Lucene search
K

17 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:51 p.m.12 views

CVE-2025-10908

Due to a lack of user account state validation during authentication, locked user accounts can be successfully authenticated using Magic Link or Pass Key methods. This bypasses the intended security control that should prevent access to accounts that have been locked. This vulnerability may allow...

7.3CVSS5.5AI score0.0023EPSS
Exploits0References1
NVD
NVD
added 2026/05/28 6:16 a.m.19 views

CVE-2026-9798

A flaw was found in Keycloak, an open-source identity and access management solution. When a user account is temporarily locked due to repeated failed login attempts, an attacker with valid client credentials can exploit the Client-Initiated Backchannel Authentication CIBA flow to bypass this...

4.3CVSS0.00206EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.14 views

PT-2026-44193

Name of the Vulnerable Software and Affected Versions Keycloak affected versions not specified Description A flaw in the Client-Initiated Backchannel Authentication CIBA flow allows an attacker with valid client credentials to bypass brute-force protection. When a user account is temporarily lock...

4.3CVSS5.8AI score0.00206EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/11 12:32 p.m.12 views

EUVD-2025-209756

Due to a lack of user account state validation during authentication, locked user accounts can be successfully authenticated using Magic Link or Pass Key methods. This bypasses the intended security control that should prevent access to accounts that have been locked. This vulnerability may allow...

7.3CVSS5.8AI score0.0023EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/11 9:1 a.m.41 views

CVE-2025-10908 Account Lock Bypass via Magic Link or Pass Key Authentication in WSO2 Identity Server Allows Unauthorized Access

Due to a lack of user account state validation during authentication, locked user accounts can be successfully authenticated using Magic Link or Pass Key methods. This bypasses the intended security control that should prevent access to accounts that have been locked. This vulnerability may allow...

0.0023EPSS
Exploits0References1
CVE
CVE
added 2026/05/11 9:1 a.m.14 views

CVE-2025-10908

CVE-2025-10908 affects WSO2 Identity Server. The root cause is a lack of user account state validation during authentication, allowing locked accounts to be authenticated via Magic Link or Pass Key and bypass the account-lock mechanism. This can lead to unauthorized access to applications and dat...

7.3CVSS5.8AI score0.0023EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.7 views

WSO2 Identity Server 安全漏洞

WSO2 Identity Server is an identity authentication server developed by the American company WSO2. WSO2 Identity Server has a security vulnerability that stems from the lack of verification of user account status. This vulnerability may allow locked accounts to be successfully authenticated throug...

7.3CVSS5.8AI score0.0023EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/11 12:0 a.m.16 views

PT-2026-39581

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description A lack of user account state validation during authentication allows locked user accounts to be successfully accessed using Magic Link or Pass Key methods. This...

7.3CVSS5.8AI score0.0023EPSS
Exploits0References7
CERT
CERT
added 2025/12/16 12:0 a.m.8 views

Siemens Gridscale X Prepay username enumeration and account lock bypass vulnerability

Overview Vulnerabilities have been identified in Siemens Gridscale X Prepay that allows unauthenticated username enumeration and enables an attacker to bypass account lock functionality. These issues may permit unauthorized access or prolonged access to protected resources, even after an account...

6.9CVSS7AI score0.00393EPSS
Exploits0
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-2560

Malicious code in bioql PyPI...

6.5CVSS6.4AI score0.01932EPSS
Exploits1References12
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-33754

Malicious code in bioql PyPI...

4.2CVSS8.7AI score0.00407EPSS
Exploits0References2
OSV
OSV
added 2022/05/13 1:31 a.m.3 views

GHSA-5C6W-F4W2-2GRP Mediawiki BotPassword can bypass CentralAuth's account lock

Mediawiki 1.31 before 1.31.1, 1.30.1, 1.29.3 and 1.27.5 contains a flaw where BotPasswords can bypass CentralAuth's account lock...

6.5CVSS6.4AI score0.01932EPSS
Exploits1References10
OSV
OSV
added 2018/10/04 8:29 p.m.1 views

DEBIAN-CVE-2018-0505

Mediawiki 1.31 before 1.31.1, 1.30.1, 1.29.3 and 1.27.5 contains a flaw where BotPasswords can bypass CentralAuth's account lock...

6.5CVSS5.8AI score0.01932EPSS
Exploits1References1
OpenVAS
OpenVAS
added 2018/09/21 12:0 a.m.42 views

Debian: Security Advisory (DSA-4301-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.5CVSS5.5AI score0.02797EPSS
Exploits1References4
OSV
OSV
added 2017/09/28 1:29 a.m.5 views

UBUNTU-CVE-2017-11191

DISPUTED FreeIPA 4.x with API version 2.213 allows a remote authenticated users to bypass intended account-locking restrictions via an unlock action with an old session ID for the same user account that had been created for an earlier session. NOTE: Vendor states that issue does not exist in...

8.8CVSS7.3AI score0.01687EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2017/09/27 12:0 a.m.8 views

PT-2017-11811 · Red Hat +1 · Freeipa +1

Name of the Vulnerable Software and Affected Versions: FreeIPA versions 4.x Description: The issue allows a remote authenticated user to bypass intended account-locking restrictions via an unlock action with an old session ID for the same user account that had been created for an earlier session...

8.8CVSS6.8AI score0.01687EPSS
Exploits1References11
CNVD
CNVD
added 2015/09/02 12:0 a.m.4 views

Basware Banking Denial of Service Vulnerability

Basware Banking Maksuliikenne is a suite of software from the Finnish company Basware that establishes connections with banks to manage their own finances. A security vulnerability exists in Basware Banking version 8.90.07 and earlier, which arises from the program's reliance on the client to...

4.3CVSS6.8AI score0.01121EPSS
Exploits0References1
Rows per page
Query Builder