National Library of Energy BETA

Sample records for remote authenticated user

  1. V-155: Apache Tomcat FORM Authenticator Lets Remote Users Conduct...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    5: Apache Tomcat FORM Authenticator Lets Remote Users Conduct Session Fixation Attacks V-155: Apache Tomcat FORM Authenticator Lets Remote Users Conduct Session Fixation Attacks...

  2. V-127: Samba Bug Lets Remote Authenticated Users Modify Files...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    7: Samba Bug Lets Remote Authenticated Users Modify Files V-127: Samba Bug Lets Remote Authenticated Users Modify Files April 5, 2013 - 6:00am Addthis PROBLEM: A vulnerability was...

  3. T-606: Sun Java System Access Manager Lets Remote Users Partially Modify Data and Remote Authenticated Users Partially Access Data

    Broader source: Energy.gov [DOE]

    Sun Java System Access Manager Lets Remote Users Partially Modify Data and Remote Authenticated Users Partially Access Data.

  4. U-233: Oracle Database INDEXTYPE CTXSYS.CONTEXT Bug Lets Remote Authenticated Users Gain Elevated Privileges

    Office of Energy Efficiency and Renewable Energy (EERE)

    A remote authenticated user with 'Create Table' privileges can gain 'SYS' privileges on the target system.

  5. T-707: Apache Tomcat AJP Protocol Processing Bug Lets Remote Users Bypass Authentication or Obtain Information

    Broader source: Energy.gov [DOE]

    Apache Tomcat AJP protocol processing bug lets remote users bypass authentication or obtain information.

  6. U-112: PostgreSQL Bugs Let Remote Authenticated Users Gain Elevated Privileges, Inject SQL Commands, and Spoof Certificates

    Broader source: Energy.gov [DOE]

    A remote authenticated user can gain elevated privileges. A remote authenticated user can inject SQL commands. A remote user can spoof connections in certain cases.

  7. V-151: RSA Archer eGRC Bugs Let Remote Authenticated Users Upload...

    Energy Savers [EERE]

    Users Upload Files and Let Remote Users Conduct Cross-Site Scripting Attacks V-151: RSA Archer eGRC Bugs Let Remote Authenticated Users Upload Files and Let Remote Users ...

  8. T-575: OpenLDAP back-ndb Lets Remote Users Authenticate Without...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Remote Users Authenticate Without a Valid Password T-575: OpenLDAP back-ndb Lets Remote Users Authenticate Without a Valid Password March 11, 2011 - 3:05pm Addthis PROBLEM: A ...

  9. V-151: RSA Archer eGRC Bugs Let Remote Authenticated Users Upload Files and

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Let Remote Users Conduct Cross-Site Scripting Attacks | Department of Energy 51: RSA Archer eGRC Bugs Let Remote Authenticated Users Upload Files and Let Remote Users Conduct Cross-Site Scripting Attacks V-151: RSA Archer eGRC Bugs Let Remote Authenticated Users Upload Files and Let Remote Users Conduct Cross-Site Scripting Attacks May 8, 2013 - 12:06am Addthis PROBLEM: RSA Archer eGRC Bugs Let Remote Authenticated Users Upload Files and Let Remote Users Conduct Cross-Site Scripting Attacks

  10. U-168: EMC Documentum Information Rights Management Server Bugs Let Remote Authenticated Users Deny Service

    Broader source: Energy.gov [DOE]

    Two vulnerabilities were reported in EMC Documentum Information Rights Management Server. A remote authenticated user can cause denial of service conditions.

  11. T-575: OpenLDAP back-ndb Lets Remote Users Authenticate Without a Valid

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Password | Department of Energy 5: OpenLDAP back-ndb Lets Remote Users Authenticate Without a Valid Password T-575: OpenLDAP back-ndb Lets Remote Users Authenticate Without a Valid Password March 11, 2011 - 3:05pm Addthis PROBLEM: A vulnerability was reported in OpenLDAP. A remote user can authenticate without a valid password. PLATFORM: Open LDAP version(s) 2.4.12 - 2.2.24 ABSTRACT: OpenLDAP back-ndb Lets Remote Users Authenticate Without a Valid Password. reference LINKS: SecurityTracker

  12. U-130: JBoss Operations Network LDAP Authentication Bug Lets Remote Users Bypass Authentication

    Office of Energy Efficiency and Renewable Energy (EERE)

    A vulnerability was reported in JBoss Operations Network. A remote user can login with an arbitrary password in certain cases.

  13. U-211: EMC Celerra/VNX/VNXe Access Control Bug Lets Remote Authenticated Users Access Files/Directories

    Office of Energy Efficiency and Renewable Energy (EERE)

    A vulnerability was reported in EMC Celerra/VNX/VNXe. A remote authenticated user can access files and directories on the target file system.

  14. V-103: RSA Authentication Agent Lets Remote Users Bypass Authenticatio...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    issued a fix (7.1.2). Addthis Related Articles U-267: RSA Authentication Agent 7.1 for Microsoft Windows and RSA Authentication Client 3.5 Access Control Vulnerability...

  15. V-150: Apache VCL Input Validation Flaw Lets Remote Authenticated...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Apache VCL Input Validation Flaw Lets Remote Authenticated Users Gain Elevated Privileges V-150: Apache VCL Input Validation Flaw Lets Remote Authenticated Users Gain Elevated...

  16. U-159: Red Hat Enterprise MRG Messaging Qpid Bug Lets Certain Remote Users Bypass Authentication

    Broader source: Energy.gov [DOE]

    A vulnerability was reported in Red Hat Enterprise MRG Messaging. A remote user can access cluster messages and view the internal configuration.

  17. T-704: RSA enVision Lets Remote Users View Files and Remote Authentica...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    RSA enVision Lets Remote Users View Files and Remote Authenticated Users Obtain Password T-704: RSA enVision Lets Remote Users View Files and Remote Authenticated Users Obtain...

  18. V-223: RSA Authentication Agent for PAM Allows Remote Users to...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    has issued a fix Addthis Related Articles U-267: RSA Authentication Agent 7.1 for Microsoft Windows and RSA Authentication Client 3.5 Access Control Vulnerability...

  19. U-084: Cisco Digital Media Manager Lets Remote Authenticated...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Show and Share. Impact: A remote authenticated user can send a specially crafted URL via TCP port 8443 to access administrative resources and gain administrative privileges....

  20. T-608: HP Virtual Server Environment Lets Remote Authenticated Users Gain Elevated Privileges

    Broader source: Energy.gov [DOE]

    A potential security vulnerability has been identified in HP Virtual Server Environment for Windows. The vulnerability could be exploited remotely to elevate privileges.

  1. U-244: McAfee Email Gateway Lets Remote Users Bypass Authentication...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    McAfee Security Bulletin ID: SB10026 SecurityTracker Alert ID: 1027444 Bugtraq ID: 55184 CVE-2012-4595, CVE-2012-4596, CVE-2012-4597 IMPACT ASSESSMENT: Medium Discussion A remote...

  2. U-231: Cisco ASA SIP and WebVPN Bugs Let Remote Users Deny Service

    Broader source: Energy.gov [DOE]

    Two vulnerabilities were reported in Cisco ASA. A remote or remote authenticated user can cause denial of service conditions.

  3. V-076: Cisco Wireless LAN Controller Bugs Let Remote Users Deny...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Cisco Wireless LAN Controller Bugs Let Remote Users Deny Service and Remote Authenticated Users Modify the Configuration and Execute Arbitrary Code V-076: Cisco Wireless LAN ...

  4. V-183: Cisco TelePresence TC and TE Bugs Let Remote Users Deny...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Remote Users Deny Service and Remote Adjacent Authenticated Users Gain Root Shell Access V-183: Cisco TelePresence TC and TE Bugs Let Remote Users Deny Service and Remote Adjacent...

  5. V-183: Cisco TelePresence TC and TE Bugs Let Remote Users Deny Service and Remote Adjacent Authenticated Users Gain Root Shell Access

    Broader source: Energy.gov [DOE]

    Cisco TelePresence TC and TE Software contain two vulnerabilities in the implementation of the Session Initiation Protocol (SIP) that could allow an unauthenticated remote attacker to cause a denial of service (DoS) condition. Additionally, Cisco TelePresence TC Software contain an adjacent root access vulnerability that could allow an attacker on the same physical or logical Layer-2 network as the affected system to gain an unauthenticated root shell.

  6. V-076: Cisco Wireless LAN Controller Bugs Let Remote Users Deny Service and

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Remote Authenticated Users Modify the Configuration and Execute Arbitrary Code | Department of Energy 6: Cisco Wireless LAN Controller Bugs Let Remote Users Deny Service and Remote Authenticated Users Modify the Configuration and Execute Arbitrary Code V-076: Cisco Wireless LAN Controller Bugs Let Remote Users Deny Service and Remote Authenticated Users Modify the Configuration and Execute Arbitrary Code January 24, 2013 - 6:00am Addthis PROBLEM: Several vulnerabilities were reported in

  7. U-217: Red Hat Certificate System Bugs Let Remote Users Conduct Cross-Site Scripting and Denial of Service Attacks

    Office of Energy Efficiency and Renewable Energy (EERE)

    Two vulnerabilities were reported in Red Hat Certificate System. A remote user can conduct cross-site scripting attacks. A remote authenticated user can revoke the CA certificate.

  8. U-026: Cisco Small Business SRP500 Series Bug Lets Remote Users Inject Commands

    Broader source: Energy.gov [DOE]

    A remote user can create a URL that, when loaded by the target authenticated administrative user, will execute arbitrary commands on the target system.

  9. T-692: VMware vFabric tc Server Lets Remote Users Login Using...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    A remote user can login using an obfuscated version of their password. PLATFORM: ... user can use the password in obfuscated form (or in plain text form) to authenticate. ...

  10. T-728: Apache Tomcat HTTP DIGEST Authentication Weaknesses Let...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    8: Apache Tomcat HTTP DIGEST Authentication Weaknesses Let Remote Users Conduct Bypass Attacks T-728: Apache Tomcat HTTP DIGEST Authentication Weaknesses Let Remote Users Conduct...

  11. User Guide for Remote Access to VDI/Workplace Using PIV | Department of

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Energy User Guide for Remote Access to VDI/Workplace Using PIV User Guide for Remote Access to VDI/Workplace Using PIV User guide for remote access to VDI/Workplace using a PIV card . VDI_WP_PIV_Remote_Guide_Final.pdf (1.39 MB) More Documents & Publications User guide for remote access to VDI and Workplace using RSA token Remote Access Options Instructions for using HSPD-12 Authenticated Outlook Web Access (OWA)

  12. User guide for remote access to VDI and Workplace using RSA token |

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Department of Energy User guide for remote access to VDI and Workplace using RSA token User guide for remote access to VDI and Workplace using RSA token User guide for remote access to VDI and Workplace using RSA token VDI_WP_RSA_Remote_Guide_Final.pdf (1.22 MB) More Documents & Publications User Guide for Remote Access to VDI/Workplace Using PIV Microsoft Word - Citrix_2FA_Authentication_12_3_2009.doc Citrix_2FA_Authentication_09.09

  13. V-195: RSA Authentication Manager Lets Local Users View the Administra...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    5: RSA Authentication Manager Lets Local Users View the Administrative Account Password V-195: RSA Authentication Manager Lets Local Users View the Administrative Account Password...

  14. T-707: Apache Tomcat AJP Protocol Processing Bug Lets Remote...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    AJP Protocol Processing Bug Lets Remote Users Bypass Authentication or Obtain Information T-707: Apache Tomcat AJP Protocol Processing Bug Lets Remote Users Bypass Authentication...

  15. V-220: Juniper Security Threat Response Manager Lets Remote Authentica...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Threat Response Manager Lets Remote Authenticated Users Execute Arbitrary Commands V-220: Juniper Security Threat Response Manager Lets Remote Authenticated Users Execute...

  16. U-267: RSA® Authentication Agent 7.1 for Microsoft Windows®...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    RSA Authentication Agent Lets Remote Authenticated Users Bypass an Authentication Step reference LINKS: SecurityTracker Alert ID: 1027559 Bugtraq ID: 55662 CVE-2012-2287...

  17. User Authentication Policy | Argonne Leadership Computing Facility

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    Users of the Argonne production systems are required to use a CRYPTOCard one time password... are: Something you know (for example, a password); Something you have (for example, an ID ...

