68 matches found
CVE-2021-42000
When a password reset or password change flow with an authentication policy is configured and the adapter in the reset or change policy supports multiple parallel reset flows, an existing user can reset another existing users password...
CVE-2021-42000
When a password reset or password change flow with an authentication policy is configured and the adapter in the reset or change policy supports multiple parallel reset flows, an existing user can reset another existing users password...
Default credentials
When a password reset or password change flow with an authentication policy is configured and the adapter in the reset or change policy supports multiple parallel reset flows, an existing user can reset another existing users password...
CVE-2021-42000
CVE-2021-42000 affects Ping Identity PingFederate. The issue arises when a password reset or password change flow uses an authentication policy and the policy’s adapter supports multiple parallel reset flows. This can allow an existing user to reset the password of another existing user, represen...
CVE-2021-42000 Ping Identity PingFederate Password Reset and Password Change Mishandling with an authentication policy in parallel reset flows
When a password reset or password change flow with an authentication policy is configured and the adapter in the reset or change policy supports multiple parallel reset flows, an existing user can reset another existing users password...
PT-2022-11527 · Ping Identity · Pingfederate
Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue arises when a password reset or password change flow with an authentication policy is configured, and the adapter in the reset or change polic...
Ping Identity PingFederate 安全漏洞
Ping Identity PingFederate is a flagship software-based federation server in the United States. It is used for identity management. PingFederate has a security vulnerability that stems from a faulty password reset process in the software. When a password reset or password modification process wit...
Microsoft Windows Local Security Authority Subsystem Service 安全特征问题漏洞
The Microsoft Windows Local Security Authority Subsystem Service is an internal Microsoft program that runs Windows system security policies. It authenticates users when they log on to a computer standalone or server, manages user password changes, and generates access characters. It also leaves...
CVE-2021-37151
CyberArk Identity 21.5.131, when handling an invalid authentication attempt, sometimes reveals whether the username is valid. In certain authentication policy configurations with MFA, the API response length can be used to differentiate between a valid user and an invalid one aka Username...
Code injection
This issue was addressed with improved checks. This issue is fixed in watchOS 6.3, iOS 12.5, iOS 14.3 and iPadOS 14.3, watchOS 7.2. Unauthorized code execution may lead to an authentication policy violation...
CVE-2020-27951
This issue was addressed with improved checks. This issue is fixed in watchOS 6.3, iOS 12.5, iOS 14.3 and iPadOS 14.3, watchOS 7.2. Unauthorized code execution may lead to an authentication policy violation...
CVE-2020-27951
CVE-2020-27951 affects Apple platforms (watchOS, iOS, iPadOS) and is described by multiple sources as an issue that allowed unauthorized code execution leading to an authentication policy violation. Apple’s security updates indicate fixes in watchOS 6.3, watchOS 7.2, iOS 12.5, and iOS/iPadOS 14.3...
The vulnerability of the authentication policy for the “Red Database” database management systems, related to errors in authentication data verification, allows attackers to increase their privileges.
The vulnerability of the authentication policy for the “Red Database” database management systems is related to an error in verifying authentication data. Exploiting this vulnerability can allow attackers, operating remotely, to increase their privileges...
About the security content of watchOS 6.3 - Apple Support
About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security updates page. Apple security documents reference...
About the security content of iOS 12.5 - Apple Support
About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security updates page. Apple security documents reference...
About the security content of watchOS 6.3
About the security content of watchOS 6.3 This document describes the security content of watchOS 6.3. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available...
About the security content of iOS 12.5
About the security content of iOS 12.5 This document describes the security content of iOS 12.5. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recen...
[SECURITY] Fedora 33 Update: pam-1.4.0-9.fc33
PAM Pluggable Authentication Modules is a system security tool that allows system administrators to set authentication policy without having to recompile programs that handle authentication...
Microsoft Windows: Audit Authentication Policy Change
This test checks the setting for policy OpenVAS Vulnerability Test $Id: winauthenticationpolicychange.nasl 11068 2018-08-21 11:51:41Z emoss $ Check value for Audit Authentication Policy Change Authors: Emanuel Moss Copyright: Copyright c 2018 Greenbone Networks GmbH, http://www.greenbone.net This...
Dedos-web Hardcoded Password Vulnerability
Dedos-web is a set of online tools for executing programs designed using DEDOS-Editor. A security vulnerability exists in version 1.0 of Dedos-web. The vulnerability stems from the program's use of the Passport.js package to provide authentication policies. An attacker can exploit the vulnerabili...