816 matches found
CVE-2025-49827
Conjur provides secrets management and application identity for infrastructure. Conjur OSS versions 1.19.5 through 1.22.0 and Secrets Manager, Self-Hosted formerly known as Conjur Enterprise 13.1 through 13.5 and 13.6 are vulnerable to bypass of the IAM authenticator. An attacker who can manipula...
CVE-2025-49827
Conjur provides secrets management and application identity for infrastructure. Conjur OSS versions 1.19.5 through 1.22.0 and Secrets Manager, Self-Hosted formerly known as Conjur Enterprise 13.1 through 13.5 and 13.6 are vulnerable to bypass of the IAM authenticator. An attacker who can manipula...
CVE-2025-49831 Conjur OSS and Secrets Manager, Self-Hosted (formerly Conjur Enterprise) vulnerable to IAM Authenticator Bypass via Mis-configured Network Device
An attacker of Secrets Manager, Self-Hosted installations that route traffic from Secrets Manager to AWS through a misconfigured network device can reroute authentication requests to a malicious server under the attacker’s control. CyberArk believes there to be very few installations where this...
CVE-2025-49827
CVE-2025-49827 affects CyberArk Conjur OSS (versions 1.19.5–1.22.0) and Secrets Manager, Self-Hosted (13.1–13.5, 13.6). Root cause is bypass of the IAM authenticator via manipulation of AWS-signed headers and a malformed regex that redirects the authentication validation request to a attacker-con...
CVE-2025-49827 Conjur OSS and Secrets Manager, Self-Hosted (formerly Conjur Enterprise) Vulnerable to Bypass of IAM Authenticator
Conjur provides secrets management and application identity for infrastructure. Conjur OSS versions 1.19.5 through 1.22.0 and Secrets Manager, Self-Hosted formerly known as Conjur Enterprise 13.1 through 13.5 and 13.6 are vulnerable to bypass of the IAM authenticator. An attacker who can manipula...
CVE-2025-49827 Conjur OSS and Secrets Manager, Self-Hosted (formerly Conjur Enterprise) Vulnerable to Bypass of IAM Authenticator
Conjur provides secrets management and application identity for infrastructure. Conjur OSS versions 1.19.5 through 1.22.0 and Secrets Manager, Self-Hosted formerly known as Conjur Enterprise 13.1 through 13.5 and 13.6 are vulnerable to bypass of the IAM authenticator. An attacker who can manipula...
CVE-2025-49827 Conjur OSS and Secrets Manager, Self-Hosted (formerly Conjur Enterprise) Vulnerable to Bypass of IAM Authenticator
Conjur provides secrets management and application identity for infrastructure. Conjur OSS versions 1.19.5 through 1.22.0 and Secrets Manager, Self-Hosted formerly known as Conjur Enterprise 13.1 through 13.5 and 13.6 are vulnerable to bypass of the IAM authenticator. An attacker who can manipula...
CyberArk Conjur 安全漏洞
CyberArk Conjur is an open source key management software from CyberArk. A security vulnerability exists in CyberArk Conjur that stems from an IAM authenticator bypass that could lead to elevated privileges...
PT-2025-29612
Name of the Vulnerable Software and Affected Versions Conjur OSS versions 1.19.5 through 1.22.0 Secrets Manager, Self-Hosted versions 13.1 through 13.6 Description Conjur provides secrets management and application identity for infrastructure. A malformed regular expression allows an attacker...
Microsoft Removes Password Management from Authenticator App Starting August 2025
Microsoft has said that it's ending support for passwords in its Authenticator app starting August 1, 2025. Microsoft's move is part of a much larger shift away from traditional password-based logins. The company said the changes are also meant to streamline autofill within its two-factor...
Siemens SCALANCE, RUGGEDCOM, SIPLUS, and SINEC RADIUS Protocol Forgery Attacks (CVE-2024-3596)
RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify responses Access-Reject or Access-Accept using a chosen-prefix collision attack against MD5 Response Authenticator signature. This plugin only works with Tenable.ot. Please visit...
Fedora 41 : krb5 (2025-42a13f896e)
The remote Fedora 41 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-42a13f896e advisory. Disallowing use of the arcfour-hmac-md5 encryption type for session keys Add support for the PKINIT paChecksum2 sequence, required for Active Directory...
Fedora 42 : krb5 (2025-3de9fe91ff)
The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-3de9fe91ff advisory. Disallowing use of the arcfour-hmac-md5 encryption type for session keys Add support for the PKINIT paChecksum2 sequence, required for Active Directory...
GHSA-9QVJ-RPJ8-V5C8 Pekko Management may not properly apply authenticator when Basic Authentication is enabled
If you enable Basic Authentication in Pekko Management using the Java DSL, the authenticator may not be properly applied. Users that rely on authentication instead of making sure the Management API ports are only available to trusted users are recommended to upgrade to version 1.1.1, which fixes...
CLSA-2025-1748001506 krb5: Fix of CVE-2024-3596
CVE-2024-3596: implement support for Message-Authenticator in libkrad...
CVE-2024-23664
A URL redirection to untrusted site 'open redirect' in Fortinet FortiAuthenticator version 6.6.0, version 6.5.3 and below, version 6.4.9 and below may allow an attacker to to redirect users to an arbitrary website via a crafted URL...
CVE-2024-36611
In Symfony v7.07, a security vulnerability was identified in the FormLoginAuthenticator component, where it failed to adequately handle cases where the username or password field of a login request is empty. This flaw could lead to various security risks, including improper authentication logic...
CVE-2024-4739
The lack of access restriction to a resource from unauthorized users makes MXsecurity software versions v1.1.0 and prior vulnerable. By acquiring a valid authenticator, an attacker can pose as an authorized user and successfully access the resource...
CVE-2023-3036
An unchecked read in NTP server in github.com/cloudflare/cfnts prior to commit 783490b https://github.com/cloudflare/cfnts/commit/783490b913f05e508a492cd7b02e3c4ec2297b71 enabled a remote attacker to trigger a panic by sending an NTSAuthenticator packet with extension length longer than the packe...
CVE-2023-27895
SAP Authenticator for Android - version 1.3.0, allows the screen to be captured, if an authorized attacker installs a malicious app on the mobile device. The attacker could extract the currently views of the OTP and the secret OTP alphanumeric token during the token setup. On successful...