  18. U-074: Microsoft.NET Bugs Let Remote Users Execute Arbitrary Commands, Access User Accounts, and Redirect Users

    Broader source: Energy.gov [DOE]

    A remote user can execute arbitrary commands on the target system. A remote user can access a target user's account. A remote user can redirect users to arbitrary sites.

  19. V-202: Cisco Video Surveillance Manager Bugs Let Remote Users...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Video Surveillance Manager Bugs Let Remote Users Obtain Potentially Sensitive Information V-202: Cisco Video Surveillance Manager Bugs Let Remote Users Obtain Potentially Sensitive...

  20. U-262: Microsoft Internet Explorer Flaw Lets Remote Users Execute...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    2: Microsoft Internet Explorer Flaw Lets Remote Users Execute Arbitrary Code U-262: Microsoft Internet Explorer Flaw Lets Remote Users Execute Arbitrary Code September 18, 2012 -...

  1. U-047: Siemens Automation License Manager Bugs Let Remote Users...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    7: Siemens Automation License Manager Bugs Let Remote Users Deny Service or Execute Arbitrary Code U-047: Siemens Automation License Manager Bugs Let Remote Users Deny Service or...

  2. V-231: Cisco Identity Services Engine Discloses Authentication Credentials

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    to Remote Users | Department of Energy 1: Cisco Identity Services Engine Discloses Authentication Credentials to Remote Users V-231: Cisco Identity Services Engine Discloses Authentication Credentials to Remote Users August 30, 2013 - 3:01am Addthis PROBLEM: A vulnerability was reported in Cisco Identity Services Engine. A remote user can obtain authentication credentials. PLATFORM: Cisco Identity Services Engine (ISE) 1.x ABSTRACT: A vulnerability was reported in Cisco Identity Services

  3. T-636: Wireshark Multiple Flaws Let Remote Users Deny Service

    Broader source: Energy.gov [DOE]

    Multiple vulnerabilities were reported in Wireshark. A remote user can cause denial of service conditions.

  4. U-203: HP Photosmart Bug Lets Remote Users Deny Service

    Broader source: Energy.gov [DOE]

    A vulnerability was reported in HP Photosmart. A remote user can cause denial of service conditions.

  5. U-176: Wireshark Multiple Bugs Let Remote Users Deny Service

    Broader source: Energy.gov [DOE]

    Several vulnerabilities were reported in Wireshark. A remote user can cause denial of service conditions.

  6. T-573: Windows Remote Desktop Client DLL Loading Error Lets Remote Users Execute Arbitrary Code

    Broader source: Energy.gov [DOE]

    A vulnerability was reported in Windows Remote Desktop Client. A remote user can cause arbitrary code to be executed on the target user's system.

  7. T-696: RSA Adaptive Authentication Has Unspecified Remote Authenticated Session Re-use Flaw

    Broader source: Energy.gov [DOE]

    An issue with Adaptive Authentication (On-Premise) was discovered which in certain circumstances might affect the out-of-the-box available authentication methods. In certain circumstances, when authentication information is compromised, and with the knowledge of additional session information, the authentication information might be reused within an active session.

  8. V-057: eXtplorer "ext_find_user()" Authentication Bypass Vulnerability |

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Department of Energy 7: eXtplorer "ext_find_user()" Authentication Bypass Vulnerability V-057: eXtplorer "ext_find_user()" Authentication Bypass Vulnerability December 28, 2012 - 6:00am Addthis PROBLEM: eXtplorer "ext_find_user()" Authentication Bypass Vulnerability PLATFORM: eXtplorer 2.x ABSTRACT: A vulnerability has been reported in eXtplorer, which can be exploited by malicious people to bypass certain security restrictions. REFERENCE LINKS: Secunia Advisory

  9. V-057: eXtplorer "ext_find_user()" Authentication Bypass Vulnerability |

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Department of Energy 57: eXtplorer "ext_find_user()" Authentication Bypass Vulnerability V-057: eXtplorer "ext_find_user()" Authentication Bypass Vulnerability December 28, 2012 - 6:00am Addthis December 28 2012 - 6:00am PROBLEM: eXtplorer "ext_find_user()" Authentication Bypass Vulnerability PLATFORM: eXtplorer 2.x ABSTRACT: A vulnerability has been reported in eXtplorer, which can be exploited by malicious people to bypass certain security restrictions.

  10. T-574: Google Chrome Multiple Flaws Let Remote Users Execute...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    4: Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code T-574: Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code March 10, 2011 - 3:05pm Addthis...

  11. V-218: HP Service Manager Unspecified Flaw Lets Remote Users...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    U-010:HP Onboard Administrator Unspecified Flaw Lets Remote Users Gain Access U-029: TCPIP Services for OpenVMS POPIMAP Service Bug Lets Remote Users Gain Unauthorized Access...

  12. U-010:HP Onboard Administrator Unspecified Flaw Lets Remote Users...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    0:HP Onboard Administrator Unspecified Flaw Lets Remote Users Gain Access U-010:HP Onboard Administrator Unspecified Flaw Lets Remote Users Gain Access October 13, 2011 - 8:15am...

  13. V-166: HP-UX Directory Server Discloses Passwords to Remote Authentica...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    6: HP-UX Directory Server Discloses Passwords to Remote Authenticated and Local Users V-166: HP-UX Directory Server Discloses Passwords to Remote Authenticated and Local Users May...

  14. U-277: Google Chrome Multiple Flaws Let Remote Users Execute...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Addthis PROBLEM: Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code PLATFORM: Version(s): prior to 22.0.1229.92 ABSTRACT: Several vulnerabilities were...

  15. U-184: Mozilla Firefox Multiple Bugs Let Remote Users Execute Arbitrary Code

    Broader source: Energy.gov [DOE]

    A remote user can cause arbitrary code to be executed on the target user's system. A remote user can conduct cross-site scripting attacks. A remote user can obtain potentially sensitive information.

  16. U-259: RSA BSAFE SSL-C Lets Remote Users Decrypt SSL/TLS Traffic...

    Office of Environmental Management (EM)

    59: RSA BSAFE SSL-C Lets Remote Users Decrypt SSLTLS Traffic and SSL Buffer Overflow Lets Remote Users Execute Arbitrary Code U-259: RSA BSAFE SSL-C Lets Remote Users Decrypt SSL...

  17. U-279: Cisco Firewall Services Module Bugs Let Remote Users Execute...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    79: Cisco Firewall Services Module Bugs Let Remote Users Execute Arbitrary Code and Deny Service U-279: Cisco Firewall Services Module Bugs Let Remote Users Execute Arbitrary Code ...

  18. V-172: ISC BIND RUNTIME_CHECK Error Lets Remote Users Deny Service...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    ISC BIND RUNTIMECHECK Error Lets Remote Users Deny Service Against Recursive Resolvers V-172: ISC BIND RUNTIMECHECK Error Lets Remote Users Deny Service Against Recursive...

  19. U-241: Adobe Flash Player Bugs Let Remote Users Execute Arbitrary...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    1: Adobe Flash Player Bugs Let Remote Users Execute Arbitrary Code and Obtain Information U-241: Adobe Flash Player Bugs Let Remote Users Execute Arbitrary Code and Obtain...

  20. V-006: CA ARCserve Backup Flaws Let Remote Users Execute Arbitrary Code and Deny Service

    Broader source: Energy.gov [DOE]

    Two vulnerabilities were reported in CA ARCserve Backup. A remote user can execute arbitrary code on the target system. A remote user can cause denial of service conditions.

  1. U-005: Apache mod_proxy Pattern Matching Bug Lets Remote Users...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    5: Apache modproxy Pattern Matching Bug Lets Remote Users Access Internal Servers U-005: Apache modproxy Pattern Matching Bug Lets Remote Users Access Internal Servers October 6,...

  2. U-142: HP Onboard Administrator Bugs Let Remote Users Gain Access...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    2: HP Onboard Administrator Bugs Let Remote Users Gain Access, Obtain Information, and Conduct URL Redirection Attacks U-142: HP Onboard Administrator Bugs Let Remote Users Gain...

  3. U-046: Apache mod_proxy/mod_rewrite Bug Lets Remote Users Access...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    6: Apache modproxymodrewrite Bug Lets Remote Users Access Internal Servers U-046: Apache modproxymodrewrite Bug Lets Remote Users Access Internal Servers November 28, 2011 -...

  4. U-049: IBM Tivoli Netcool Reporter CGI Bug Lets Remote Users...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    LaserJet Printers Unspecified Flaw Lets Remote Users Update Firmware with Arbitrary Code U-053: Linux kexec Bugs Let Local and Remote Users Obtain Potentially Sensitive Information

  5. U-165: Apple iOS Bugs Let Remote Users Execute Arbitrary Code...

    Energy Savers [EERE]

    iOS. A remote user can cause arbitrary code to be executed on the target user's system. ... A remote user can create a specially crafted file that, when loaded by the target user, ...

  6. T-678: Red Hat Enterprise Virtualization Hypervisor VLAN Packet Processing Flaw Lets Remote Users Deny Service

    Office of Energy Efficiency and Renewable Energy (EERE)

    Red Hat Enterprise Virtualization Hypervisor VLAN Packet Processing Flaw Lets Remote Users Deny Service.

  7. T-718:Adobe Acrobat/Reader Multiple Bugs Let Remote Users Execute Arbitrary Code

    Broader source: Energy.gov [DOE]

    A remote user can create a file that, when loaded by the target user, will execute arbitrary code on the target user's system.

  8. U-079: Adobe Acrobat/Reader Multiple Bugs Let Remote Users Execute Arbitrary Code

    Broader source: Energy.gov [DOE]

    A remote user can create a file that, when loaded by the target user, will execute arbitrary code on the target user's system.

  9. U-036: Apple iOS Bugs Let Remote Users Execute Arbitrary Code

    Broader source: Energy.gov [DOE]

    A remote user can create content that, when loaded by the target user, will execute arbitrary code on or obtain potentially sensitive information from the target user's system.

  10. U-041: Google Chrome Out-of-Bounds Write Error Lets Remote Users Execute Arbitrary Code

    Broader source: Energy.gov [DOE]

    A remote user can create HTML that, when loaded by the target user, will execute arbitrary code on the target user's system.

  11. U-004:Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code

    Broader source: Energy.gov [DOE]

    A remote user can create HTML that, when loaded by the target user, will execute arbitrary code on the target user's system.

  12. T-652: Mozilla Thunderbird Bugs Let Remote Users Obtain Cookies and Execute Arbitrary Code

    Broader source: Energy.gov [DOE]

    Multiple vulnerabilities were reported in Mozilla Thunderbird. A remote user can cause arbitrary code to be executed on the target user's system. A remote user can obtain cookies from another domain in certain cases.

  13. U-118: Adobe Flash Player Bugs Let Remote Users Execute Arbitrary Code and Obtain Information

    Broader source: Energy.gov [DOE]

    Two vulnerabilities were reported in Adobe Flash Player. A remote user can cause arbitrary code to be executed on the target user's system. A remote user can obtain potentially information.

  14. U-264: Apple OS X Lets Remote Users Execute Arbitrary Code and Local Users Gain Elevated Privileges

    Office of Energy Efficiency and Renewable Energy (EERE)

    Several vulnerabilities were reported in Apple OS X. A remote user can execute arbitrary code on the target system. A remote user can obtain a password hash in certain cases. A local user can obtain elevated privileges on the target system. A local user can obtain password keystrokes.

  15. T-563: Red Hat Directory Server Bugs Let Local Users Gain Elevated Privileges and Remote and Local Users Deny Service

    Broader source: Energy.gov [DOE]

    Several vulnerabilities were reported in Red Hat Directory Server. A local user can obtain elevated privileges on the target system. A remote user can cause denial of service conditions. A local user can cause denial of service conditions.

  16. U-015: CiscoWorks Common Services Home Page Input Validation Flaw Lets Remote Users Execute Arbitrary Commands

    Broader source: Energy.gov [DOE]

    Successful exploitation of this vulnerability may allow an authenticated, remote attacker to execute arbitrary commands on the affected system with the privileges of a system administrator.

  17. U-136: Adobe Flash Player Lets Remote Users Execute Arbitrary Code

    Broader source: Energy.gov [DOE]

    Two vulnerabilities were reported in Adobe Flash Player. A remote user can cause arbitrary code to be executed on the target user's system.

  18. U-166: Adobe Shockwave Player Memory Corruption Flaws Let Remote Users Execute Arbitrary Code

    Broader source: Energy.gov [DOE]

    Multiple vulnerabilities were reported in Adobe Shockwave Player. A remote user can cause arbitrary code to be executed on the target user's system.

