5 matches found
CVE-2024-48942
The Syracom Secure Login 2FA plugin for Jira, Confluence, and Bitbucket through 3.1.4.5 allows remote attackers to easily brute-force the 2FA PIN via the plugins/servlet/twofactor/public/pinvalidation endpoint. The last 30 and the next 30 tokens are valid...
CVE-2024-48942
The Syracom Secure Login 2FA plugin for Jira, Confluence, and Bitbucket through 3.1.4.5 allows remote attackers to easily brute-force the 2FA PIN via the plugins/servlet/twofactor/public/pinvalidation endpoint. The last 30 and the next 30 tokens are valid...
CVE-2024-48942
The Syracom Secure Login (2FA) plugin for Jira, Confluence, and Bitbucket (versions 3.1.4.5 and earlier) is affected. The vulnerability allows remote attackers to brute-force the 2FA PIN via the plugins/servlet/twofactor/public/pinvalidation endpoint, with the last 30 tokens and the next 30 token...
CVE-2023-22958
The Syracom Secure Login plugin before 3.1.1.0 for Jira may allow spoofing of 2FA PIN validation via the plugins/servlet/twofactor/public/pinvalidation target parameter...
CVE-2023-22958
The Syracom Secure Login plugin before 3.1.1.0 for Jira may allow spoofing of 2FA PIN validation via the plugins/servlet/twofactor/public/pinvalidation target parameter...