Lucene search
K

66 matches found

Vulnrichment
Vulnrichment
added 2025/06/09 6:12 a.m.4 views

CVE-2025-25207 Rhcl: authpolicy callbacks result in denial of service in authorino severity

The Authorino service in the Red Hat Connectivity Link is the authorization service for zero trust API security. Authorino allows the users with developer persona to add callbacks to be executed to HTTP endpoints once the authorization process is completed. It was found that an attacker with...

5.7CVSS6AI score0.00278EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/06/09 6:12 a.m.32 views

CVE-2025-25207 Rhcl: authpolicy callbacks result in denial of service in authorino severity

The Authorino service in the Red Hat Connectivity Link is the authorization service for zero trust API security. Authorino allows the users with developer persona to add callbacks to be executed to HTTP endpoints once the authorization process is completed. It was found that an attacker with...

5.7CVSS0.00278EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/22 9:6 p.m.8 views

CVE-2021-42000

When a password reset or password change flow with an authentication policy is configured and the adapter in the reset or change policy supports multiple parallel reset flows, an existing user can reset another existing users password...

6.5CVSS7.4AI score0.00535EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 3:28 p.m.8 views

CVE-2020-27951

This issue was addressed with improved checks. This issue is fixed in watchOS 6.3, iOS 12.5, iOS 14.3 and iPadOS 14.3, watchOS 7.2. Unauthorized code execution may lead to an authentication policy violation...

7.8CVSS6.7AI score0.01061EPSS
Exploits0
Citrix
Citrix
added 2025/05/16 12:0 a.m.12 views

[NetScaler-AAA] The Radius action cannot be performed in nFactor auth

In nFactor auth, the Radius action is the second factor but cannot be performed. nFactor flow is simple and is like below: AAA vServer: DomainRadiusvS Login Schema: DualAuthSchema Authn Policy: DomainLDAPPol Expression: true Action: LDAPAct Next Factor if Success: RadiusPollable Login Schema:...

7.3AI score
Exploits0
Rockylinux
Rockylinux
added 2025/05/07 7:11 p.m.12 views

pam bug fix update

An update is available for pam. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Pluggable Authentication Modules PAM provide a system to set up authentication...

7.4AI score
Exploits0
Fedora
Fedora
added 2024/11/29 3:30 a.m.18 views

[SECURITY] Fedora 41 Update: pam-1.6.1-7.fc41

PAM Pluggable Authentication Modules is a system security tool that allows system administrators to set authentication policy without having to recompile programs that handle authentication...

7.4CVSS7.1AI score0.00798EPSS
Exploits0
OSV
OSV
added 2023/11/01 6:15 p.m.3 views

CVE-2023-20247

A vulnerability in the remote access SSL VPN feature of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an authenticated, remote attacker to bypass a configured multiple certificate authentication policy and connect using only a valid...

4.3CVSS5.8AI score0.00292EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/09/14 4:43 p.m.12 views

CVE-2023-4951 Cross Site Scripting (XSS) Issue on "Client Based Authentication Policy Configuration" Screen

A cross site scripting issue was discovered with the pagination function on the "Client-based Authentication Policy Configuration" screen of the GreenRADIUS web admin interface. This issue is found in GreenRADIUS v5.1.1.1 and prior. A fix was included in v5.1.2.2...

2CVSS6.2AI score0.00268EPSS
Exploits0References1
Citrix
Citrix
added 2023/04/10 12:0 a.m.12 views

[NetScaler] Error "KB Questions and Asnwers not registered" with LDAP KBAttribute

In a SSPR nFactor configuration. You may observe error "KB Questions and Asnwers not registered" when login with LDAP password and can't move to the next AAA factor. Triggers are: The LDAP factor has noschema boundInherits username & password from a previous factor. LDAP action has KBAttribute...

7.1AI score
Exploits0
Citrix
Citrix
added 2022/06/23 12:0 a.m.8 views

[Citrix Gateway] "Cannot complete your request" error after adding EPA configuration

In Citrix Gateway deployment, You may encounter "Cannot complete your request" error if adding a new EPA policy in AAA vServer. For example, you have the following existing configuration to implement post EPA scan based on group name: add authentication Policy NoAuthGroup01 -rule...

7.1AI score
Exploits0
ATTACKERKB
ATTACKERKB
added 2022/05/02 10:15 p.m.5 views

CVE-2022-23722

When a password reset mechanism is configured to use the Authentication API with an Authentication Policy, email One-Time Password, PingID or SMS authentication, an existing user can reset another existing user’s password...

6.5CVSS6.6AI score0.00571EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2022/05/02 10:15 p.m.7 views

CVE-2022-23722

When a password reset mechanism is configured to use the Authentication API with an Authentication Policy, email One-Time Password, PingID or SMS authentication, an existing user can reset another existing user’s password...

6.5CVSS5.8AI score0.00571EPSS
Exploits0References2
Prion
Prion
added 2022/05/02 10:15 p.m.17 views

Authentication flaw

When a password reset mechanism is configured to use the Authentication API with an Authentication Policy, email One-Time Password, PingID or SMS authentication, an existing user can reset another existing user’s password...

3.5CVSS6.6AI score0.00571EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2022/05/02 10:5 p.m.727 views

CVE-2022-23722

PingFederate Password Reset vulnerability (CVE-2022-23722): when the password-reset mechanism uses the Authentication API with an Authentication Policy, email OTP, PingID, or SMS, an existing user can reset another user’s password. The connected sources describe the issue and its impact but do no...

6.5CVSS6.6AI score0.00571EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2022/05/02 10:5 p.m.30 views

CVE-2022-23722 PingFederate Password Reset via Authentication API Mishandling

When a password reset mechanism is configured to use the Authentication API with an Authentication Policy, email One-Time Password, PingID or SMS authentication, an existing user can reset another existing user’s password...

6.8AI score0.00571EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/05/02 12:0 a.m.4 views

Ping Identity PingFederate授权问题漏洞

Ping Identity PingFederate is a flagship software-based federation server in the United States. for identity management. Ping Identity PingFederate has a security vulnerability that can be exploited by an existing user to reset the password of another existing user when the password reset mechani...

6.5CVSS6.6AI score0.00571EPSS
Exploits0References3
OSV
OSV
added 2022/03/16 12:15 a.m.3 views

CVE-2020-36519

Mimecast Email Security before 2020-01-10 allows any admin to spoof any domain, and pass DMARC alignment via SPF. This occurs through misuse of the address rewrite feature. The domain being spoofed must be a customer in the Mimecast grid from which the spoofing occurs...

4.9CVSS5.8AI score0.00802EPSS
Exploits1References1
OSV
OSV
added 2022/02/10 11:15 p.m.4 views

CVE-2021-42000

When a password reset or password change flow with an authentication policy is configured and the adapter in the reset or change policy supports multiple parallel reset flows, an existing user can reset another existing users password...

6.5CVSS6.6AI score0.00535EPSS
Exploits0References2
NVD
NVD
added 2022/02/10 11:15 p.m.19 views

CVE-2021-42000

When a password reset or password change flow with an authentication policy is configured and the adapter in the reset or change policy supports multiple parallel reset flows, an existing user can reset another existing users password...

6.5CVSS0.00535EPSS
Exploits0References2
Rows per page
Query Builder