos |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

69: Telnet code execution vulnerability: FreeBSD and Kerberos 69: Telnet code execution vulnerability: FreeBSD and Kerberos U-069: Telnet code execution vulnerability: FreeBSD and Kerberos December 27, 2011 - 5:18am Addthis PROBLEM: Telnet code execution vulnerability: FreeBSD and Kerberos PLATFORM: Operating System: FreeBSD 7.1, 7.3, 8.0 and 8.1 and Software: Kerberos ABSTRACT: Vulnerability was reported in FreeBSD Telnet. A remote user can execute arbitrary code on the target system. reference LINKS: FreeBSD-SA-11:08.telnetd MITKRB5-SA-2011-008 Secunia Advisory: SA47397 (FreeBSD) Secunia Advisory: SA47348 (Kerberos) SecurityTracker Alert ID: 1026460 CVE-2011-4862 IMPACT ASSESSMENT: High Discussion: When an encryption key is supplied via the TELNET protocol, its length is not validated before the key is copied into a fixed-size buffer. The telnet

485

V-056: FreeType BDF Glyph Processing Buffer Overflow Vulnerability |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

6: FreeType BDF Glyph Processing Buffer Overflow Vulnerability 6: FreeType BDF Glyph Processing Buffer Overflow Vulnerability V-056: FreeType BDF Glyph Processing Buffer Overflow Vulnerability December 27, 2012 - 6:00am Addthis PROBLEM: FreeType BDF Glyph Processing Buffer Overflow Vulnerability PLATFORM: Version(s): prior to 2.4.11 ABSTRACT: Several vulnerabilities were reported in FreeType. A remote user can cause arbitrary code to be executed on the target user's system. REFERENCE LINKS: SecurityTracker Alert ID: 1027921 CVE-2012-5668 CVE-2012-5669 CVE-2012-5670 IMPACT ASSESSMENT: High DISCUSSION: A remote user can create a specially crafted font file that, when loaded by the target user, will execute arbitrary code on the target system. The code will run with the privileges of the target user or application. A null pointer dereference can be triggered in bdf_free_font()

486

U-149: Apache OFBiz Cross-Site Scripting and Code Execution Vulnerabilities  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

9: Apache OFBiz Cross-Site Scripting and Code Execution 9: Apache OFBiz Cross-Site Scripting and Code Execution Vulnerabilities U-149: Apache OFBiz Cross-Site Scripting and Code Execution Vulnerabilities April 17, 2012 - 8:00am Addthis PROBLEM: Multiple vulnerabilities have been reported in Apache OFBiz, which can be exploited by malicious people to conduct cross-site scripting attacks and compromise a vulnerable system. PLATFORM: Apache OFBiz 10.x ABSTRACT: The vulnerabilities are reported in version 10.04.01. Prior versions may also be affected. references LINKS: Vendor Advisory Secunia Advisory 48800 CVE-2012-1621 IMPACT ASSESSMENT: High Discussion: 1) Certain unspecified input is not properly sanitised within the "getServerError()" function in checkoutProcess.js before being returned to the user. This can be exploited to execute arbitrary HTML and script code

487

T-572: VMware ESX/ESXi SLPD denial of service vulnerability | Department of  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

72: VMware ESX/ESXi SLPD denial of service vulnerability 72: VMware ESX/ESXi SLPD denial of service vulnerability T-572: VMware ESX/ESXi SLPD denial of service vulnerability March 8, 2011 - 3:05pm Addthis PROBLEM: A vulnerability was reported in VMware ESX. A remote user can cause denial of service conditions. PLATFORM: ESX/ESXi 4.0, 4.1 ABSTRACT: VMware ESX/ESXi SLPD denial of service vulnerability and ESX third party updates for Service Console packages bind, pam, and rpm. reference LINKS: VMware Security Advisory: VMSA-2011-0004 VMware vSphere 4 VMware ESXi 4.1 Update CVE-2010-3609 IMPACT ASSESSMENT: Moderate Discussion: A remote user can send specially crafted data to cause the target Service Location Protocol daemon (SLPD) to enter an infinite loop and consume excessive CPU resources.A remote user can consume excessive CPU resources.