  19. U-170: Apple QuickTime Multiple Flaws Let Remote Users Execute Arbitrary Code

    Broader source: Energy.gov [DOE]

    Multiple vulnerabilities were reported in Apple QuickTime. A remote user can cause arbitrary code to be executed on the target user's system.

  20. U-080: Linux Kernel XFS Heap Overflow May Let Remote Users Execute Arbitrary Code

    Broader source: Energy.gov [DOE]

    A vulnerability was reported in the Linux Kernel. A remote user can cause arbitrary code to be executed on the target user's system.

  1. U-133: Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code

    Broader source: Energy.gov [DOE]

    Multiple vulnerabilities were reported in Google Chrome. A remote user can cause arbitrary code to be executed on the target user's system.

  2. U-143: Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code

    Broader source: Energy.gov [DOE]

    Multiple vulnerabilities were reported in Google Chrome. A remote user can cause arbitrary code to be executed on the target user's system.

  3. U-160: Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code

    Broader source: Energy.gov [DOE]

    Several vulnerabilities were reported in Google Chrome. A remote user can cause arbitrary code to be executed on the target user's system

  4. U-107: Cisco NX-OS IP Packet Processing Flaw Lets Remote Users...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    07: Cisco NX-OS IP Packet Processing Flaw Lets Remote Users Deny Service U-107: Cisco NX-OS IP Packet Processing Flaw Lets Remote Users Deny Service February 21, 2012 - 6:00am ...

  5. T-536: Cisco ASA Multiple Flaws Let Remote Users Deny Service...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    6: Cisco ASA Multiple Flaws Let Remote Users Deny Service and Bypass Security Controls T-536: Cisco ASA Multiple Flaws Let Remote Users Deny Service and Bypass Security Controls ...

  6. V-113: Apple Safari Bugs Let Remote Users Execute Arbitrary Code...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    3: Apple Safari Bugs Let Remote Users Execute Arbitrary Code V-113: Apple Safari Bugs Let Remote Users Execute Arbitrary Code March 18, 2013 - 1:53am Addthis PROBLEM: Apple Safari...

  7. V-020: Apple QuickTime Multiple Flaws Let Remote Users Execute...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    0: Apple QuickTime Multiple Flaws Let Remote Users Execute Arbitrary Code V-020: Apple QuickTime Multiple Flaws Let Remote Users Execute Arbitrary Code November 9, 2012 - 6:00am...

  8. V-184: Google Chrome Flash Plug-in Lets Remote Users Conduct...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    4: Google Chrome Flash Plug-in Lets Remote Users Conduct Clickjacking Attacks V-184: Google Chrome Flash Plug-in Lets Remote Users Conduct Clickjacking Attacks June 24, 2013 -...

  9. V-212: Samba smbd CPU Processing Loop Lets Remote Users Deny...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    2: Samba smbd CPU Processing Loop Lets Remote Users Deny Service V-212: Samba smbd CPU Processing Loop Lets Remote Users Deny Service August 6, 2013 - 6:00am Addthis PROBLEM: A...

  10. U-140: HP-UX Unspecified Flaw in DCE Lets Remote Users Execute Arbitrary Code

    Broader source: Energy.gov [DOE]

    A remote user can execute arbitrary code on the target system. A remote user can send specially crafted data to execute arbitrary code on the target system. The code will run with the privileges of the target service.

  11. V-066: Adobe Acrobat/Reader Multiple Flaws Lets Remote Users...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    6: Adobe AcrobatReader Multiple Flaws Lets Remote Users Execute Arbitrary Code and Local Users Gain Elevated Privileges V-066: Adobe AcrobatReader Multiple Flaws Lets Remote...

  12. U-257: Adobe ColdFusion Unspecified Bug Lets Remote Users Deny...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    7: Adobe ColdFusion Unspecified Bug Lets Remote Users Deny Service U-257: Adobe ColdFusion Unspecified Bug Lets Remote Users Deny Service September 12, 2012 - 6:00am Addthis...

  13. V-203: HP LoadRunner Multiple Bugs Let Remote Users Deny Service...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    V-171: Apple Safari Bugs Let Remote Users Execute Arbitrary Code and Conduct Cross-Site Scripting Attacks V-110: Adobe Flash Player Bugs Let Remote Users Execute Arbitrary Code...

  14. V-110: Adobe Flash Player Bugs Let Remote Users Execute Arbitrary...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    0: Adobe Flash Player Bugs Let Remote Users Execute Arbitrary Code V-110: Adobe Flash Player Bugs Let Remote Users Execute Arbitrary Code March 13, 2013 - 12:04am Addthis PROBLEM:...

  15. V-095: Oracle Java Flaws Let Remote Users Execute Arbitrary Code...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    5: Oracle Java Flaws Let Remote Users Execute Arbitrary Code V-095: Oracle Java Flaws Let Remote Users Execute Arbitrary Code February 20, 2013 - 12:38am Addthis PROBLEM: Oracle...

  16. V-142: Oracle Java Reflection API Flaw Lets Remote Users Execute...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    2: Oracle Java Reflection API Flaw Lets Remote Users Execute Arbitrary Code V-142: Oracle Java Reflection API Flaw Lets Remote Users Execute Arbitrary Code April 25, 2013 - 12:14am...

  17. V-144: HP Printers Let Remote Users Access Files on the Printer...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    4: HP Printers Let Remote Users Access Files on the Printer V-144: HP Printers Let Remote Users Access Files on the Printer April 29, 2013 - 12:27am Addthis PROBLEM: HP Printers...

  18. V-147: IBM Lotus Notes Mail Client Lets Remote Users Execute...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    7: IBM Lotus Notes Mail Client Lets Remote Users Execute Java Applets V-147: IBM Lotus Notes Mail Client Lets Remote Users Execute Java Applets May 2, 2013 - 6:00am Addthis...

  19. U-048: HP LaserJet Printers Unspecified Flaw Lets Remote Users...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    T-699: EMC AutoStart Buffer Overflows Let Remote Users Execute Arbitrary Code U-049: IBM Tivoli Netcool Reporter CGI Bug Lets Remote Users Inject Commands on the Target System...

  20. U-089:Apache Struts ParameterInterceptor() Flaw Lets Remote Users...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Apache Struts ParameterInterceptor() Flaw Lets Remote Users Execute Arbitrary Commands PLATFORM: Struts 2.0.0 - Struts 2.3.1.1 ABSTRACT: A remote user can execute arbitrary code...

  1. U-239: Apple iPhone SMS Processing Flaw Lets Remote Users Spoof...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    U-165: Apple iOS Bugs Let Remote Users Execute Arbitrary Code and Spoof Address Bar URLs T-676: Apple iOS Certificate Chain Validation Flaw Lets Certain Remote Users Access or ...

  2. U-208: HP Operations Agent Bugs Let Remote Users Execute Arbitrary Code

    Broader source: Energy.gov [DOE]

    Two vulnerabilities were reported in HP Operations Agent. A remote user can execute arbitrary code on the target system

  3. U-205: RSA Access Manager Session Replay Flaw Lets Remote Users Access the System

    Broader source: Energy.gov [DOE]

    A vulnerability was reported in RSA Access Manager. A remote user can gain access to the target system.

  4. U-153: EMC Data Protection Advisor Server and Collector Bugs Let Remote Users Deny Service

    Broader source: Energy.gov [DOE]

    Two vulnerabilities were reported in EMC Data Protection Advisor. A remote user can cause denial of service conditions.

  5. U-134: Apache Traffic Server Host Header Processing Flaw Lets Remote Users Deny Service

    Broader source: Energy.gov [DOE]

    A vulnerability was reported in Apache Traffic Server. A remote user can cause denial of service conditions.

  6. U-161: Citrix Provisioning Services Unspecified Flaw Lets Remote Users Execute Arbitrary Code

    Broader source: Energy.gov [DOE]

    A vulnerability was reported in Citrix Provisioning Services. A remote user can execute arbitrary code on the target system.

  7. U-135: HP WBEM Discloses Diagnostic Data to Remote and Local Users

    Broader source: Energy.gov [DOE]

    Two vulnerabilities were reported in HP WBEM. A remote or local user can gain access to diagnostic data.

  8. T-719:Apache mod_proxy_ajp HTTP Processing Error Lets Remote Users Deny Service

    Broader source: Energy.gov [DOE]

    A remote user can cause the backend server to remain in an error state until the retry timeout expires.

  9. U-236: Microsoft JScript and VBScript Engine Integer Overflow Lets Remote Users Execute Arbitrary Code

    Broader source: Energy.gov [DOE]

    Execution of arbitrary code via network A remote user can cause arbitrary code to be executed on the target

  10. U-163: PHP Command Parameter Bug Lets Remote Users Obtain Potentially Sensitive Information and Execute Arbitrary Code

    Broader source: Energy.gov [DOE]

    A vulnerability was reported in PHP. A remote user can obtain potentially sensitive information. A remote user can execute arbitrary code on the target system.

  11. T-654: Apple QuickTime Multiple Bugs Let Remote Users Execute Arbitrary

    Broader source: Energy.gov [DOE]

    A remote user can create a specially crafted file that, when loaded by the target user, will execute arbitrary code on the target system. The code will run with the privileges of the target user.

  12. U-063: RSA SecurID Software Token for Windows DLL Loading Error Lets Remote Users Execute Arbitrary Code

    Broader source: Energy.gov [DOE]

    A remote user can cause the target application to execute arbitrary code on the target user's system.

  13. T-570: HP Security Bulletin- HP-UX Running OpenSSL, Remote Execution of Arbitrary Code, Denial of Service (DoS), Authentication Bypass

    Broader source: Energy.gov [DOE]

    A potential security vulnerability has been identified with HP-UX OpenSSL. This vulnerability could be exploited remotely to execute arbitrary code or create a Denial of Service (DoS) or an authentication bypass.

  14. Microsoft Word - Citrix_2FA_Authentication_12_3_2009.doc | Department of

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Energy Citrix_2FA_Authentication_12_3_2009.doc Microsoft Word - Citrix_2FA_Authentication_12_3_2009.doc Microsoft Word - Citrix_2FA_Authentication_12_3_2009.doc (453.3 KB) More Documents & Publications Citrix_2FA_Authentication_09.09 Using Two-Factor RSA Token with WebVPN User guide for remote access to VDI and Workplace using RSA token

  15. T-695: Avaya Aura Application Server Buffer Overflow in 'cstore.exe' Lets Remote Users Execute Arbitrary Code

    Broader source: Energy.gov [DOE]

    Avaya Aura Application Server Buffer Overflow in 'cstore.exe' Lets Remote Users Execute Arbitrary Code.

  16. T-673: Apple Safari Multiple Flaws Let Remote Users Execute Arbitrary Code, Conduct Cross-Site Scripting Attacks

    Broader source: Energy.gov [DOE]

    Apple Safari Multiple Flaws Let Remote Users Execute Arbitrary Code, Conduct Cross-Site Scripting Attacks

  17. U-119: Blackberry PlayBook Unspecified WebKit Bug Lets Remote Users Execute Arbitrary Code

    Broader source: Energy.gov [DOE]

    A remote user can create HTML that, when loaded by the target user, will execute arbitrary code on the target user's system

  18. U-259: RSA BSAFE SSL-C Lets Remote Users Decrypt SSL/TLS Traffic and SSL

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Buffer Overflow Lets Remote Users Execute Arbitrary Code | Department of Energy 59: RSA BSAFE SSL-C Lets Remote Users Decrypt SSL/TLS Traffic and SSL Buffer Overflow Lets Remote Users Execute Arbitrary Code U-259: RSA BSAFE SSL-C Lets Remote Users Decrypt SSL/TLS Traffic and SSL Buffer Overflow Lets Remote Users Execute Arbitrary Code September 13, 2012 - 6:00am Addthis PROBLEM: RSA BSAFE SSL-C Lets Remote Users Decrypt SSL/TLS Traffic and SSL Buffer Overflow Lets Remote Users Execute

  19. V-140: Apache ActiveMQ Bugs Let Remote Users Conduct Cross-Site...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    0: Apache ActiveMQ Bugs Let Remote Users Conduct Cross-Site Scripting Attacks, Deny Service, and Obtain Potentially Sensitive Information V-140: Apache ActiveMQ Bugs Let Remote...

