86 matches found
CVE-2025-22234 Spring Security - BCrypt Password Encoder maximum password length breaks timing attack mitigation
The fix applied in CVE-2025-22228 inadvertently broke the timing attack mitigation implemented in DaoAuthenticationProvider. This can allow attackers to infer valid usernames or other authentication behavior via response-time differences under certain configurations...
CVE-2022-38180
In JetBrains Ktor before 2.1.0 the wrong authentication provider could be selected in some cases...
Multi-Factor Authentication in Spring Security 7
In 2013, it was proposed to add multi-factor authentication into Spring Security. That was the year that “selfie” was added to the English dictionary and “What Does the Fox Say?” was a viral YouTube hit. Needless to say, one of the biggest features in Spring Security 7 is a long time coming, and ...
EUVD-2020-18822
Malware in sbrugna...
EUVD-2024-2002
Malicious code in bioql PyPI...
EUVD-2023-2984
Malicious code in bioql PyPI...
EUVD-2022-39798
Malicious code in bioql PyPI...
EUVD-2022-39799
Malicious code in bioql PyPI...
CVE-2023-48708
CodeIgniter Shield is an authentication and authorization provider for CodeIgniter 4. In affected versions successful login attempts are recorded with the raw tokens stored in the log table. If a malicious person somehow views the data in the log table they can obtain a raw token which can then b...
CVE-2022-37146
The PlexTrac platform prior to version 1.28.0 allows for username enumeration via HTTP response times on invalid login attempts for users configured to use the PlexTrac authentication provider. Login attempts for valid, unlocked users configured to use PlexTrac as their authentication provider ta...
Timing Attack
Overview org.springframework.security:spring-security-crypto is a spring-security-crypto library for Spring Security. Affected versions of this package are vulnerable to Timing Attack due to an unintentional bypass for DaoAuthenticationProvider constant time controls, which was caused by the fix...
Ratify 授权问题漏洞
Ratify is an artifact approval framework CNCF sandbox from Ratify open source. An authorization issue vulnerability exists in Ratify version 1.2.3 and prior to version 1.3.2 that stems from the Azure Authentication Provider not verifying that the target registry is ACR, which could lead to misuse...
CVE-2025-23046
GLPI is a free asset and IT management software package. Starting in version 9.5.0 and prior to version 10.0.18, if a "Mail servers" authentication provider is configured to use an Oauth connection provided by the OauthIMAP plugin, anyone can connect to GLPI using a user name on which an Oauth...
UBUNTU-CVE-2025-23046
GLPI is a free asset and IT management software package. Starting in version 9.5.0 and prior to version 10.0.18, if a "Mail servers" authentication provider is configured to use an Oauth connection provided by the OauthIMAP plugin, anyone can connect to GLPI using a user name on which an Oauth...
The vulnerability of the IPAuthenticationProvider component of the centralized service for managing configuration information, naming, distributed synchronization, and providing group services via Apache ZooKeeper allows a attacker to bypass the authentication process.
The vulnerability of the IPAuthenticationProvider component of the centralized service for managing configuration information, naming, distributed synchronization, and providing group services via Apache ZooKeeper is related to the ability to bypass authentication through phising techniques...
UBUNTU-CVE-2024-51504
When using IPAuthenticationProvider in ZooKeeper Admin Server there is a possibility of Authentication Bypass by Spoofing -- this only impacts IP based authentication implemented in ZooKeeper Admin Server. Default configuration of client's IP address detection in IPAuthenticationProvider, which...
CVE-2023-22650
A vulnerability has been identified in which Rancher does not automatically clean up a user which has been deleted from the configured authentication provider AP. This characteristic also applies to disabled or revoked users, Rancher will not reflect these modifications which may leave the user’s...
CVE-2023-22650 Rancher does not automatically clean up a user deleted or disabled from the configured Authentication Provider
A vulnerability has been identified in which Rancher does not automatically clean up a user which has been deleted from the configured authentication provider AP. This characteristic also applies to disabled or revoked users, Rancher will not reflect these modifications which may leave the user’s...
CVE-2023-22650 Rancher does not automatically clean up a user deleted or disabled from the configured Authentication Provider
A vulnerability has been identified in which Rancher does not automatically clean up a user which has been deleted from the configured authentication provider AP. This characteristic also applies to disabled or revoked users, Rancher will not reflect these modifications which may leave the user’s...
CVE-2023-22650 Rancher does not automatically clean up a user deleted or disabled from the configured Authentication Provider
A vulnerability has been identified in which Rancher does not automatically clean up a user which has been deleted from the configured authentication provider AP. This characteristic also applies to disabled or revoked users, Rancher will not reflect these modifications which may leave the user’s...