488

U-108: Net4Switch ipswcom ActiveX Control Buffer Overflow Vulnerability |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

8: Net4Switch ipswcom ActiveX Control Buffer Overflow 8: Net4Switch ipswcom ActiveX Control Buffer Overflow Vulnerability U-108: Net4Switch ipswcom ActiveX Control Buffer Overflow Vulnerability February 22, 2012 - 8:00am Addthis PROBLEM: A vulnerability was reported in Net4Switch ipswcom ActiveX Control, which can be exploited by malicious people to compromise a user's system. PLATFORM: Net4Switch ipswcom ActiveX Control 1.x ABSTRACT: The vulnerability is caused due to a boundary error within the "CxDbgPrint()" function (cxcmrt.dll) when creating a debug message string. reference LINKS: Vendor Advisory Secunia Advisroy 48125 No CVE references. IMPACT ASSESSMENT: High Discussion: The vulnerability is caused due to a boundary error within the "CxDbgPrint()" function (cxcmrt.dll) when creating a debug message string.

489

V-219: Kingsoft Writer 2012 WPS Font Names Buffer Overflow Vulnerability |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

19: Kingsoft Writer 2012 WPS Font Names Buffer Overflow 19: Kingsoft Writer 2012 WPS Font Names Buffer Overflow Vulnerability V-219: Kingsoft Writer 2012 WPS Font Names Buffer Overflow Vulnerability August 16, 2013 - 5:52am Addthis PROBLEM: Kaveh Ghaemmaghami has discovered a vulnerability in Kingsoft Writer 2012, which can be exploited by malicious people to compromise a user's system. PLATFORM: Kingsoft Office 2012, Kingsoft Weirwe 2012 8.x ABSTRACT: The vulnerability is confirmed in the following products and versions: * Kingsoft Writer 2012 version 8.1.0.3030. * Kingsoft Writer 2012 bundled in Kingsoft Office 2012 version 8.1.0.3385. REFERENCE LINKS: Secunia Advisory SA53266 CVE-2013-3934 IMPACT ASSESSMENT: High DISCUSSION: The vulnerability is caused due to a boundary error in when handling font names and can be exploited to cause a stack-based buffer overflow via a

490

U-018: Oracle AutoVue ActiveX Control Insecure Method Vulnerabilities |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

18: Oracle AutoVue ActiveX Control Insecure Method 18: Oracle AutoVue ActiveX Control Insecure Method Vulnerabilities U-018: Oracle AutoVue ActiveX Control Insecure Method Vulnerabilities October 25, 2011 - 8:45am Addthis PROBLEM: Oracle AutoVue ActiveX Control Insecure Method Vulnerabilities. PLATFORM: The vulnerabilities are confirmed in version 20.0.2 build 7910 (AutoVueX.ocx 20.1.1.7910). Other versions may also be affected. ABSTRACT: Successful exploitation of the vulnerabilities allows execution of arbitrary code. reference LINKS: Bugtraq ID: 50321 Secunia Advisory SA46473 Oracle AutoVue IMPACT ASSESSMENT: High Discussion: Successfully exploiting this issue will allow attackers to create or overwrite arbitrary files on the victim's computer within the context of the affected application (typically Internet Explorer) that uses the

491

T-682:Double free vulnerability in MapServer | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

2:Double free vulnerability in MapServer 2:Double free vulnerability in MapServer T-682:Double free vulnerability in MapServer August 2, 2011 - 4:08pm Addthis PROBLEM: Double free vulnerability in MapServer PLATFORM: All versions may be susceptible to SQL injection under certain circumstances ABSTRACT: MapServer developers have discovered flaws in the OGC filter support in MapServer. Specific code is used in support of WFS, WMS-SLD and SOS specifications. All versions may be susceptible to SQL injection under certain circumstances. The extent of the vulnerability depends on the MapServer version, relational database and mapfile configuration being used. All users are strongly encouraged to upgrade to these latest releases. reference LINKS: Double-free in msAddImageSymbol() when filename is a http resource