  20. V-135: Cisco ASA Multiple Bugs Let Remote Users Deny Service | Department

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    of Energy 5: Cisco ASA Multiple Bugs Let Remote Users Deny Service V-135: Cisco ASA Multiple Bugs Let Remote Users Deny Service April 16, 2013 - 12:21am Addthis PROBLEM: Cisco ASA Multiple Bugs Let Remote Users Deny Service PLATFORM: Cisco ASA Software for Cisco ASA 5500 Series Adaptive Security Appliances, Cisco ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers, and Cisco ASA 1000V Cloud Firewall are affected by multiple vulnerabilities. Affected

  1. U-053: Linux kexec Bugs Let Local and Remote Users Obtain Potentially

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Sensitive Information | Department of Energy 53: Linux kexec Bugs Let Local and Remote Users Obtain Potentially Sensitive Information U-053: Linux kexec Bugs Let Local and Remote Users Obtain Potentially Sensitive Information December 7, 2011 - 7:30am Addthis PROBLEM: Linux kexec Bugs Let Local and Remote Users Obtain Potentially Sensitive Information . PLATFORM: Red Hat Enterprise Linux Desktop (v. 6) Red Hat Enterprise Linux HPC Node (v. 6) Red Hat Enterprise Linux Server (v. 6) Red Hat

  2. U-279: Cisco Firewall Services Module Bugs Let Remote Users Execute

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Arbitrary Code and Deny Service | Department of Energy 79: Cisco Firewall Services Module Bugs Let Remote Users Execute Arbitrary Code and Deny Service U-279: Cisco Firewall Services Module Bugs Let Remote Users Execute Arbitrary Code and Deny Service October 11, 2012 - 6:00am Addthis PROBLEM: Cisco Firewall Services Module Bugs Let Remote Users Execute Arbitrary Code and Deny Service PLATFORM: Version(s): prior to 4.1(9) ABSTRACT: Several vulnerabilities were reported in Cisco Firewall

  3. V-235: Cisco Mobility Services Engine Configuration Error Lets Remote Users

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Login Anonymously | Department of Energy 5: Cisco Mobility Services Engine Configuration Error Lets Remote Users Login Anonymously V-235: Cisco Mobility Services Engine Configuration Error Lets Remote Users Login Anonymously September 5, 2013 - 12:33am Addthis PROBLEM: A vulnerability was reported in Cisco Mobility Services Engine. A remote user can login anonymously. PLATFORM: Cisco Mobility Services Engine ABSTRACT: A vulnerability in Cisco Mobility Services Engine could allow an

  4. T-536: Cisco ASA Multiple Flaws Let Remote Users Deny Service and Bypass

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Security Controls | Department of Energy 36: Cisco ASA Multiple Flaws Let Remote Users Deny Service and Bypass Security Controls T-536: Cisco ASA Multiple Flaws Let Remote Users Deny Service and Bypass Security Controls January 18, 2011 - 2:30pm Addthis PROBLEM: Cisco ASA Multiple Flaws Let Remote Users Deny Service and Bypass Security Controls. PLATFORM: Cisco 5500 Series Adaptive Security Appliances (ASA) ABSTRACT: Cisco ASA 5500 Series Adaptive Security Appliances are affected by multiple

  5. U-165: Apple iOS Bugs Let Remote Users Execute Arbitrary Code and Spoof Address Bar URLs

    Broader source: Energy.gov [DOE]

    Two vulnerabilities were reported in Apple iOS. A remote user can cause arbitrary code to be executed on the target user's system. A remote user can spoof the address bar URL.

  6. U-091: cURL Lets Remote Users Decrypt SSL/TLS Traffic | Department of

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Energy 91: cURL Lets Remote Users Decrypt SSL/TLS Traffic U-091: cURL Lets Remote Users Decrypt SSL/TLS Traffic January 30, 2012 - 6:45am Addthis PROBLEM: A vulnerability was reported in cURL. PLATFORM: Linux (Any), UNIX (Any), Windows (Any) : Version(s): 7.10.6 through 7.23.1 ABSTRACT: A remote user can decrypt SSL/TLS sessions in certain cases. reference LINKS: CVE-2011-3389 SecurityTracker Alert ID: 1026587 Vendor Advisory IMPACT ASSESSMENT: Moderate Discussion: A remote user with the

  7. U-107: Cisco NX-OS IP Packet Processing Flaw Lets Remote Users Deny Service

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    | Department of Energy 07: Cisco NX-OS IP Packet Processing Flaw Lets Remote Users Deny Service U-107: Cisco NX-OS IP Packet Processing Flaw Lets Remote Users Deny Service February 21, 2012 - 6:00am Addthis PROBLEM: A vulnerability was reported in Cisco NX-OS. A remote user can cause denial of service conditions. PLATFORM: Nexus 1000v, 5000, and 7000 Series Switches ABSTRACT: A remote user can send a specially crafted IP packet to cause the target device to reload. reference LINKS: Cisco

  8. U-239: Apple iPhone SMS Processing Flaw Lets Remote Users Spoof SMS Source

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Addresses | Department of Energy 39: Apple iPhone SMS Processing Flaw Lets Remote Users Spoof SMS Source Addresses U-239: Apple iPhone SMS Processing Flaw Lets Remote Users Spoof SMS Source Addresses August 20, 2012 - 7:00am Addthis PROBLEM: Apple iPhone SMS Processing Flaw Lets Remote Users Spoof SMS Source Addresses PLATFORM: Version(s): 6 beta 4 and prior versions ABSTRACT: A remote user can spoof SMS source addresses. Reference LINKS: SecurityTracker Alert ID: 1027410 Apple.com PCMag.com

  9. T-598: Apache Tomcat HTTP BIO Connector Error Discloses Information From Different Requests to Remote Users

    Broader source: Energy.gov [DOE]

    When using HTTP pipelining, the system may return information from a different request to a remote user. The vulnerability resides in the HTTP BIO connector.

  10. U-053: Linux kexec Bugs Let Local and Remote Users Obtain Potentially...

    Office of Environmental Management (EM)

    Linux kexec Bugs Let Local and Remote Users Obtain Potentially Sensitive Information . PLATFORM: Red Hat Enterprise Linux Desktop (v. 6) Red Hat Enterprise Linux HPC Node (v. 6) ...

  11. T-545: RealPlayer Heap Corruption Error in 'vidplin.dll' Lets Remote Users

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Execute Arbitrary Code | Department of Energy 5: RealPlayer Heap Corruption Error in 'vidplin.dll' Lets Remote Users Execute Arbitrary Code T-545: RealPlayer Heap Corruption Error in 'vidplin.dll' Lets Remote Users Execute Arbitrary Code January 28, 2011 - 7:21am Addthis PROBLEM: RealPlayer Heap Corruption Error in 'vidplin.dll' Lets Remote Users Execute Arbitrary Code. PLATFORM: RealPlayer 14.0.1 and prior versions ABSTRACT: A vulnerability was reported in RealPlayer. A remote user can

  12. U-096: IBM AIX TCP Large Send Offload Bug Lets Remote Users Deny Service

    Broader source: Energy.gov [DOE]

    A remote user can send a series of specially crafted TCP packets to trigger a kernel panic on the target system.

  13. T-538: HP OpenView Storage Data Protector Bug Lets Remote Users Execute Arbitrary Code

    Broader source: Energy.gov [DOE]

    A vulnerability was reported in HP OpenView Storage Data Protector. A remote user can execute arbitrary code on the target system.

  14. T-648: Avaya IP Office Manager TFTP Server Lets Remote Users Traverse the Directory

    Broader source: Energy.gov [DOE]

    The software does not properly validate user-supplied input. A remote user can supply a specially crafted request to view files on target system running the IP Office Manager software.

  15. U-088: Symantec pcAnywhere Bugs Let Remote Users Execute Arbitrary Code

    Broader source: Energy.gov [DOE]

    Two vulnerabilities were reported in Symantec pcAnywhere. A remote user can execute arbitrary code on the target system. A local user can obtain elevated privileges on the target system.

  16. User Guide Remote Access to VDI/Workplace Using PIV

    Broader source: Energy.gov (indexed) [DOE]

    ......... 3 1.1 Web Browsers ......with remote PIV with VDI. 1.1 Web Browsers Browser Version Functions with ...

  17. U-007: IBM Rational AppScan Import/Load Function Flaws Let Remote Users Execute Arbitrary Code

    Broader source: Energy.gov [DOE]

    Two vulnerabilities were reported in IBM Rational AppScan. A remote user can cause arbitrary code to be executed on the target user's system.

  18. V-058: Microsoft Internet Explorer CDwnBindInfo Object Reuse Flaw Lets Remote Users Execute Arbitrary Code

    Broader source: Energy.gov [DOE]

    A vulnerability was reported in Microsoft Internet Explorer. A remote user can cause arbitrary code to be executed on the target user's system.

  19. U-177: Lotus Quickr for Domino ActiveX Control Buffer Overflow Lets Remote Users Execute Arbitrary Code

    Broader source: Energy.gov [DOE]

    A vulnerability was reported in Lotus Quickr for Domino. A remote user can cause arbitrary code to be executed on the target user's system.

  20. U-012: BlackBerry Enterprise Server Collaboration Service Bug Lets Remote Users Impersonate Intra-organization Messages

    Office of Energy Efficiency and Renewable Energy (EERE)

    A vulnerability was reported in BlackBerry Enterprise Server. A remote user can impersonate another messaging user within the same organization.

  1. U-049: IBM Tivoli Netcool Reporter CGI Bug Lets Remote Users Inject

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Commands on the Target System | Department of Energy 49: IBM Tivoli Netcool Reporter CGI Bug Lets Remote Users Inject Commands on the Target System U-049: IBM Tivoli Netcool Reporter CGI Bug Lets Remote Users Inject Commands on the Target System December 1, 2011 - 9:00am Addthis PROBLEM: IBM Tivoli Netcool Reporter CGI Bug Lets Remote Users Inject Commands on the Target System. PLATFORM: IBM Tivoli Netcool Reporter prior to 2.2.0.8 ABSTRACT: A vulnerability was reported in IBM Tivoli Netcool

  2. V-049: RealPlayer Buffer Overflow and Invalid Pointer Flaw Let Remote Users

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Execute Arbitrary Code | Department of Energy 9: RealPlayer Buffer Overflow and Invalid Pointer Flaw Let Remote Users Execute Arbitrary Code V-049: RealPlayer Buffer Overflow and Invalid Pointer Flaw Let Remote Users Execute Arbitrary Code December 18, 2012 - 1:30am Addthis PROBLEM: RealPlayer Buffer Overflow and Invalid Pointer Flaw Let Remote Users Execute Arbitrary Code PLATFORM: Windows RealPlayer 15.0.6.14 and prior. ABSTRACT: Two vulnerabilities were reported in RealPlayer. REFERENCE

  3. V-165: Cisco WebEx for iOS Certificate Validation Flaw Lets Remote Users

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Spoof the Server | Department of Energy 65: Cisco WebEx for iOS Certificate Validation Flaw Lets Remote Users Spoof the Server V-165: Cisco WebEx for iOS Certificate Validation Flaw Lets Remote Users Spoof the Server May 28, 2013 - 12:46am Addthis PROBLEM: Cisco WebEx for iOS Certificate Validation Flaw Lets Remote Users Spoof the Server PLATFORM: Cisco WebEx for iOS 4.1, Other versions may also be affected. ABSTRACT: A vulnerability was reported in Cisco WebEx for iOS. REFERENCE LINKS:

  4. T-692: VMware vFabric tc Server Lets Remote Users Login Using Obfuscated

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Passwords | Department of Energy 92: VMware vFabric tc Server Lets Remote Users Login Using Obfuscated Passwords T-692: VMware vFabric tc Server Lets Remote Users Login Using Obfuscated Passwords August 12, 2011 - 3:47pm Addthis PROBLEM: A vulnerability was reported in VMware vFabric tc Server. A remote user can login using an obfuscated version of their password. PLATFORM: Version(s): vFabric tc Server 2.0.0.RELEASE to 2.0.5.SR01, 2.1.0.RELEASE to 2.1.1.SR01 ABSTRACT: VMware vFabric tc

  5. T-727:Microsoft Windows SSL/TLS Protocol Flaw Lets Remote Users Decryption

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Sessions | Department of Energy 7:Microsoft Windows SSL/TLS Protocol Flaw Lets Remote Users Decryption Sessions T-727:Microsoft Windows SSL/TLS Protocol Flaw Lets Remote Users Decryption Sessions September 27, 2011 - 8:00am Addthis PROBLEM: Microsoft Windows SSL/TLS Protocol Flaw Lets Remote Users Decryption Sessions. PLATFORM: Windows XP Service Pack 3 Windows XP Professional x64 Edition Service Pack 2 Windows Server 2003 Service Pack 2 Windows Server 2003 x64 Edition Service Pack 2 Windows

  6. U-137: HP Performance Manager Unspecified Bug Lets Remote Users...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    vulnerability has been identified with HP Performance Manager running on HP-UX, Linux, Solaris, and Windows. The vulnerability could be exploited remotely to execute...

