Lucene search
K

938 matches found

Hacker One
Hacker One
added 2024/07/12 9:25 a.m.40 views

HackerOne: Bypassing HackerOne 2FA due to race condition

A race condition vulnerability was discovered in HackerOne's 2FA reset process. The issue allowed an attacker to initiate multiple parallel 2FA reset requests, resulting in multiple reset notification emails. When a user canceled one reset request, the remaining requests would stay active,...

6.9AI score
Exploits0
The Hacker News
The Hacker News
added 2024/07/04 3:37 a.m.43 views

Twilio's Authy App Attack Exposes Millions of Phone Numbers

Cloud communications provider Twilio has revealed that unidentified threat actors took advantage of an unauthenticated endpoint in Authy to identify data associated with Authy accounts, including users' cell phone numbers. The company said it took steps to secure the endpoint to no longer accept...

7.5AI score
Exploits0
Fedora
Fedora
added 2024/06/29 1:42 a.m.22 views

[SECURITY] Fedora 39 Update: freeipa-4.12.1-1.fc39

IPA is an integrated solution to provide centrally managed Identity users, hosts, services, Authentication SSO, 2FA, and Authorization host access control, SELinux user roles, services. The solution provides features for further integration with Linux based clients SUDO, automount and integration...

8.8CVSS7.3AI score0.02053EPSS
Exploits1
Vulnrichment
Vulnrichment
added 2024/06/27 7:23 p.m.14 views

CVE-2024-38523 Hush Line OTP issue

Hush Line is a free and open-source, anonymous-tip-line-as-a-service for organizations or individuals. The TOTP authentication flow has multiple issues that weakens its one-time nature. Specifically, the lack of 2FA for changing security settings allows attacker with CSRF or XSS primitives to...

7.5CVSS6.6AI score0.00515EPSS
Exploits0References2
Hacker One
Hacker One
added 2024/06/26 2:41 a.m.52 views

HackerOne: Hackers can Invite Collaborators Without 2FA on Programs Requiring 2FA

Vulnerability description not provided...

7.1AI score
Exploits0
NVD
NVD
added 2024/06/25 1:15 p.m.29 views

CVE-2024-4846

Authentication bypass in the 2FA feature in Devolutions Server 2024.1.14.0 and earlier allows an authenticated attacker to authenticate to another user without being asked for the 2FA via another browser tab...

6.3CVSS0.00386EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/06/25 12:18 p.m.28 views

CVE-2024-4846

Authentication bypass in the 2FA feature in Devolutions Server 2024.1.14.0 and earlier allows an authenticated attacker to authenticate to another user without being asked for the 2FA via another browser tab...

0.00386EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/06/25 12:18 p.m.13 views

CVE-2024-4846

Authentication bypass in the 2FA feature in Devolutions Server 2024.1.14.0 and earlier allows an authenticated attacker to authenticate to another user without being asked for the 2FA via another browser tab...

6.8AI score0.00386EPSS
Exploits0References1
CVE
CVE
added 2024/06/25 12:18 p.m.44 views

CVE-2024-4846

CVE-2024-4846 describes an authentication bypass in the 2FA feature of Devolutions Server, affected versions 2024.1.14.0 and earlier. An authenticated attacker can sign in as another user without being prompted for 2FA via another browser tab. The available connected documents confirm the vulnera...

6.3CVSS6.8AI score0.00386EPSS
Exploits0References1Affected Software1
Hacker One
Hacker One
added 2024/06/24 12:11 p.m.104 views

HackerOne: Business Logic error leads to bypass 2FA requirement

Vulnerability description not provided...

7.1AI score
Exploits0
Malwarebytes
Malwarebytes
added 2024/06/24 7:7 a.m.41 views

A week in security (June 17 – June 23)

Last week on Malwarebytes Labs: Microsoft Recall delayed after privacy and security concerns Almost everything you always wanted to know about cybersecurity, but were too afraid to ask, with Tjitske de Vries: Lock and Code S05E13 43% of couples experience pressure to share logins and locations,...

7.6AI score
Exploits0
Hacker One
Hacker One
added 2024/06/22 4:36 a.m.46 views

HackerOne: Reports submitted by a non 2fa setupped user account can be transferred to a 2fa require submission program

Vulnerability description not provided...

7.1AI score
Exploits0
NVD
NVD
added 2024/06/21 4:15 p.m.38 views

CVE-2022-44587

Insertion of Sensitive Information into Log File vulnerability in WP 2FA allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WP 2FA: from n/a through 2.6.3...

7.5CVSS0.00441EPSS
Exploits0References1
Malwarebytes
Malwarebytes
added 2024/06/21 4:1 p.m.12 views

First million breached Ticketmaster records released for free

The cybercriminal acting under the name "Sp1d3r" gave away the first 1 million records that are part of the data set that they claimed to have stolen from Ticketmaster/Live Nation. The files were released without a price, for free. When Malwarebytes Labs first learned about this data breach, it...

7.2AI score
Exploits0
Vulnrichment
Vulnrichment
added 2024/06/21 3:54 p.m.18 views

CVE-2022-44587 WordPress WP 2FA plugin <= 2.6.3 - Sensitive Data Exposure via Log File vulnerability

Insertion of Sensitive Information into Log File vulnerability in WP 2FA allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WP 2FA: from n/a through 2.6.3...

5.3CVSS6.9AI score0.00441EPSS
Exploits0References1
CVE
CVE
added 2024/06/21 3:54 p.m.60 views

CVE-2022-44587

Technical details about CVE-2022-44587 (WP 2FA) are not provided in the connected documents. Monitor for updates from vendors/security advisories; current entries indicate log-file exposure but lack specifics on affected versions, fixes, or exploitation.

7.5CVSS6.4AI score0.00441EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2024/06/21 3:54 p.m.30 views

CVE-2022-44587 WordPress WP 2FA plugin <= 2.6.3 - Sensitive Data Exposure via Log File vulnerability

Insertion of Sensitive Information into Log File vulnerability in WP 2FA allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WP 2FA: from n/a through 2.6.3...

5.3CVSS0.00441EPSS
Exploits0References1
Veracode
Veracode
added 2024/06/20 7:18 a.m.14 views

2FA Sniffing

pterodactyl/panel is vulnerable to a 2FA sniffing. The vulnerability is due to a logical error that delays password verification until after 2FA credentials are entered, allowing malicious users to determine account existence with incorrect passwords...

7.5CVSS6.8AI score0.01475EPSS
Exploits0References5Affected Software1
Patchstack
Patchstack
added 2024/06/20 12:0 a.m.17 views

WordPress WP 2FA Plugin <= 2.6.3 is vulnerable to Sensitive Data Exposure

Software WP 2FA Type Plugin Vulnerable versions = 2.6.3 Fixed in 2.6.4 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2022-44587 Patch priority Low CVSS severity Low 5.3 Developer Melapress PSID b28422640e7b Credits Snicco Required privilege Unauthenticate...

7.5CVSS6.6AI score0.00441EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2024/06/14 3:15 p.m.27 views

CVE-2024-37313

Nextcloud server is a self hosted personal cloud system. Under some circumstance it was possible to bypass the second factor of 2FA after successfully providing the user credentials. It is recommended that the Nextcloud Server is upgraded to 26.0.13, 27.1.8 or 28.0.4 and Nextcloud Enterprise Serv...

7.5CVSS0.00402EPSS
Exploits0References3
Rows per page
Query Builder