Lucene search
+L

68 matches found

NVD
NVD
added 2022/02/10 11:15 p.m.19 views

CVE-2021-42000

When a password reset or password change flow with an authentication policy is configured and the adapter in the reset or change policy supports multiple parallel reset flows, an existing user can reset another existing users password...

6.5CVSS0.00535EPSS
Exploits0References2
OSV
OSV
added 2022/02/10 11:15 p.m.5 views

CVE-2021-42000

When a password reset or password change flow with an authentication policy is configured and the adapter in the reset or change policy supports multiple parallel reset flows, an existing user can reset another existing users password...

6.5CVSS6.6AI score0.00535EPSS
Exploits0References2
Prion
Prion
added 2022/02/10 11:15 p.m.15 views

Default credentials

When a password reset or password change flow with an authentication policy is configured and the adapter in the reset or change policy supports multiple parallel reset flows, an existing user can reset another existing users password...

3.5CVSS6.7AI score0.00535EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2022/02/10 10:30 p.m.106 views

CVE-2021-42000

CVE-2021-42000 affects Ping Identity PingFederate. The issue arises when a password reset or password change flow uses an authentication policy and the policy’s adapter supports multiple parallel reset flows. This can allow an existing user to reset the password of another existing user, represen...

6.5CVSS6AI score0.00535EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2022/02/10 10:30 p.m.20 views

CVE-2021-42000 Ping Identity PingFederate Password Reset and Password Change Mishandling with an authentication policy in parallel reset flows

When a password reset or password change flow with an authentication policy is configured and the adapter in the reset or change policy supports multiple parallel reset flows, an existing user can reset another existing users password...

5.3CVSS6.9AI score0.00535EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2022/02/10 12:0 a.m.10 views

PT-2022-11527 · Ping Identity · Pingfederate

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue arises when a password reset or password change flow with an authentication policy is configured, and the adapter in the reset or change polic...

6.5CVSS6.6AI score0.00535EPSS
Exploits0References6
CNNVD
CNNVD
added 2022/02/10 12:0 a.m.4 views

Ping Identity PingFederate 安全漏洞

Ping Identity PingFederate is a flagship software-based federation server in the United States. It is used for identity management. PingFederate has a security vulnerability that stems from a faulty password reset process in the software. When a password reset or password modification process wit...

6.5CVSS6.5AI score0.00535EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/01/11 12:0 a.m.6 views

Microsoft Windows Local Security Authority Subsystem Service 安全特征问题漏洞

The Microsoft Windows Local Security Authority Subsystem Service is an internal Microsoft program that runs Windows system security policies. It authenticates users when they log on to a computer standalone or server, manages user password changes, and generates access characters. It also leaves...

7.5CVSS7.6AI score0.02984EPSS
Exploits0References5
Cvelist
Cvelist
added 2021/09/01 12:35 p.m.19 views

CVE-2021-37151

CyberArk Identity 21.5.131, when handling an invalid authentication attempt, sometimes reveals whether the username is valid. In certain authentication policy configurations with MFA, the API response length can be used to differentiate between a valid user and an invalid one aka Username...

5.5AI score0.00854EPSS
Exploits0References2
Prion
Prion
added 2021/04/02 6:15 p.m.25 views

Code injection

This issue was addressed with improved checks. This issue is fixed in watchOS 6.3, iOS 12.5, iOS 14.3 and iPadOS 14.3, watchOS 7.2. Unauthorized code execution may lead to an authentication policy violation...

6.8CVSS7.2AI score0.01061EPSS
Exploits0References4Affected Software3
Cvelist
Cvelist
added 2021/04/02 5:38 p.m.24 views

CVE-2020-27951

This issue was addressed with improved checks. This issue is fixed in watchOS 6.3, iOS 12.5, iOS 14.3 and iPadOS 14.3, watchOS 7.2. Unauthorized code execution may lead to an authentication policy violation...

7.4AI score0.01061EPSS
Exploits0References4
CVE
CVE
added 2021/04/02 5:38 p.m.100 views

CVE-2020-27951

CVE-2020-27951 affects Apple platforms (watchOS, iOS, iPadOS) and is described by multiple sources as an issue that allowed unauthorized code execution leading to an authentication policy violation. Apple’s security updates indicate fixes in watchOS 6.3, watchOS 7.2, iOS 12.5, and iOS/iPadOS 14.3...

7.8CVSS7.2AI score0.01061EPSS
Exploits0References4Affected Software3
BDU FSTEC
BDU FSTEC
added 2021/03/31 12:0 a.m.11 views

The vulnerability of the authentication policy for the “Red Database” database management systems, related to errors in authentication data verification, allows attackers to increase their privileges.

The vulnerability of the authentication policy for the “Red Database” database management systems is related to an error in verifying authentication data. Exploiting this vulnerability can allow attackers, operating remotely, to increase their privileges...

7.7CVSS5.5AI score
Exploits0References3Affected Software1
Apple
Apple
added 2020/12/14 6:48 a.m.65 views

About the security content of watchOS 6.3 - Apple Support

About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security updates page. Apple security documents reference...

7.8CVSS1.5AI score0.01061EPSS
Exploits0Affected Software1
Apple
Apple
added 2020/12/14 6:41 a.m.57 views

About the security content of iOS 12.5 - Apple Support

About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security updates page. Apple security documents reference...

7.8CVSS1.2AI score0.01061EPSS
Exploits0Affected Software1
Apple
Apple
added 2020/12/14 12:0 a.m.36 views

About the security content of watchOS 6.3

About the security content of watchOS 6.3 This document describes the security content of watchOS 6.3. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available...

7.8CVSS8.2AI score0.01061EPSS
Exploits0References1Affected Software1
Apple
Apple
added 2020/12/14 12:0 a.m.94 views

About the security content of iOS 12.5

About the security content of iOS 12.5 This document describes the security content of iOS 12.5. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recen...

7.8CVSS8.1AI score0.01061EPSS
Exploits0References1Affected Software1
Fedora
Fedora
added 2020/11/28 2:5 a.m.24 views

[SECURITY] Fedora 33 Update: pam-1.4.0-9.fc33

PAM Pluggable Authentication Modules is a system security tool that allows system administrators to set authentication policy without having to recompile programs that handle authentication...

10CVSS3.5AI score0.01959EPSS
Exploits0
OpenVAS
OpenVAS
added 2018/08/20 12:0 a.m.14 views

Microsoft Windows: Audit Authentication Policy Change

This test checks the setting for policy OpenVAS Vulnerability Test $Id: winauthenticationpolicychange.nasl 11068 2018-08-21 11:51:41Z emoss $ Check value for Audit Authentication Policy Change Authors: Emanuel Moss Copyright: Copyright c 2018 Greenbone Networks GmbH, http://www.greenbone.net This...

7.3AI score
Exploits0
CNVD
CNVD
added 2018/06/07 12:0 a.m.6 views

Dedos-web Hardcoded Password Vulnerability

Dedos-web is a set of online tools for executing programs designed using DEDOS-Editor. A security vulnerability exists in version 1.0 of Dedos-web. The vulnerability stems from the program's use of the Passport.js package to provide authentication policies. An attacker can exploit the vulnerabili...

7.5CVSS7.8AI score0.01134EPSS
Exploits1References1
Rows per page
Query Builder