  7. T-727:Microsoft Windows SSL/TLS Protocol Flaw Lets Remote Users...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    U-033: Microsoft Security Bulletin Summary for November 2011 T-706: Microsoft Fraudulent Digital Certificate Issued by DigiNotar U-259: RSA BSAFE SSL-C Lets Remote Users Decrypt ...

  8. U-170: Apple QuickTime Multiple Flaws Let Remote Users Execute...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    overflow CVE-2012-0670. A specially crafted '.pict' file can trigger a memory corruption error CVE-2012-0671. Impact: A remote user can create a file that, when loaded by...

  9. U-111: IBM AIX ICMP Processing Flaw Lets Remote Users Deny Service...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    aixefixessecurityicmpfix.tar Addthis Related Articles U-096: IBM AIX TCP Large Send Offload Bug Lets Remote Users Deny Service V-031: IBM WebSphere DataPower...

  10. U-014: Oracle Java Runtime Environment (JRE) Multiple Flaws Let Remote Users Execute Arbitrary Code and Deny Service

    Broader source: Energy.gov [DOE]

    A remote user can create a Java applet or Java Web Start application that, when loaded by the target user, will access or modify data or execute arbitrary code on the target user's system.

  11. U-081: McAfee SaaS 'myCIOScn.dll' ActiveX Control Lets Remote Users Execute Arbitrary Code

    Broader source: Energy.gov [DOE]

    A remote user can create HTML that, when loaded by the target user, will execute arbitrary code on the target user's system.

  12. U-112: PostgreSQL Bugs Let Remote Authenticated Users Gain Elevated...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    in certain cases. reference LINKS: Vendor Advisory Security Tracker ID 1026744 CVE-2012-0866 IMPACT ASSESSMENT: Medium Discussion: For trigger functions marked SECURITY...

  13. U-155: WebCalendar Access Control and File Inclusion Bugs Let Remote Users Potentially Execute Arbitrary Code

    Office of Energy Efficiency and Renewable Energy (EERE)

    Two vulnerabilities were reported in WebCalendar. A remote user may be able to execute arbitrary PHP code on the target system.

  14. U-008: Symantec Data Loss Prevention Bugs in KeyView Filter Lets Remote Users Deny Service

    Broader source: Energy.gov [DOE]

    A remote user can create a file that, when processed by the target filter, will cause partial denial of service conditions.

  15. Multi-factor authentication

    DOE Patents [OSTI]

    Hamlet, Jason R; Pierson, Lyndon G

    2014-10-21

    Detection and deterrence of spoofing of user authentication may be achieved by including a cryptographic fingerprint unit within a hardware device for authenticating a user of the hardware device. The cryptographic fingerprint unit includes an internal physically unclonable function ("PUF") circuit disposed in or on the hardware device, which generates a PUF value. Combining logic is coupled to receive the PUF value, combines the PUF value with one or more other authentication factors to generate a multi-factor authentication value. A key generator is coupled to generate a private key and a public key based on the multi-factor authentication value while a decryptor is coupled to receive an authentication challenge posed to the hardware device and encrypted with the public key and coupled to output a response to the authentication challenge decrypted with the private key.

  16. Instructions for using HSPD-12 Authenticated Outlook Web Access...

    Energy Savers [EERE]

    Instructions for using HSPD-12 Authenticated Outlook Web Access (OWA) Instructions for using HSPD-12 Authenticated Outlook Web Access (OWA) Provides instructions for remote Outlook...

  17. T-609: Adobe Acrobat/Reader Memory Corruption Error in CoolType Library Lets Remote Users Execute Arbitrary Code

    Broader source: Energy.gov [DOE]

    A remote user can create a specially crafted PDF file that, when loaded by the target user, will trigger a memory corruption error in the CoolType library and execute arbitrary code on the target system. The code will run with the privileges of the target user.

  18. T-633: BIND RRSIG RRsets Negative Caching Off-by-one Bug Lets Remote Users Deny Service

    Broader source: Energy.gov [DOE]

    A remote DNS server can supply very large RRSIG RRsets in a negative response to trigger an off-by-one error in a buffer size check and cause the target requesting named process to crash. A remote user can cause named to crash.

  19. V-231: Cisco Identity Services Engine Discloses Authentication...

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    system stores the username and password of an authenticated user within hidden ... or clickjacking attack to access the username and password of an authenticated session. ...

  20. T-635: Cisco AnyConnect Secure Mobility Client Lets Remote Users Execute Arbitrary Code and Local Users Gain Elevated Privileges

    Broader source: Energy.gov [DOE]

    Cisco AnyConnect Secure Mobility Client contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code on a targeted system. The vulnerability exists due to improper validation of program executables downloaded by the Cisco AnyConnect Secure Mobility Client. An unauthenticated, remote attacker could exploit the vulnerability by convincing the targeted user to view a malicious website. If successful, the attacker could execute arbitrary code on the system with the privileges of the user. Cisco confirmed the vulnerability in a security advisory and released software updates.

  1. V-012: Mozilla Firefox 'window.location' Bugs Permit Cross-Site Scripting Attacks and May Let Remote Users Execute Arbitrary Code

    Broader source: Energy.gov [DOE]

    PROBLEM: Mozilla Firefox 'window.location' Bugs Permit Cross-Site Scripting Attacks and May Let Remote Users Execute Arbitrary Code

  2. T-680:Samba SWAT 'user' Field Cross Site Scripting Vulnerability

    Broader source: Energy.gov [DOE]

    It was found that the 'Change Password' page / screen of the Samba Web Administration Tool did not properly sanitize content of the user-provided "user" field, prior printing it back to the page content. A remote attacker could provide a specially-crafted URL, which once visited by an authenticated Samba SWAT user could allow the attacker to conduct cross-site scripting attacks (execute arbitrary HTML or script code).

  3. Secure authenticated video equipment

    SciTech Connect (OSTI)

    Doren, N.E.

    1993-07-01

    In the verification technology arena, there is a pressing need for surveillance and monitoring equipment that produces authentic, verifiable records of observed activities. Such a record provides the inspecting party with confidence that observed activities occurred as recorded, without undetected tampering or spoofing having taken place. The secure authenticated video equipment (SAVE) system provides an authenticated series of video images of an observed activity. Being self-contained and portable, it can be installed as a stand-alone surveillance system or used in conjunction with existing monitoring equipment in a non-invasive manner. Security is provided by a tamper-proof camera enclosure containing a private, electronic authentication key. Video data is transferred communication link consisting of a coaxial cable, fiber-optic link or other similar media. A video review station, located remotely from the camera, receives, validates, displays and stores the incoming data. Video data is validated within the review station using a public key, a copy of which is held by authorized panics. This scheme allows the holder of the public key to verify the authenticity of the recorded video data but precludes undetectable modification of the data generated by the tamper-protected private authentication key.

  4. A proposed generic authentication information element

    SciTech Connect (OSTI)

    Tarman, T.D.

    1995-08-01

    This contribution describes a proposed information element that can convey authentication information within an ATM signaling message. The design of this information element provides a large amount of flexibility to the user because it does not specify a particular signature algorithm, and it does not specify which information elements must accompany the Authentication IE in a signaling message. This allows the user to implement authenticated signaling based on her site`s security policies and performance requirements.

  5. U-275: HP IBRIX X9000 Storage Discloses Information to Remote Users

    Broader source: Energy.gov [DOE]

    A potential security vulnerability has been identified with HP IBRIX X9000 Storage. The vulnerability could be remotely exploited to allow disclosure of information.

  6. U-201: HP System Management Homepage Bugs Let Remote Users Deny Service

    Broader source: Energy.gov [DOE]

    The vulnerabilities could be exploited remotely resulting in unauthorized access, disclosure of information, data modification, Denial of Service (DoS), and execution of arbitrary code.

  7. V-210: HP LaserJet Pro Printer Bug Lets Remote Users Access Data

    Broader source: Energy.gov [DOE]

    A potential security vulnerability has been identified with certain HP LaserJet Pro printers. The vulnerability could be exploited remotely to gain unauthorized access to data.

  8. Users

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    ... offered at CAMD's annual user meeting) or by retaking the online CAMD Radiation Safety Test. If your training has expired your access card will not allow access to the ...

  9. Obfuscated authentication systems, devices, and methods

    DOE Patents [OSTI]

    Armstrong, Robert C; Hutchinson, Robert L

    2013-10-22

    Embodiments of the present invention are directed toward authentication systems, devices, and methods. Obfuscated executable instructions may encode an authentication procedure and protect an authentication key. The obfuscated executable instructions may require communication with a remote certifying authority for operation. In this manner, security may be controlled by the certifying authority without regard to the security of the electronic device running the obfuscated executable instructions.

  10. V-171: Apple Safari Bugs Let Remote Users Execute Arbitrary Code...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    specially crafted HTML that, when loaded by the target user, will trigger a memory corruption error and execute arbitrary code on the target system CVE-2013-1009,...

  11. T-673: Apple Safari Multiple Flaws Let Remote Users Execute Arbitrary...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    specially crafted HTML that, when loaded by the target user, will trigger a memory corruption error and execute arbitrary code on the target system - CVE-2010-1823,...

  12. Low-bandwidth authentication.

    SciTech Connect (OSTI)

    Donnelly, Patrick Joseph; McIver, Lauren; Gaines, Brian R.; Anderson, Erik; Collins, Michael Joseph; Thomas,Kurt Adam; McDaniel, Austin

    2007-09-01

    Remotely-fielded unattended sensor networks generally must operate at very low power--in the milliwatt or microwatt range--and thus have extremely limited communications bandwidth. Such sensors might be asleep most of the time to conserve power, waking only occasionally to transmit a few bits. RFID tags for tracking or material control have similarly tight bandwidth constraints, and emerging nanotechnology devices will be even more limited. Since transmitted data is subject to spoofing, and since sensors might be located in uncontrolled environments vulnerable to physical tampering, the high-consequence data generated by such systems must be protected by cryptographically sound authentication mechanisms; but such mechanisms are often lacking in current sensor networks. One reason for this undesirable situation is that standard authentication methods become impractical or impossible when bandwidth is severely constrained; if messages are small, a standard digital signature or HMAC will be many times larger than the message itself, yet it might be possible to spare only a few extra bits per message for security. Furthermore, the authentication tags themselves are only one part of cryptographic overhead, as key management functions (distributing, changing, and revoking keys) consume still more bandwidth. To address this problem, we have developed algorithms that provide secure authentication while adding very little communication overhead. Such techniques will make it possible to add strong cryptographic guarantees of data integrity to a much wider range of systems.

  13. U-247: EMC Cloud Tiering Appliance Flaw Lets Remote Users Bypass...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    CTA 7.3.1 and later with Hotfix ESA-2012-034 Addthis Related Articles V-045: Adobe ColdFusion Lets Local Users Bypass Sandbox Restrictions V-036: EMC Smarts Network...

  14. T-574: Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code

    Broader source: Energy.gov [DOE]

    Multiple vulnerabilities have been reported in Google Chrome, where some have an unknown impact while others can be exploited by malicious people bypass certain security restrictions, disclose system information, and compromise a user's system.

  15. U-222: Apple Safari Bugs Let Remote Users Execute Arbitrary Code...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    specially crafted HTML that, when loaded by the target user, will trigger a memory corruption error and execute arbitrary code on the target system CVE-2011-3016, CVE-2011-3021,...

  16. T-662: ISC BIND Packet Processing Flaw Lets Remote Users Deny Service

    Broader source: Energy.gov [DOE]

    A defect in the affected BIND 9 versions allows an attacker to remotely cause the "named" process to exit using a specially crafted packet. This defect affects both recursive and authoritative servers. The code location of the defect makes it impossible to protect BIND using ACLs configured within named.conf or by disabling any features at compile-time or run-time. A remote attacker would need to be able to send a specially crafted packet directly to a server running a vulnerable version of BIND. There is also the potential for an indirect attack via malware that is inadvertently installed and run, where infected machines have direct access to an organization's nameservers.

