Lucene search

K

Passport Security Vulnerabilities

cve
cve

CVE-2023-51436

Cross-site scripting vulnerability exists in UNIVERSAL PASSPORT RX versions 1.0.0 to 1.0.8, which may allow a remote authenticated attacker with an administrative privilege to execute an arbitrary script on the web browser of the user who is using the...

6.8AI Score

0.0004EPSS

2024-06-03 04:15 AM
15
cve
cve

CVE-2023-42427

Cross-site scripting vulnerability exists in UNIVERSAL PASSPORT RX versions 1.0.0 to 1.0.7, which may allow a remote authenticated attacker to execute an arbitrary script on the web browser of the user who is using the...

6.7AI Score

0.0004EPSS

2024-06-03 04:15 AM
15
cve
cve

CVE-2023-4299

Digi RealPort Protocol is vulnerable to a replay attack that may allow an attacker to bypass authentication to access connected...

9CVSS

8.1AI Score

0.001EPSS

2023-08-31 09:15 PM
24
cve
cve

CVE-2023-29019

@fastify/passport is a port of passport authentication library for the Fastify ecosystem. Applications using @fastify/passport in affected versions for user authentication, in combination with @fastify/session as the underlying session management mechanism, are vulnerable to session fixation...

8.1CVSS

8AI Score

0.001EPSS

2023-04-21 11:15 PM
22
cve
cve

CVE-2023-29020

@fastify/passport is a port of passport authentication library for the Fastify ecosystem. The CSRF (Cross-Site Request Forger) protection enforced by the @fastify/csrf-protection library, when combined with @fastify/passport in affected versions, can be bypassed by network and same-site attackers.....

6.5CVSS

6.5AI Score

0.001EPSS

2023-04-21 11:15 PM
27
cve
cve

CVE-2022-23505

Passport-wsfed-saml2 is a ws-federation protocol and SAML2 tokens authentication provider for Passport. In versions prior to 4.6.3, a remote attacker may be able to bypass WSFed authentication on a website using passport-wsfed-saml2. A successful attack requires that the attacker is in possession.....

7.5CVSS

7.6AI Score

0.002EPSS

2022-12-13 08:15 AM
28
cve
cve

CVE-2022-39299

Passport-SAML is a SAML 2.0 authentication provider for Passport, the Node.js authentication library. A remote attacker may be able to bypass SAML authentication on a website using passport-saml. A successful attack requires that the attacker is in possession of an arbitrary IDP signed XML...

8.1CVSS

8.9AI Score

0.009EPSS

2022-10-12 09:15 PM
72
5
cve
cve

CVE-2019-7632

LifeSize Team, Room, Passport, and Networker 220 devices allow Authenticated Remote OS Command Injection, as demonstrated by shell metacharacters in the support/mtusize.php mtu_size parameter. The lifesize default password for the cli account may sometimes be used for...

8.8CVSS

8.9AI Score

0.004EPSS

2022-10-03 04:19 PM
22
cve
cve

CVE-2022-25896

This affects the package passport before 0.6.0. When a user logs in or logs out, the session is regenerated instead of being...

4.8CVSS

4.9AI Score

0.001EPSS

2022-07-01 08:15 PM
48
7
cve
cve

CVE-2022-26953

Digi Passport Firmware through 1.5.1,1 is affected by a buffer overflow. An attacker can supply a string in the page parameter for reboot.asp endpoint, allowing him to force an overflow when the string is concatenated to the HTML...

7.5CVSS

7.7AI Score

0.002EPSS

2022-04-06 01:15 AM
59
cve
cve

CVE-2022-26952

Digi Passport Firmware through 1.5.1,1 is affected by a buffer overflow in the function for building the Location header string when an unauthenticated user is redirected to the authentication...

7.5CVSS

7.9AI Score

0.002EPSS

2022-04-06 01:15 AM
51
cve
cve

CVE-2021-36767

In Digi RealPort through 4.10.490, authentication relies on a challenge-response mechanism that gives access to the server password, making the protection ineffective. An attacker may send an unauthenticated request to the server. The server will reply with a weakly-hashed version of the server's.....

9.8CVSS

9.5AI Score

0.001EPSS

2021-10-08 03:15 PM
35
cve
cve

CVE-2021-35979

An issue was discovered in Digi RealPort through 4.8.488.0. The 'encrypted' mode is vulnerable to man-in-the-middle attacks and does not perform...

8.1CVSS

7.9AI Score

0.001EPSS

2021-10-08 03:15 PM
24
cve
cve

CVE-2021-35977

An issue was discovered in Digi RealPort for Windows through 4.8.488.0. A buffer overflow exists in the handling of ADDP discovery response messages. This could result in arbitrary code...

9.8CVSS

9.8AI Score

0.002EPSS

2021-10-08 03:15 PM
28
cve
cve

CVE-2021-41580

The passport-oauth2 package before 1.6.1 for Node.js mishandles the error condition of failure to obtain an access token. This is exploitable in certain use cases where an OAuth identity provider uses an HTTP 200 status code for authentication-failure error reports, and an application grants...

5.3CVSS

5.3AI Score

0.001EPSS

2021-09-27 07:15 AM
22
cve
cve

CVE-2021-39171

Passport-SAML is a SAML 2.0 authentication provider for Passport, the Node.js authentication library. Prior to version 3.1.0, a malicious SAML payload can require transforms that consume significant system resources to process, thereby resulting in reduced or denied service. This would be an...

7.5CVSS

7.6AI Score

0.001EPSS

2021-08-27 10:15 PM
43
3
cve
cve

CVE-2019-13483

Auth0 Passport-SharePoint before 0.4.0 does not validate the JWT signature of an Access Token before processing. This allows attackers to forge tokens and bypass authentication and authorization...

7.3CVSS

7.3AI Score

0.001EPSS

2019-07-25 08:15 PM
104
cve
cve

CVE-2018-17499

Envoy Passport for Android and Envoy Passport for iPhone could allow a local attacker to obtain sensitive information, caused by the storing of unencrypted data in logs. An attacker could exploit this vulnerability to obtain two API keys, a token and other sensitive...

5.5CVSS

5.2AI Score

0.0004EPSS

2019-03-21 04:00 PM
21
cve
cve

CVE-2018-17500

Envoy Passport for Android and Envoy Passport for iPhone could allow a local attacker to obtain sensitive information, caused by the storing of hardcoded OAuth Creds in plaintext. An attacker could exploit this vulnerability to obtain sensitive...

7.8CVSS

7.2AI Score

0.0004EPSS

2019-03-21 04:00 PM
22
cve
cve

CVE-2017-16897

A vulnerability has been discovered in the Auth0 passport-wsfed-saml2 library affecting versions < 3.0.5. This vulnerability allows an attacker to impersonate another user and potentially elevate their privileges if the SAML identity provider does not sign the full SAML response (e.g., only sign...

8.1CVSS

7.7AI Score

0.002EPSS

2017-12-27 05:08 PM
36
cve
cve

CVE-2016-7191

The Microsoft Azure Active Directory Passport (aka Passport-Azure-AD) library 1.x before 1.4.6 and 2.x before 2.0.1 for Node.js does not recognize the validateIssuer setting, which allows remote attackers to bypass authentication via a crafted...

8.1CVSS

7.7AI Score

0.006EPSS

2016-09-28 08:59 PM
46