-
CSP currently has a few gaps that prevent it from being a useful anti-exfiltration mechanism. https://www.w3.org/TR/CSP3/#exfiltration hints that preventing data exfiltration may be a goal, but it's n…
-
## CVE-2023-51767 - High Severity Vulnerability
Vulnerable Libraries - src3.1.5, freebsd-srce72d86ad9c62c8054d7977a71f08e68ef755c132
Vulnerability Details
OpenSSH through 9.6, when commo…
-
### Problem Statement
I'm implementing a custom oauth2 strategy at the moment and the documentation suggests using a [nonce](https://auth0.com/docs/get-started/authentication-and-authorization-flow/m…
-
OWASP lists [Custom Request Headers](https://cheatsheetseries.owasp.org/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.html#custom-request-headers) in their CSRF cheat sheet, which says…
-
Thanks for the excellent list of security optimizations. I've approached this slightly differently, and I wanted to get some feedback/discussion:
Implementation:
- Assuming you're on a device on…
-
Hello,
Out of nowhere, my Aarlo stopped authenticating correctly.
After turning on debug logging, I found the following information relevant to Cloudflare.
```
2023-08-01 19:53:43.782 DEBUG (S…
-
Just a suggestion: it would be cool to add some information about security concerns in different JWT storage methods on the client-side (cookie/localStorage) - XSS, CSRF etc.
-
**Is your feature request related to a problem? Please describe.**
Open-source supply-chain attacks are [increasing every year][sonatype]. Beyond the infamous [SolarWinds][solarwinds] and [Codecov][c…
-
Current feature :
Currently per [doc](https://www.elastic.co/guide/en/fleet/8.15/elastic-agent-cmd-options.html#_options_5) :
> --base-path
Install Elastic Agent in a location other than the [defa…
jguay updated
1 month ago
-
```yaml
id: 451
title: 'RVD#451: DDS cryptographic plugin, AES_GCM subject to forgery, key recovery
and timing attacks, and nonce replay attacks'
type: vulnerability
description: For the cryptograph…