  17. Authentication techniques for smart cards

    SciTech Connect (OSTI)

    Nelson, R.A.

    1994-02-01

    Smart card systems are most cost efficient when implemented as a distributed system, which is a system without central host interaction or a local database of card numbers for verifying transaction approval. A distributed system, as such, presents special card and user authentication problems. Fortunately, smart cards offer processing capabilities that provide solutions to authentication problems, provided the system is designed with proper data integrity measures. Smart card systems maintain data integrity through a security design that controls data sources and limits data changes. A good security design is usually a result of a system analysis that provides a thorough understanding of the application needs. Once designers understand the application, they may specify authentication techniques that mitigate the risk of system compromise or failure. Current authentication techniques include cryptography, passwords, challenge/response protocols, and biometrics. The security design includes these techniques to help prevent counterfeit cards, unauthorized use, or information compromise. This paper discusses card authentication and user identity techniques that enhance security for microprocessor card systems. It also describes the analysis process used for determining proper authentication techniques for a system.

  18. System and method for authentication

    SciTech Connect (OSTI)

    Duerksen, Gary L.; Miller, Seth A.

    2015-12-29

    Described are methods and systems for determining authenticity. For example, the method may include providing an object of authentication, capturing characteristic data from the object of authentication, deriving authentication data from the characteristic data of the object of authentication, and comparing the authentication data with an electronic database comprising reference authentication data to provide an authenticity score for the object of authentication. The reference authentication data may correspond to one or more reference objects of authentication other than the object of authentication.

  19. Authentication Protocol using Quantum Superposition States

    SciTech Connect (OSTI)

    Kanamori, Yoshito; Yoo, Seong-Moo; Gregory, Don A.; Sheldon, Frederick T

    2009-01-01

    When it became known that quantum computers could break the RSA (named for its creators - Rivest, Shamir, and Adleman) encryption algorithm within a polynomial-time, quantum cryptography began to be actively studied. Other classical cryptographic algorithms are only secure when malicious users do not have sufficient computational power to break security within a practical amount of time. Recently, many quantum authentication protocols sharing quantum entangled particles between communicators have been proposed, providing unconditional security. An issue caused by sharing quantum entangled particles is that it may not be simple to apply these protocols to authenticate a specific user in a group of many users. An authentication protocol using quantum superposition states instead of quantum entangled particles is proposed. The random number shared between a sender and a receiver can be used for classical encryption after the authentication has succeeded. The proposed protocol can be implemented with the current technologies we introduce in this paper.

  20. T-594: IBM solidDB Password Hash Authentication Bypass Vulnerability

    Broader source: Energy.gov [DOE]

    This vulnerability could allow remote attackers to execute arbitrary code on vulnerable installations of IBM solidDB. Authentication is not required to exploit this vulnerability.

  1. Instructions for using HSPD-12 Authenticated Outlook Web Access...

    Broader source: Energy.gov (indexed) [DOE]

    Provides instructions for remote Outlook access using HSPD-12 Badge. HSPD-12 Badge Instructions (388.34 KB) More Documents & Publications User Guide for Remote Access to VDI...

  2. Method and system for normalizing biometric variations to authenticate users from a public database and that ensures individual biometric data privacy

    DOE Patents [OSTI]

    Strait, Robert S.; Pearson, Peter K.; Sengupta, Sailes K.

    2000-01-01

    A password system comprises a set of codewords spaced apart from one another by a Hamming distance (HD) that exceeds twice the variability that can be projected for a series of biometric measurements for a particular individual and that is less than the HD that can be encountered between two individuals. To enroll an individual, a biometric measurement is taken and exclusive-ORed with a random codeword to produce a "reference value." To verify the individual later, a biometric measurement is taken and exclusive-ORed with the reference value to reproduce the original random codeword or its approximation. If the reproduced value is not a codeword, the nearest codeword to it is found, and the bits that were corrected to produce the codeword to it is found, and the bits that were corrected to produce the codeword are also toggled in the biometric measurement taken and the codeword generated during enrollment. The correction scheme can be implemented by any conventional error correction code such as Reed-Muller code R(m,n). In the implementation using a hand geometry device an R(2,5) code has been used in this invention. Such codeword and biometric measurement can then be used to see if the individual is an authorized user. Conventional Diffie-Hellman public key encryption schemes and hashing procedures can then be used to secure the communications lines carrying the biometric information and to secure the database of authorized users.

  3. Data Authentication Demonstration for Radionuclide Stations

    SciTech Connect (OSTI)

    Harris, Mark; Herrington, Pres; Miley, Harry; Ellis, J. Edward; McKinnon, David; St. Pierre, Devon

    1999-08-03

    Data authentication is required for certification of sensor stations in the International Monitoring System (IMS). Authentication capability has been previously demonstrated for continuous waveform stations (seismic and infrasound). This paper addresses data surety for the radionuclide stations in the IMS, in particular the Radionuclide Aerosol Sampler/Analyzer (RASA) system developed by Pacific Northwest National Laboratory (PNNL). Radionuclide stations communicate data by electronic mail using formats defined in IMS 1.0, Formats and Protocols for Messages. An open message authentication standard exists, called S/MIME (Secure/Multipurpose Internet Mail Extensions), which has been proposed for use with all IMS radionuclide station message communications. This standard specifies adding a digital signature and public key certificate as a MIME attachment to the e-mail message. It is advantageous because it allows authentication to be added to all IMS 1.0 messages in a standard format and is commercially supported in e-mail software. For command and control, the RASA system uses a networked Graphical User Interface (GUI) based upon Common Object Request Broker Architecture (CORBA) communications, which requires special authentication procedures. The authors have modified the RASA system to meet CTBTO authentication guidelines, using a FORTEZZA card for authentication functions. They demonstrated signing radionuclide data messages at the RASA, then sending, receiving, and verifying the messages at a data center. They demonstrated authenticating command messages and responses from the data center GUI to the RASA. Also, the particular authentication system command to change the private/public key pair and retrieve the new public key was demonstrated. This work shows that data surety meeting IMS guidelines may be immediately applied to IMS radionuclide systems.

  4. Authentication of byte sequences

    SciTech Connect (OSTI)

    Stearns, S.D.

    1991-06-01

    Algorithms for the authentication of byte sequences are described. The algorithms are designed to authenticate data in the Storage, Retrieval, Analysis, and Display (SRAD) Test Data Archive of the Radiation Effects and Testing Directorate (9100) at Sandia National Laboratories, and may be used in similar situations where authentication of stored data is required. The algorithms use a well-known error detection method called the Cyclic Redundancy Check (CRC). When a byte sequence is authenticated and stored, CRC bytes are generated and attached to the end of the sequence. When the authenticated data is retrieved, the authentication check consists of processing the entire sequence, including the CRC bytes, and checking for a remainder of zero. The error detection properties of the CRC are extensive and result in a reliable authentication of SRAD data.

  5. Proposed DSS-specific fields for the generic authentication information element

    SciTech Connect (OSTI)

    Tarman, T.D.

    1995-08-06

    This contribution proposes the format of the ``Algorithm-Specific Information`` and ``Signature`` fields within the ``Proposed Generic Authentication Information Element`` for authentication IEs based on the Digital Signature Standard (DSS). These fields are designed to allow various levels of authentication ``strength`` (or robustness), and many of these fields may be omitted in systems that optimize authentication performance by sharing common (public) Digital Signature Algorithm (DSA) parameters. This allows users and site security officers to design their authenticated signaling according to site security and performance requirements.

  6. V-176: Adobe Flash Player Memory Corruption Flaw Lets Remote...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    6: Adobe Flash Player Memory Corruption Flaw Lets Remote Users Execute Arbitrary Code V-176: Adobe Flash Player Memory Corruption Flaw Lets Remote Users Execute Arbitrary Code June...

  7. V-149: Microsoft Internet Explorer Object Access Bug Lets Remote...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    9: Microsoft Internet Explorer Object Access Bug Lets Remote Users Execute Arbitrary Code V-149: Microsoft Internet Explorer Object Access Bug Lets Remote Users Execute Arbitrary...

  8. Authentication of quantum messages.

    SciTech Connect (OSTI)

    Barnum, Howard; Crépeau, Jean-Claude; Gottesman, D.; Smith, A.; Tapp, Alan

    2001-01-01

    Authentication is a well-studied area of classical cryptography: a sender A and a receiver B sharing a classical private key want to exchange a classical message with the guarantee that the message has not been modified or replaced by a dishonest party with control of the communication line. In this paper we study the authentication of messages composed of quantum states. We give a formal definition of authentication in the quantum setting. Assuming A and B have access to an insecure quantum channel and share a private, classical random key, we provide a non-interactive scheme that both enables A to encrypt and authenticate (with unconditional security) an m qubit message by encoding it into m + s qubits, where the probability decreases exponentially in the security parameter s. The scheme requires a private key of size 2m + O(s). To achieve this, we give a highly efficient protocol for testing the purity of shared EPR pairs. It has long been known that learning information about a general quantum state will necessarily disturb it. We refine this result to show that such a disturbance can be done with few side effects, allowing it to circumvent cryptographic protections. Consequently, any scheme to authenticate quantum messages must also encrypt them. In contrast, no such constraint exists classically: authentication and encryption are independent tasks, and one can authenticate a message while leaving it publicly readable. This reasoning has two important consequences: On one hand, it allows us to give a lower bound of 2m key bits for authenticating m qubits, which makes our protocol asymptotically optimal. On the other hand, we use it to show that digitally signing quantum states is impossible, even with only computational security.

  9. V-093: Symantec PGP Desktop Buffer Overflows Let Local Users...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Secure Mobility Client Heap Overflow Lets Local Users Gain Elevated Privileges V-066: Adobe AcrobatReader Multiple Flaws Lets Remote Users Execute Arbitrary Code and Local Users...

  10. Authentication Without Secrets

    SciTech Connect (OSTI)

    Pierson, Lyndon G.; Robertson, Perry J.

    2015-11-01

    This work examines a new approach to authentication, which is the most fundamental security primitive that underpins all cyber security protections. Current Internet authentication techniques require the protection of one or more secret keys along with the integrity protection of the algorithms/computations designed to prove possession of the secret without actually revealing it. Protecting a secret requires physical barriers or encryption with yet another secret key. The reason to strive for "Authentication without Secret Keys" is that protecting secrets (even small ones only kept in a small corner of a component or device) is much harder than protecting the integrity of information that is not secret. Promising methods are examined for authentication of components, data, programs, network transactions, and/or individuals. The successful development of authentication without secret keys will enable far more tractable system security engineering for high exposure, high consequence systems by eliminating the need for brittle protection mechanisms to protect secret keys (such as are now protected in smart cards, etc.). This paper is a re-release of SAND2009-7032 with new figures numerous edits.

  11. Two-Factor Authentication

    Broader source: Energy.gov [DOE]

    Two-Factor Authentication (2FA) (also known as 2-Step Verification) is a system that employs two methods to identify an individual. More secure than reusable passwords, when a token's random number...

  12. LANSCE | Users | User Office

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    User Office LANSCE User Office and Visitor Center The LANSCE User Office is responsible for coordinating the users with LANSCE instrument scientist and the facility. Users contact the User Office weeks before they arrive at the LANSCE Visitor Center at Technical Area 53. Among their many responsibilities, the team issues the call for proposals, coordinates proposal experiment schedules, directs users to the training center, issues badges and dosimeters, helps to arrange tours of the facilities,

  13. T-703: Cisco Unified Communications Manager Open Query Interface...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    A remote user can obtain database contents, including authentication credentials. ... This may include authentication credentials, configuration details, and other sensitive ...

  14. T-660: OpenSSH on FreeBSD Has Buffer Overflow in pam_thread() That Lets Remote Users Execute Arbitrary Code

    Broader source: Energy.gov [DOE]

    The module does not adequately validate user input leading to an cross-site scripting (XSS) possibility in certain circumstances.

  15. International safeguards data authentication

    SciTech Connect (OSTI)

    Melton, R.B.; Smith, C.E.; DeLand, S.M.; Manatt, D.R.

    1996-07-01

    The International Safeguards community is becoming increasingly reliant on information stored in electronic form. In international monitoring and related activities it must be possible to verify and maintain the integrity of this electronic information. This paper discusses the use of data authentication technology to assist in accomplishing this task. The paper provides background information, identifies the relevance to international safeguards, discusses issues related to export controls, algorithm patents, key management and the use of commercial vs. custom software.

