CVE-2022-2193

Insecure Direct Object Reference vulnerability in HYPR Server before version 6.14.1 allows remote authenticated attackers to add a FIDO2 authenticator to arbitrary accounts via parameter tampering in the Device Manager page. This issue affects: HYPR Server versions prior to 6.14.1...

CVE-2022-4943

The miniOrange's Google Authenticator plugin for WordPress is vulnerable to authorization bypass due to a missing capability check when changing plugin settings in versions up to, and including, 5.6.5. This makes it possible for unauthenticated attackers to change the plugin's settings...

CVE-2022-44589

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in miniOrange miniOrange's Google Authenticator – WordPress Two Factor Authentication – 2FA , Two Factor, OTP SMS and Email | Passwordless login.This issue affects miniOrange's Google Authenticator – WordPress Two Factor...

USN-7257-1 krb5 vulnerability

Goldberg, Miro Haller, Nadia Heninger, Mike Milano, Dan Shumow, Marc Stevens, and Adam Suhl discovered that Kerberos incorrectly authenticated certain responses. An attacker able to intercept communications between a RADIUS client and server could possibly use this issue to forge responses, bypas...

Drupal Authenticator Login module < 2.0.6 - Unauthenticated Broken Access Control vulnerability

Unauthenticated Broken Access Control vulnerability discovered by Ahmed Raza in WordPress Module Authenticator Login versions 2.0.6...

SUSE SLES15 / openSUSE 15 Security Update : aws-iam-authenticator (SUSE-SU-2024:4329-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2024:4329-1 advisory. - CVE-2022-1996: Fixed CORS bypass bsc1200528. Tenable has extracted the preceding description block directly from the SUSE...

Security update for aws-iam-authenticator

This update for aws-iam-authenticator fixes the following issues: CVE-2022-1996: Fixed CORS bypass bsc1200528. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the command listed for...

SUSE-SU-2024:4329-1 Security update for aws-iam-authenticator

This update for aws-iam-authenticator fixes the following issues: - CVE-2022-1996: Fixed CORS bypass bsc1200528...

The vulnerability of the FormLoginAuthenticator class in the Symfony software development and web application management framework allows a attacker to bypass the authentication process and trigger a service failure.

The vulnerability of the FormLoginAuthenticator class in the Symfony software development and management platform relates to the omission of the empty username or password field during authentication processes. Exploiting this vulnerability could allow an attacker to bypass the authentication...

VulnCheck KEV: CVE-2024-21390

Microsoft Authenticator Elevation of Privilege Vulnerability...

Mageia: Security Advisory (MGASA-2024-0385)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Updated krb5 packages fix security vulnerability

RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response Access-Accept, Access-Reject, or Access-Challenge to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature. CVE-2024-3596...

krb5 security update

1.15.1-55.0.7 - libkrad: implement support for Message-Authenticator CVE-2024-3596 Orabug: 37241077...

DEBIAN-CVE-2024-36611

In Symfony v7.07, a security vulnerability was identified in the FormLoginAuthenticator component, where it failed to adequately handle cases where the username or password field of a login request is empty. This flaw could lead to various security risks, including improper authentication logic...

krb5 security update

1.21.1-4.0.1 - Fixed race condition in krb5setpassword Orabug: 33609767 1.21.1-4 - libkrad: implement support for Message-Authenticator CVE-2024-3596 Resolves: RHEL-55423 - Fix various issues detected by static analysis Resolves: RHEL-58216 - Remove RSA protocol for PKINIT Resolves: RHEL-15323...

freeradius: forgery attack

A vulnerability in the RADIUS Remote Authentication Dial-In User Service protocol allows attackers to forge authentication responses when the Message-Authenticator attribute is not enforced. This issue arises from a cryptographically insecure integrity check using MD5, enabling attackers to spoof...

Symfony 输入验证错误漏洞

Symfony is a PHP framework for web and console applications and a set of reusable PHP components from Symfony, Inc. An input validation error vulnerability exists in Symfony that stems from an attacker being able to trick an authenticator that relies on the Request class into redirecting the user...

freeradius: forgery attack

A vulnerability in the RADIUS Remote Authentication Dial-In User Service protocol allows attackers to forge authentication responses when the Message-Authenticator attribute is not enforced. This issue arises from a cryptographically insecure integrity check using MD5, enabling attackers to spoof...

krb5 security update

1.18.2-30.0.1 - Fixed race condition in krb5setpassword Orabug: 33609767 1.18.2-30 - libkrad: implement support for Message-Authenticator CVE-2024-3596 Resolves: RHEL-50253 - Remove RSA protocol for PKINIT Resolves: RHEL-17616...

freeradius: forgery attack

A vulnerability in the RADIUS Remote Authentication Dial-In User Service protocol allows attackers to forge authentication responses when the Message-Authenticator attribute is not enforced. This issue arises from a cryptographically insecure integrity check using MD5, enabling attackers to spoof...