401 matches found
CVE-2022-43693
Concrete CMS is vulnerable to Cross-Site Request Forgery (CSRF) due to the lack of a State parameter in the external authentication service when using the out-of-the-box core OAuth flow. The CVE-2022-43693 entry indicates the root cause is CSRF susceptibility in the external authentication integr...
[SECURITY] Fedora 36 Update: php-pear-CAS-1.6.0-1.fc36
This package is a PEAR library for using a Central Authentication Service. Autoloader: %pearphpdir/CAS/Autoload.php...
[SECURITY] Fedora 35 Update: php-pear-CAS-1.6.0-1.fc35
This package is a PEAR library for using a Central Authentication Service. Autoloader: %pearphpdir/CAS/Autoload.php...
Fedora: Security Advisory for php-pear-CAS (FEDORA-2022-37c2d26f59)
The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Fedora: Security Advisory for php-pear-CAS (FEDORA-2022-76b3530ac2)
The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
[SECURITY] Fedora 37 Update: php-pear-CAS-1.6.0-1.fc37
This package is a PEAR library for using a Central Authentication Service. Autoloader: %pearphpdir/CAS/Autoload.php...
CVE-2022-20937
A vulnerability in a feature that monitors RADIUS requests on Cisco Identity Services Engine ISE Software could allow an unauthenticated, remote attacker to negatively affect the performance of an affected device. This vulnerability is due to insufficient management of system resources. An attack...
Apereo CAS 安全漏洞
Apereo CAS is a web-based enterprise multilingual single sign-on solution. A security vulnerability exists in Apereo CAS versions prior to 1.6.0 that stems from allowing PHP applications to easily authenticate users through the Central Authentication Service CAS...
Rocket.Chat 授权问题漏洞
Rocket.Chat is a popular, highly customizable chat platform developed on JavaScript. Rocket.Chat suffers from a security vulnerability when using cas for login, which can be exploited by remote attackers to submit a special request that can bypass two-factor authentication and gain unauthorized...
PT-2022-22655 · Unknown · Rocket.Chat
Name of the Vulnerable Software and Affected Versions: Rocket.Chat versions prior to 5 Rocket.Chat versions prior to 4.8.2 Rocket.Chat versions prior to 4.7.5 Description: A improper authentication issue exists that allows two-factor authentication to be bypassed when the server is configured to...
The vulnerability of the Group Membership Handler component in the Kubernetes authentication service provided by VMware Pinniped allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the Group Membership Handler component in Kubernetes authentication services exists because measures to neutralize specific elements have not been taken. Exploiting this vulnerability allows a malicious actor to compromise the confidentiality, integrity, and accessibility of...
CVE-2022-2385
A security issue was discovered in aws-iam-authenticator where an allow-listed IAM identity may be able to modify their username and escalate privileges...
GHSA-VCVP-89FQ-HWJ8 Apache Sling Authentication Service vulnerability
A flaw in the org.apache.sling.auth.core.AuthUtilisRedirectValid method in Apache Sling Authentication Service 1.4.0 allows an attacker, through the Sling login form, to trick a victim to send over their credentials...
GHSA-J4P3-2M2H-CV5F Cloud Foundry UAA Denial of Service through client token revocation endpoint
An issue was discovered in Cloud Foundry Foundation cf-release all versions prior to v279 and UAA 30.x versions prior to 30.6, 45.x versions prior to 45.4, 52.x versions prior to 52.1. In some cases, the UAA allows an authenticated user for a particular client to revoke client tokens for other...
Microsoft Local Security Authority Server 访问控制错误漏洞
Microsoft Local Security Authority Server is an LSA authentication service from Microsoft Corporation USA. An access control error vulnerability exists in Microsoft Local Security Authority Server lsasrv. The following products and editions are affected:Windows 10 Version 1809 for 32-bit...
CVE-2021-46740
The device authentication service module has a defect vulnerability introduced in the design process.Successful exploitation of this vulnerability may affect data confidentiality...
Information Disclosure
github.com/pomerium/pomerium is vulnerable to information disclosure. The library's authentication service exposes pprof debug and prometheus metrics handlers to untrusted traffic which results in sensitive environmental information leakage or limited denial of service conditions...
Gateway Callback and / or XML Communication fails after upgrade to Storefront 2203
The issue occurs when customers upgrade from Storefront 1912 to 2203 and had TLS1.0 disabled prior to upgrading Does not occur on a clean install, or with TLS 1.0 enabled. In this scenario customers will encounter a TLS communication issue between Storefront and ADC / Storefront and Citrix Delive...
CVE-2022-26355
Citrix Federated Authentication Service FAS 7.17 - 10.6 causes deployments that have been configured to store a registration authority certificate's private key in a Trusted Platform Module TPM to incorrectly store that key in the Microsoft Software Key Storage Provider MSKSP. This issue only...
CVE-2022-26355 Citrix Federated Authentication Service (FAS)
Citrix Federated Authentication Service FAS 7.17 - 10.6 causes deployments that have been configured to store a registration authority certificate's private key in a Trusted Platform Module TPM to incorrectly store that key in the Microsoft Software Key Storage Provider MSKSP. This issue only...