  16. User Information

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    User Information User Information Print ALSHub User Portal User Guide A step-by-step guide for users about how to apply and prepare for beam time at the ALS. Experiment Safety Upon receiving beam time, complete an Experiment Safety Sheet Prospective Users Users from Industry Contacts for Users User Policy Data Management Users' Executive Committee (UEC) User Meeting

  17. LANSCE | Users | User Program

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    LANSCE User Program LANSCE's User Program ensures the research it oversees represents the cutting edge of nuclear and materials science and technology. The User Program plays a key role in training the next generation of top scientists, attracting the best graduate students, postdoctoral researchers, and early-career scientists (defined as those less than 40-years old). The User Program typically begins with the first call for proposals and run until the end of the run-cycle. The User-Program

  18. Anonymous authenticated communications

    DOE Patents [OSTI]

    Beaver, Cheryl L.; Schroeppel, Richard C.; Snyder, Lillian A.

    2007-06-19

    A method of performing electronic communications between members of a group wherein the communications are authenticated as being from a member of the group and have not been altered, comprising: generating a plurality of random numbers; distributing in a digital medium the plurality of random numbers to the members of the group; publishing a hash value of contents of the digital medium; distributing to the members of the group public-key-encrypted messages each containing a same token comprising a random number; and encrypting a message with a key generated from the token and the plurality of random numbers.

  19. CERTIFICATE OF AUTHENTICITY

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    CERTIFICATE OF AUTHENTICITY I hereby certify that this transcript constitutes an accurate record of the full Council meeting of the National Coal Council held on November 14,2008 at the Westin Grand Hotel, Washington, D.C. ~ i c h a e l G. Mueller, Chair National Coal Council I NATIONAL COAL COUNCIL 1 FULL COUNCIL MEETING FRIDAY NOVEMBER 14, 2 0 0 8 The Full Council meeting convened at 9 : 0 0 a.m. in the Washington Ballroom of the Westin Grand Hotel, 2 3 5 0 M Street, NW, Washington, DC, Chair

  20. AVNG authentication features

    SciTech Connect (OSTI)

    Thron, Jonathan Louis; Mac Arthur, Duncan W; White, Greg; Razinkov, Sergey; Livke, Alexander

    2010-01-01

    Any verification measurement performed on potentially classified nuclear material must satisfy two seemingly contradictory constraints. First and foremost, no classified information can be released. At the same time, the monitoring party must have confidence in the veracity of the measurement (called authentication). An information barrier (IB) is included in the measurement system to protect the potentially classified information. To achieve both goals, the IB allows only very limited, previously agreed-on information to be displayed to the monitoring party. In addition to this limited information from the potentially classified measurement, other measurements are performed and procedures are put in place for the monitoring party to gain confidence that the material being measured is consistent with the host's declarations concerning that material. In this presentation, we will discuss the techniques used in the AVNG attribute measuring system to facilitate authentication of the verification measurements by the monitors. These techniques include measuring unclassified items while allowing more information to be displayed; having the monitor understand the system function, design, and implementation; and randomly selecting the order of measurements.

  1. Training Courses for Argonne User Facilities | Advanced Photon...

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    Training Courses for Argonne User Facilities All core courses can be taken via the Remote Training web site. See the user training requirements summary for general information....

  2. Remote monitoring using technologies from the Internet and World Wide Web

    SciTech Connect (OSTI)

    Puckett, J.M.; Burczyk, L.

    1997-11-01

    Recent developments in Internet technologies are changing and enhancing how one processes and exchanges information. These developments include software and hardware in support of multimedia applications on the World Wide Web. In this paper the authors describe these technologies as they have applied them to remote monitoring and show how they will allow the International Atomic Energy Agency to efficiently review and analyze remote monitoring data for verification of material movements. The authors have developed demonstration software that illustrates several safeguards data systems using the resources of the Internet and Web to access and review data. This Web demo allows the user to directly observe sensor data, to analyze simulated safeguards data, and to view simulated on-line inventory data. Future activities include addressing the technical and security issues associated with using the Web to interface with existing and planned monitoring systems at nuclear facilities. Some of these issues are authentication, encryption, transmission of large quantities of data, and data compression.

  3. U-206: WordPress Flaws Permit Cross-Site Scripting, Cross-Site Request Forgery, and Information Disclosure Attacks

    Broader source: Energy.gov [DOE]

    Several vulnerabilities were reported in WordPress. A remote authenticated user can conduct cross-site scripting attacks. A remote user can conduct cross-site request forgery attacks. A remote authenticated user can obtain potentially sensitive information.

  4. Provably Secure Password-based Authentication in TLS

    SciTech Connect (OSTI)

    Abdalla, Michel; Emmanuel, Bresson; Chevassut, Olivier; Moeller,Bodo; Pointcheval, David

    2005-12-20

    In this paper, we show how to design an efficient, provably secure password-based authenticated key exchange mechanism specifically for the TLS (Transport Layer Security) protocol. The goal is to provide a technique that allows users to employ (short) passwords to securely identify themselves to servers. As our main contribution, we describe a new password-based technique for user authentication in TLS, called Simple Open Key Exchange (SOKE). Loosely speaking, the SOKE ciphersuites are unauthenticated Diffie-Hellman ciphersuites in which the client's Diffie-Hellman ephemeral public value is encrypted using a simple mask generation function. The mask is simply a constant value raised to the power of (a hash of) the password.The SOKE ciphersuites, in advantage over previous pass-word-based authentication ciphersuites for TLS, combine the following features. First, SOKE has formal security arguments; the proof of security based on the computational Diffie-Hellman assumption is in the random oracle model, and holds for concurrent executions and for arbitrarily large password dictionaries. Second, SOKE is computationally efficient; in particular, it only needs operations in a sufficiently large prime-order subgroup for its Diffie-Hellman computations (no safe primes). Third, SOKE provides good protocol flexibility because the user identity and password are only required once a SOKE ciphersuite has actually been negotiated, and after the server has sent a server identity.

  5. User Training | Argonne National Laboratory

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    User Training Before performing work at the CNM, you must take certain orientation and safety training courses. We encourage you to take these courses remotely before you arrive at ...

  6. User Services

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    Home Contact User Services Print The User Services Group is available to aid ALS users before they arrive, while they are here, and after they leave. User Office Experiment...

  7. User Facilities

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    User Facilities User Facilities User facility agreements allow Los Alamos partners and other entities to conduct research at our unique facilities. In 2011, LANL hosted more than 1,200 users at CINT, LANSCE, and NHMFL. Users came from across the DOE complex, from international academia, and from industrial companies from 45 states across the U.S. Unique world-class user facilities foster rich research opportunities Through its technology transfer efforts, LANL can implement user facility

  8. Remote switch actuator

    DOE Patents [OSTI]

    Haas, Edwin Gerard; Beauman, Ronald; Palo, Jr., Stefan

    2013-01-29

    The invention provides a device and method for actuating electrical switches remotely. The device is removably attached to the switch and is actuated through the transfer of a user's force. The user is able to remain physically removed from the switch site obviating need for protective equipment. The device and method allow rapid, safe actuation of high-voltage or high-current carrying electrical switches or circuit breakers.

  9. LANSCE | Users

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    Rosen Scholar Rosen Prize Users dotline User Information Planning for Arrival: Contact the User Office several weeks before arriving at LANSCE. The LANSCE User Office will assist you in preparing for your visit to LANSCE. Plan to arrive one day prior to your scheduled beam time. User Office Contacts Division Office Ph: 505.667.5051 Lujan Center User Office lujan-uo@lanl.gov WNR User Program Administrator Tanya Herrera Ph: 505.667.6797 User Office Main Desk Email: lansce-user-office@lanl.gov Ph:

  10. User Services

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    Section Sue Bailey This e-mail address is being protected from spambots. You need JavaScript enabled to view it User Services Group Leader Prospective users Proprietary users...

  11. U-129: RSA enVision Bugs Permit Cross-Site Scripting, SQL Injection, and Directory Traversal Attacks

    Office of Energy Efficiency and Renewable Energy (EERE)

    Several vulnerabilities were reported in RSA enVision. A remote user can access the system. A remote authenticated user can conduct cross-site scripting attacks. A remote authenticated user can inject SQL commands. A remote authenticated user can view files on the target system.

  12. AUTHENTICATED SENSOR INTERFACE DEVICE FOR JOINT USE SAFEGUARDS APPLICATIONS - CONCEPTS AND CHALLENGES

    SciTech Connect (OSTI)

    Poland, R.; Drayer, R.; Wilson, J.

    2013-08-12

    This paper will discuss the key features of the Authenticated Sensor Interface Device that collectively provide the ability to share data among a number of parties while ensuring the authentication of data and protecting both the operator’s and the IAEA’s interests. The paper will also discuss the development of the prototype, the initial testing with an accountancy scale, and future plans and challenges to implementation into the joint use and remote monitoring applications. As nuclear fuel cycle technology becomes more prevalent throughout the world and the capacity of plants increases, limited resources of the IAEA are being stretched near a breaking point. A strategy is to increase efficiency in safeguards monitoring using “joint use” equipment that will provide the facility operator process data while also providing the IAEA key safeguards data. The data, however, must be authenticated and validated to ensure the data have not been tampered with. The Authenticated Sensor Interface Device provides the capability to share data and can be a valuable component in the IAEA’s ability to collect accountancy data from scales in Uranium conversion and enrichment plants, as well as nuclear fuel fabrication plants. Likewise, the Authenticated Sensor Interface Device can be configured to accept a diverse array of input signals, ranging from analog voltage, to current, to digital interfaces and more. These modular capabilities provide the ability to collect authenticated, joint-use, data streams from various process monitoring sensors.

  13. User Services

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    Proposals for beam time User publications database Guest logistics and parking Loan of laptop, stealth phone and projector Logisitics for the annual users' meeting ALS Experiment...

  14. User Facilities

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    User Facilities User Facilities A new research frontier awaits! Our door is open, and we thrive on mutually beneficial partnerships and collaborations that drive innovations and new technologies. Unique world-class user facilities foster rich research opportunities Through its technology transfer efforts, Los Alamos National Laboratory can implement user facility agreements that allow its partners and other entities to conduct research at many of its unique facilities. While our largest user

  15. CERTIFICATE OF AUTHENTICITY | Department of Energy

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    CERTIFICATE OF AUTHENTICITY CERTIFICATE OF AUTHENTICITY I hereby certify that this transcript constitutes an accurate record of the full Council meeting of the National Coal Council held on November 14,2008 at the Westin Grand Hotel, Washington, D.C. Tran_001.pdf CERTIFICATE OF AUTHENTICITY (4.5 MB) More Documents & Publications U.S. Offshore Wind Advanced Technology Demonstration Projects Public Meeting Transcript for Offshore Wind Demonstrations Office of Information Resources Office of

  16. User Services

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    Contacts for Users User Services Print General Inquiries: This e-mail address is being protected from spambots. You need JavaScript enabled to view it Tel: 510-486-7745 (dial last four numbers from on-site phones) Location: Building 6 mezzanine, Room 6-2212 Office hours: Monday-Friday 8am - 5pm (new users should arrive before 4pm) Address: Advanced Light Source, Berkeley Lab, MS 6-2100, Berkeley, CA 94720 Group Leader User Services Sue Bailey Prospective users, Industry users This e-mail address

  17. U-068:Linux Kernel SG_IO ioctl Bug Lets Local Users Gain Elevated Privileges

    Broader source: Energy.gov [DOE]

    Vulnerability was reported in FreeBSD Telnet. A remote user can execute arbitrary code on the target system.

  18. CERTIFICATE OF AUTHENTICITY | Department of Energy

    Energy Savers [EERE]

    D.C. Tran001.pdf PDF icon CERTIFICATE OF AUTHENTICITY More Documents & Publications U.S. Offshore Wind Advanced Technology Demonstration Projects Public Meeting Transcript for...

  19. U-159: Red Hat Enterprise MRG Messaging Qpid Bug Lets Certain...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    9: Red Hat Enterprise MRG Messaging Qpid Bug Lets Certain Remote Users Bypass Authentication U-159: Red Hat Enterprise MRG Messaging Qpid Bug Lets Certain Remote Users Bypass...

