oath-toolkit: Local root exploit in a PAM module

A vulnerability was found in a PAM module, the oath-toolkit. The module gained a feature that allowed placing the OTP state file, called the usersfile, in the home directory of the to-be-authenticated user. The PAM module performed unsafe file operations in the users' home directories. Since PAM...

Security update for pam

This update for pam fixes the following issues: CVE-2025-6020: pamnamespace: convert functions that may operate on a user-controlled path to operate on file descriptors instead of absolute path. And keep the bind-mount protection from protectmount as a defense in depthmeasure. bsc1244509 Patch...

TencentOS Server 3: mod_auth_openidc:2.3 (TSSA-2025:0320)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0320 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

Salt's salt.auth.pki module does not properly authenticate callers

The salt.auth.pki module does not properly authenticate callers. The "password" field contains a public certificate which is validated against a CA certificate by the module. This is not pki authentication, as the caller does not need access to the corresponding private key for the authentication...

CVE-2025-29627

An issue in KeeperChat IOS Application v.5.8.8 allows a physically proximate attacker to escalate privileges via the Biometric Authentication Module...

CVE-2025-29627

An issue in KeeperChat IOS Application v.5.8.8 allows a physically proximate attacker to escalate privileges via the Biometric Authentication Module...

CVE-2025-29627

An issue in KeeperChat IOS Application v.5.8.8 allows a physically proximate attacker to escalate privileges via the Biometric Authentication Module...

PT-2025-24541 · Unknown · Keeperchat

Name of the Vulnerable Software and Affected Versions: KeeperChat IOS Application version 5.8.8 Description: An issue in the KeeperChat IOS Application allows a physically proximate attacker to escalate privileges via the Biometric Authentication Module. Recommendations: For KeeperChat IOS...

CVE-2025-29627

CVE-2025-29627 affects KeeperChat iOS App, v5.8.8, with a vulnerability in the Biometric Authentication Module that could allow a physically proximate attacker to escalate privileges. The public records describe the affected component as KeeperChat IOS Application and point to privilege escalatio...

CVE-2024-45586

This vulnerability exists due to improper access controls on APIs in the Authentication module of Symphony XTS Web Trading and Mobile Trading platforms version 2.0.0.1P160. An authenticated remote attacker could exploit this vulnerability by manipulating parameters through HTTP request which coul...

CVE-2024-48953

An issue was discovered in Logpoint before 7.5.0. Endpoints for creating, editing, or deleting third-party authentication modules lacked proper authorization checks. This allowed unauthenticated users to register their own authentication plugins in Logpoint, resulting in unauthorized access...

MAL-2025-4311 Malicious code in client-authentication-module (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b0d83929fbddd1bff9fe89b82702a66c79d3e1f6f0fe19baa7379b58472005ad Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in client-authentication-module (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b0d83929fbddd1bff9fe89b82702a66c79d3e1f6f0fe19baa7379b58472005ad Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2020-23055

ANCOM WLAN Controller Wireless Series & Hotspot WLC-1000 & WLC-4006 was discovered to contain multiple cross-site scripting XSS vulnerabilities in the /authen/start/ module via the userid and password parameters...

CVE-2015-8082

The Login Disable module 6.x-1.x before 6.x-1.1 and 7.x-1.x before 7.x-1.2 for Drupal does not properly load the userlogout function, which allows remote attackers to bypass the logout protection mechanism by leveraging a contributed user authentication module, as demonstrated by the CAS and URL...

Security update for apparmor

This update for apparmor fixes the following issues: Add dacreadsearch capability for unixchkpwd to allow it to read the shadow file even if it has 000 permissions. This is needed after the CVE-2024-10041 fix in PAM. bsc1241678 Patch Instructions: To install this SUSE update use the SUSE...

mod_auth_openidc: mod_auth_openidc allows OIDCProviderAuthRequestMethod POSTs to leak protected data

A flaw was found in modauthopenidc, an OpenID Connect authentication module for Apache HTTP Server. This vulnerability allows unauthenticated users to access protected content via crafted HTTP POST requests to protected resources when no application-level gateway is present...

Security update for apparmor

This update for apparmor fixes the following issues: Add dacreadsearch capability for unixchkpwd to allow it to read the shadow file even if it has 000 permissions. This is needed after the CVE-2024-10041 fix in PAM. bsc1241678 Patch Instructions: To install this SUSE update use the SUSE...

CVE-2025-46590

Bypass vulnerability in the network search instruction authentication module Impact: Successful exploitation of this vulnerability can bypass authentication and enable access to some network search functions...

Ensure That Old Passwords Are Verified When Users Change Them

To prevent a third party from maliciously changing the password of another user, the old password must be verified when a user changes the password. According to the common practice in the industry, the old password does not need to be verified when the root user changes its own password. The roo...