GHSA-3393-R4P5-VHQH Gitea Allows 1FA Even for 2FA-Enrolled Accounts

Gitea before 1.8.0 allows 1FA for user accounts that have completed 2FA enrollment. If a user's credentials are known, then an attacker could send them to the API without requiring the 2FA one-time password...

Gitea Allows 1FA Even for 2FA-Enrolled Accounts

Gitea before 1.8.0 allows 1FA for user accounts that have completed 2FA enrollment. If a user's credentials are known, then an attacker could send them to the API without requiring the 2FA one-time password...

CVE-2022-0910

CVE-2022-0910 describes an authentication-bypass flaw in Zyxel firewall products where an authenticated attacker can downgrade from two-factor to one-factor authentication when connecting to the IPsec VPN server. Affected are Zyxel USG/ZyWALL firmware 4.32–4.71, USG FLEX 4.50–5.21, ATP 4.32–5.21,...

Gitea Allows 1FA Even for 2FA-Enrolled Accounts

Gitea before 1.8.0 allows 1FA for user accounts that have completed 2FA enrollment. If a user's credentials are known, then an attacker could send them to the API without requiring the 2FA one-time password...

h1-ctf: [H1-2006 2020] Bounty Pay CTF challenge

H1-2006 2020 Bounty Pay CTF challenge Hi there! This is my H1-2006 CTF writeup submission. First of all, thanks for the great challenge! This was my first H1 CTF that I played. I really enjoyed doing it and I learned new things solving this challenge. In my case, it was the demonstration that I...

2FA Authentication Bypass

github.com/go-gitea/gitea is vulnerable to 2FA authentication bypass. 1FA authentication is performed for 2FA-enrolled users, allowing attackers who have obtained user credentials to gain access to the API without requiring the one-time password for the second factor authentication...

CVE-2019-11576

Gitea before 1.8.0 allows 1FA for user accounts that have completed 2FA enrollment. If a user's credentials are known, then an attacker could send them to the API without requiring the 2FA one-time password...

CVE-2019-11576

Gitea before 1.8.0 allows 1FA for user accounts that have completed 2FA enrollment. If a user's credentials are known, then an attacker could send them to the API without requiring the 2FA one-time password...

Design/Logic Flaw

Gitea before 1.8.0 allows 1FA for user accounts that have completed 2FA enrollment. If a user's credentials are known, then an attacker could send them to the API without requiring the 2FA one-time password...

CVE-2019-11576

Gitea before 1.8.0 allows 1FA for user accounts that have completed 2FA enrollment. If a user's credentials are known, then an attacker could send them to the API without requiring the 2FA one-time password...

CVE-2019-11576

Gitea before 1.8.0 is affected by CVE-2019-11576, where accounts that have completed 2FA enrollment can be subjected to a 1FA bypass if the attacker has the user’s credentials, allowing API access without the one-time password. The vulnerability is rooted in 2FA bypass for accounts with active 2F...