  20. User Guide

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    User Guide Print 1. Register with the ALS Create an account on ALSHub-the ALS user portal. 2. Apply for Beam Time 3. Establish a User Agreement 4. Comply with Experiment Safety Requirements Upon receiving beam time, complete an Experiment Safety Sheet. 5. Get Access to Work Onsite 6. Complete Online Safety Training 7. Utilize Available Resources 8. Complete the User Satisfaction Survey 9. Report Publications, Awards, Talks, Acknowledging Work at ALS

  1. User Policy

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    User Policy Print 1. Guiding Principles The aim of User Policy at the Advanced Light Source (ALS) is to provide a framework for establishing a challenging yet congenial environment where talented scientists from different backgrounds can work together in pursuit of the new scientific opportunities presented by the availability of this innovative facility. User policy must address a variety of user needs and sensitivities. On one hand, the qualified researcher with little financial backing needs

  2. User Guide

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    User Guide Print 1. Register with the ALS Create an account on ALSHub-the ALS user portal. 2. Apply for Beam Time 3. Establish a User Agreement 4. Comply with Experiment Safety Requirements Upon receiving beam time, complete an Experiment Safety Sheet. 5. Get Access to Work Onsite 6. Complete Online Safety Training 7. Utilize Available Resources 8. Complete the User Satisfaction Survey 9. Report Publications, Awards, Talks, Acknowledging Work at ALS

  3. User Policy

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    User Policy Print 1. Guiding Principles The aim of User Policy at the Advanced Light Source (ALS) is to provide a framework for establishing a challenging yet congenial environment where talented scientists from different backgrounds can work together in pursuit of the new scientific opportunities presented by the availability of this innovative facility. User policy must address a variety of user needs and sensitivities. On one hand, the qualified researcher with little financial backing needs

  4. User Guide

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    Guide User Guide Print 1. Register with the ALS Create an account on ALSHub-the ALS user portal. 2. Apply for Beam Time 3. Establish a User Agreement 4. Comply with Experiment Safety Requirements Upon receiving beam time, complete an Experiment Safety Sheet. 5. Get Access to Work Onsite 6. Complete Online Safety Training 7. Utilize Available Resources 8. Complete the User Satisfaction Survey 9. Report Publications, Awards, Talks, Acknowledging Work at ALS

  5. User Policy

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    Policy User Policy Print 1. Guiding Principles The aim of User Policy at the Advanced Light Source (ALS) is to provide a framework for establishing a challenging yet congenial environment where talented scientists from different backgrounds can work together in pursuit of the new scientific opportunities presented by the availability of this innovative facility. User policy must address a variety of user needs and sensitivities. On one hand, the qualified researcher with little financial backing

  6. V-225: McAfee Email Gateway SMTP Processing Flaw Lets Remote...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    5: McAfee Email Gateway SMTP Processing Flaw Lets Remote Users Deny Service V-225: McAfee Email Gateway SMTP Processing Flaw Lets Remote Users Deny Service August 23, 2013 - 1:26am...

  7. User Packages

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    User Packages User Packages There is more than one way for users to manage installation of Python packages on their own. Users of the Anaconda distribution may create their own environments as described here. Users of the NERSC-built modules can use virtualenv, pip, or compile and install Python packages directly. Using "pip" on Edison and Cori There is an issue with the pip command on the Cray systems because of an SSL certificate verification problem. One symptom is that you create

  8. User Services

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    Author Guidelines User Services Print General Inquiries: This e-mail address is being protected from spambots. You need JavaScript enabled to view it Tel: 510-486-7745 (dial last four numbers from on-site phones) Location: Building 6 mezzanine, Room 6-2212 Office hours: Monday-Friday 8am - 5pm (new users should arrive before 4pm) Address: Advanced Light Source, Berkeley Lab, MS 6-2100, Berkeley, CA 94720 Group Leader User Services Sue Bailey Prospective users, Industry users This e-mail address

  9. User Services

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    User Services General Inquiries: This e-mail address is being protected from spambots. You need JavaScript enabled to view it Tel: 510-486-7745 (dial last four numbers from on-site phones) Location: Building 6 mezzanine, Room 6-2212 Office hours: Monday-Friday 8am - 5pm (new users should arrive before 4pm) Address: Advanced Light Source, Berkeley Lab, MS 6-2100, Berkeley, CA 94720 Group Leader User Services Sue Bailey Prospective users, Industry users This e-mail address is being protected from

  10. User Services

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    User Services Print General Inquiries: This e-mail address is being protected from spambots. You need JavaScript enabled to view it Tel: 510-486-7745 (dial last four numbers from on-site phones) Location: Building 6 mezzanine, Room 6-2212 Office hours: Monday-Friday 8am - 5pm (new users should arrive before 4pm) Address: Advanced Light Source, Berkeley Lab, MS 6-2100, Berkeley, CA 94720 Group Leader User Services Sue Bailey Prospective users, Industry users This e-mail address is being protected

  11. User Services

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    User Services Print General Inquiries: This e-mail address is being protected from spambots. You need JavaScript enabled to view it Tel: 510-486-7745 (dial last four numbers from on-site phones) Location: Building 6 mezzanine, Room 6-2212 Office hours: Monday-Friday 8am - 5pm (new users should arrive before 4pm) Address: Advanced Light Source, Berkeley Lab, MS 6-2100, Berkeley, CA 94720 Group Leader User Services Sue Bailey Prospective users, Industry users This e-mail address is being protected

  12. User Services

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    User Services Print General Inquiries: This e-mail address is being protected from spambots. You need JavaScript enabled to view it Tel: 510-486-7745 (dial last four numbers from on-site phones) Location: Building 6 mezzanine, Room 6-2212 Office hours: Monday-Friday 8am - 5pm (new users should arrive before 4pm) Address: Advanced Light Source, Berkeley Lab, MS 6-2100, Berkeley, CA 94720 Group Leader User Services Sue Bailey Prospective users, Industry users This e-mail address is being protected

  13. New User and Data Analytics Training

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    New User and Data Analytics Training New User and Data Analytics Training February 23, 2015 Monday, Feb. 23 - New User and Data Analytics Training NERSC (Berkeley Lab Building 943), 415 20th Street, Oakland, CA If you plan to attend, please register here. There is no registration fee, but your registration helps us plan the event. To attend remotely via WebEx, please see Remote Setup. Note that the morning session "New User Training" and the afternoon session "Data and Analytics

  14. AUTHENTICATED

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    1 Contract No. 11PB-12330 AMENDMENT executed by the BONNEVILLE POWER ADMINISTRATION and PORT TOWNSEND PAPER CORPORATION This AMENDMENT to the Firm Power Sales Agreement (Agreement)...

  15. User Policy

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    Policy Print 1. Guiding Principles The aim of User Policy at the Advanced Light Source (ALS) is to provide a framework for establishing a challenging yet congenial environment where talented scientists from different backgrounds can work together in pursuit of the new scientific opportunities presented by the availability of this innovative facility. User policy must address a variety of user needs and sensitivities. On one hand, the qualified researcher with little financial backing needs

  16. Industrial Users

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    Industrial Users The facility has been used for more than a decade by a virtual Who's Who of the semiconductor industry to simulate the potential failures posed by cosmic-ray-induced neutrons upon miniature electronic devices, such as chips that help control aircraft or complex integrated circuits in automobiles. Industrial User Information The Neutron and Nuclear Science (WNR) Facility welcomes proposals for beam time experiments from industry users. Proprietary and non-proprietary industrial

  17. User Services

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    Services Print General Inquiries: This e-mail address is being protected from spambots. You need JavaScript enabled to view it Tel: 510-486-7745 (dial last four numbers from on-site phones) Location: Building 6 mezzanine, Room 6-2212 Office hours: Monday-Friday 8am - 5pm (new users should arrive before 4pm) Address: Advanced Light Source, Berkeley Lab, MS 6-2100, Berkeley, CA 94720 Group Leader User Services Sue Bailey Prospective users, Industry users This e-mail address is being protected from

  18. User Services

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    Services Print General Inquiries: This e-mail address is being protected from spambots. You need JavaScript enabled to view it Tel: 510-486-7745 (dial last four numbers from on-site phones) Location: Building 6 mezzanine, Room 6-2212 Office hours: Monday-Friday 8am - 5pm (new users should arrive before 4pm) Address: Advanced Light Source, Berkeley Lab, MS 6-2100, Berkeley, CA 94720 Group Leader User Services Sue Bailey Prospective users, Industry users This e-mail address is being protected from

  19. User Guide

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    Upon receiving beam time, complete an Experiment Safety Sheet. 5. Get Access to Work Onsite 6. Complete Online Safety Training 7. Utilize Available Resources 8. Complete the User ...

  20. Industrial Users

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    Industrial Users - Media Publications and Information The Invisible Neutron Threat Neutron-Induced Failures in Semiconductor Devices Nuclear Science Research at the LANSCE-WNR...

  1. Prospective Users

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    from universities, government labs, and industry who are interested in performing experiments at the general sciences and structural biology beamlines open to users. An...

  2. U-129: RSA enVision Bugs Permit Cross-Site Scripting, SQL Injection...

    Office of Environmental Management (EM)

    can inject SQL commands. A remote authenticated user can view files on the target system. ... A remote authenticated user can view files on the target system. Solution: The vendor has ...

  3. Final report for the network authentication investigation and pilot.

    SciTech Connect (OSTI)

    Eldridge, John M.; Dautenhahn, Nathan; Miller, Marc M.; Wiener, Dallas J; Witzke, Edward L.

    2006-11-01

    New network based authentication mechanisms are beginning to be implemented in industry. This project investigated different authentication technologies to see if and how Sandia might benefit from them. It also investigated how these mechanisms can integrate with the Sandia Two-Factor Authentication Project. The results of these investigations and a network authentication path forward strategy are documented in this report.

  4. Remote Access

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    Remote Access Remote Access Laboratory employees can access Research Library databases and products from offsite using our EZproxy service. This service is limited to LANL employees with active Z numbers and cryptocards. Access Electronic Collections with EZproxy Remote Access Journals - Books - Standards - Databases (WOK, etc) How to use EZproxy: From this page: Click on the icon above. From external site: Select "OFFSITE LANL Employee". Enter your Z number and Cryptocard passcode.

  5. U-082: McAfee SaaS 'myCIOScn.dll' ActiveX Control Lets Remote...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Lets Remote Users Execute Arbitrary Code January 17, 2012 - 1:00pm Addthis PROBLEM: PHP Null Pointer Dereference in zendstrndup() Lets Local Users Deny Service PLATFORM: PHP...

  6. Hardware device binding and mutual authentication

    DOE Patents [OSTI]

    Hamlet, Jason R; Pierson, Lyndon G

    2014-03-04

    Detection and deterrence of device tampering and subversion by substitution may be achieved by including a cryptographic unit within a computing device for binding multiple hardware devices and mutually authenticating the devices. The cryptographic unit includes a physically unclonable function ("PUF") circuit disposed in or on the hardware device, which generates a binding PUF value. The cryptographic unit uses the binding PUF value during an enrollment phase and subsequent authentication phases. During a subsequent authentication phase, the cryptographic unit uses the binding PUF values of the multiple hardware devices to generate a challenge to send to the other device, and to verify a challenge received from the other device to mutually authenticate the hardware devices.

  7. U-119: Blackberry PlayBook Unspecified WebKit Bug Lets Remote...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    7.1, and BlackBerry PlayBook tablet software ABSTRACT: A remote user can create HTML that, when loaded by the target user, will execute arbitrary code on the target user's...

  8. Prospective Users

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    the ALS with all the technical, experiment, and administrative support they require for successful and efficient use of beam time. The kinds of access for users, i.e., General...

  9. NIF Users

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    users NIF Users Research Opportunities at the National Ignition Facility The National Ignition Facility provides the scientific community with an unprecedented capability for studying materials at extreme pressures, temperatures, and densities. NIF is expected to achieve temperatures and densities almost an order of magnitude greater than those in the sun's core and pressures far in excess of those at the core of Jupiter. The density of neutrons during the tens of picoseconds the NIF target

  10. New User Training: August 13, 2015

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    8/13/2015 New User Training: August 13, 2015 NERSC will present a day of training for new users on August 13, 2015 from 09:00 to 17:00 PDT. This event is targeted to new users of NERSC and will help them navigate the center and its systems. Location This event will be presented online using Zoom technology and in person at NERSC Oakland Scientific Facility. Please see below for remote connection information. Registration There is no registration for the online event. Please see below for remote