816 matches found
CVE-2025-31681 Authenticator Login - Critical - Access bypass - SA-CONTRIB-2025-009
Missing Authorization vulnerability in Drupal Authenticator Login allows Forceful Browsing.This issue affects Authenticator Login: from 0.0.0 before 2.0.6...
CVE-2025-31681 Authenticator Login - Critical - Access bypass - SA-CONTRIB-2025-009
Missing Authorization vulnerability in Drupal Authenticator Login allows Forceful Browsing.This issue affects Authenticator Login: from 0.0.0 before 2.0.6...
CVE-2025-31681
The CVE-2025-31681 entry covers Drupal Authenticator Login (versions 0.0.0 through 2.0.5) with a Missing Authorization vulnerability that enables Forceful Browsing. Affected component is the Drupal Authenticator Login module; root cause is lack of proper authorization checks when accessing user-p...
PT-2025-13845 · Drupal · Drupal Authenticator Login
Name of the Vulnerable Software and Affected Versions: Drupal Authenticator Login versions 0.0.0 through 2.0.5 Description: The issue is related to a Missing Authorization vulnerability in Drupal Authenticator Login, which allows Forceful Browsing. Recommendations: For versions 0.0.0 through 2.0....
Drupal Authenticator Login 安全漏洞
Drupal Authenticator Login is a Drupal community authentication login module or feature for Drupal. A security vulnerability exists in Drupal Authenticator Login versions prior to 2.0.6, which stems from a lack of authorization and could lead to forced browsing...
CVE-2021-26091
A use of a cryptographically weak pseudo-random number generator vulnerability in the authenticator of the Identity Based Encryption service of FortiMail 6.4.0 through 6.4.4, and 6.2.0 through 6.2.7 may allow an unauthenticated attacker to infer parts of users authentication tokens and reset thei...
Fortinet Fortigate RADIUS Protocol CVE-2024-3596 (FG-IR-24-255)
The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-24-255 advisory. - RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response...
Fortinet FortiWeb RADIUS Protocol CVE-2024-3596 (FG-IR-24-255)
The version of FortiWeb installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-24-255 advisory. - RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response...
LTI JupyterHub Authenticator does not properly validate JWT Signature
Impact Only users that has configured a JupyterHub installation to use the authenticator class LTI13Authenticator are influenced. LTI13Authenticator that was introduced in jupyterhub-ltiauthenticator 1.3.0 wasn't validating JWT signatures. This is believed to allow the LTI13Authenticator to...
GHSA-MCGX-2GCR-P3HP LTI JupyterHub Authenticator does not properly validate JWT Signature
Impact Only users that has configured a JupyterHub installation to use the authenticator class LTI13Authenticator are influenced. LTI13Authenticator that was introduced in jupyterhub-ltiauthenticator 1.3.0 wasn't validating JWT signatures. This is believed to allow the LTI13Authenticator to...
Improper Verification of Cryptographic Signature
Overview jupyterhub-ltiauthenticator is a JupyterHub authenticator implementing LTI v1.1 and LTI v1.3 Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature in the jwtverifyanddecode function, in the form of improper validation of JWT signatures. An...
CVE-2023-25574
jupyterhub-ltiauthenticator is a JupyterHub authenticator for learning tools interoperability LTI. LTI13Authenticator that was introduced in jupyterhub-ltiauthenticator 1.3.0 wasn't validating JWT signatures. This is believed to allow the LTI13Authenticator to authorize a forged request. Only use...
PYSEC-2025-120
jupyterhub-ltiauthenticator is a JupyterHub authenticator for learning tools interoperability LTI. LTI13Authenticator that was introduced in jupyterhub-ltiauthenticator 1.3.0 wasn't validating JWT signatures. This is believed to allow the LTI13Authenticator to authorize a forged request. Only use...
CLSA-2025-1739962899 krb5: Fix of CVE-2024-3596
CVE-2024-3596: implement support for Message-Authenticator in libkrad...
GHSA-36H8-R92J-W9VW The AspNetCore Remote Authenticator for SPID Allows SAML Response Signature Verification Bypass
Description Authentication using Spid and CIE is based on the SAML2 standard which provides for two entities: Identity Provider IdP: the system that authenticates users and provides identity information SAML assertions to the Service Provider, essentially, it is responsible for managing user...
AspNetCore Remote Authenticator for CIE3.0 授权问题漏洞
AspNetCore Remote Authenticator for CIE3.0 is an open source AspNetCore Remote Authenticator for CIE 3.0 by Developers Italia. An authorization issue vulnerability exists in AspNetCore Remote Authenticator for CIE3.0 that stems from not properly verifying the signature of a SAML response. An...
AspNetCore Remote Authenticator for CIE3.0 Allows SAML Response Signature Verification Bypass
Authentication using Spid and CIE is based on the SAML2 standard which provides for two entities: Identity Provider IdP: the system that authenticates users and provides identity information SAML assertions to the Service Provider, essentially, it is responsible for managing user credentials and...
AspNetCore Remote Authenticator for SPID 授权问题漏洞
AspNetCore Remote Authenticator for SPID is an open source AspNetCore Remote Authenticator for SPID from Developers Italia. An authorization issue vulnerability exists in AspNetCore Remote Authenticator for SPID that stems from not properly verifying the signature of a SAML response. An attacker...
CLSA-2025-1739812242 Fix CVE(s): CVE-2024-3596
SECURITY UPDATE: Generate and verify message MACs in libkrad - debian/patches/CVE-2024-3596.patch: implement support for Message-Authenticator in libkrad - CVE-2024-3596 debian/control: add package Recommends to krb5-doc...
CLSA-2025-1739387995 krb5: Fix of CVE-2024-3596
CVE-2024-3596: implement support for Message-Authenticator in libkrad...