CVE-2024-21390 Microsoft Authenticator Elevation of Privilege Vulnerability

...

CVE-2024-21390 Microsoft Authenticator Elevation of Privilege Vulnerability

...

CVE-2024-21390

CVE-2024-21390 concerns a local elevation-of-privilege in the Microsoft Authenticator app. The available sources consistently identify the affected software as the Microsoft Authenticator (MSA) mobile app and describe an attacker needing prior access on the device to exploit the issue. Microsoft’...

Microsoft Authenticator Elevation of Privilege Vulnerability

...

KLA65129 Multiple vulnerabilities in Microsoft Apps

Multiple vulnerabilities were found in Microsoft Apps. Malicious users can exploit these vulnerabilities to execute arbitrary code, gain privileges, obtain sensitive information. Below is a complete list of vulnerabilities: 1. A remote code execution vulnerability in Skype for Consumer can be...

PT-2024-2298 · Microsoft · Authenticator

Name of the Vulnerable Software and Affected Versions: Microsoft Authenticator affected versions not specified Description: The issue is related to insufficient access controls in the Microsoft Authenticator application, which can be exploited to elevate privileges. Recommendations: At the moment...

Microsoft Authenticator Security Vulnerability

Microsoft Authenticator is an application for multi-factor authentication MFA from Microsoft Corporation USA. A security vulnerability exists in Microsoft Authenticator. An attacker could exploit the vulnerability to elevate privileges...

[SECURITY] Fedora 38 Update: wpa_supplicant-2.10-7.fc38

wpasupplicant is a WPA Supplicant for Linux, BSD and Windows with support for WPA and WPA2 IEEE 802.11i / RSN. Supplicant is the IEEE 802.1X/WPA component that is used in the client stations. It implements key negotiation with a WPA Authenticator and it controls the roaming and IEEE 802.11...

NLnet Labs Routinator Security Breach

NLnet Labs Routinator is an RPKI Resource Public Key Infrastructure authenticator written in Rust by the NLnet Labs team in the Netherlands. A security vulnerability exists in NLnet Labs Routinator version 0.13.1 and prior versions, which stems from the termination of Routinator when an incoming...

CVE-2023-45669

WebAuthn4J Spring Security provides Web Authentication specification support for Spring applications. Affected versions are subject to improper signature counter value handling. A flaw was found in webauthn4j-spring-security-core. When an authneticator returns an incremented signature counter val...

CVE-2022-44589

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in miniOrange miniOrange's Google Authenticator – WordPress Two Factor Authentication – 2FA , Two Factor, OTP SMS and Email | Passwordless login.This issue affects miniOrange's Google Authenticator – WordPress Two Factor...

CVE-2022-44589

CVE-2022-44589 affects miniOrange's Google Authenticator – WordPress Two Factor Authentication plugin, with exposure of sensitive information up to version 5.6.1. Affected versions are listed as n/a through 5.6.1. Multiple sources recommend upgrading to a version later than 5.6.1 (e.g., 5.6.2+). ...

CVE-2022-44589 WordPress miniOrange's Google Authenticator Plugin <= 5.6.1 is vulnerable to Sensitive Data Exposure

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in miniOrange miniOrange's Google Authenticator – WordPress Two Factor Authentication – 2FA , Two Factor, OTP SMS and Email | Passwordless login.This issue affects miniOrange's Google Authenticator – WordPress Two Factor...

PT-2023-14512 · Miniorange · Miniorange'S Google Authenticator – Wordpress Two Factor Authentication – 2Fa

Name of the Vulnerable Software and Affected Versions: miniOrange's Google Authenticator – WordPress Two Factor Authentication – 2FA , Two Factor, OTP SMS and Email | Passwordless login versions n/a through 5.6.1 Description: The issue is related to the exposure of sensitive information to an...

WordPress Plugin miniOrange Google Authenticator Information Disclosure Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. An information disclosure vulnerability...

DuoUniversalKeycloakAuthenticator Security Vulnerability

DuoUniversalKeycloakAuthenticator is a Keycloak authenticator by Michael Kelly Personal Developer. A security vulnerability exists in DuoUniversalKeycloakAuthenticator version 1.0.7, which stems from the presence of an information disclosure vulnerability, where a specially crafted HTTP request...

tomcat: Open Redirect vulnerability in FORM authentication

A flaw was found in Apache Tomcat if the default web application is configured with FormAuthenticator. This issue allows a specially crafted URL to trigger a redirect to an arbitrary URL...

CVE-2022-46337 Apache Derby: LDAP injection vulnerability in authenticator

A cleverly devised username might bypass LDAP authentication checks. In LDAP-authenticated Derby installations, this could let an attacker fill up the disk by creating junk Derby databases. In LDAP-authenticated Derby installations, this could also allow the attacker to execute malware which was...

jetty: OpenId Revoked authentication allows one request

Jetty is a Java based web server and servlet engine. Versions 9.4.21 through 9.4.51, 10.0.15, and 11.0.15 are vulnerable to weak authentication. If a Jetty OpenIdAuthenticator uses the optional nested LoginService, and that LoginService decides to revoke an already authenticated user, then the...

matrix-server-isenguard (>=0.1.1 <=0.2.0), matrix-synapse-testutils (>=1.65.0.0 <=1.95.0.0) +7 more potentially affected by CVE-2023-43796 via matrix-synapse (>=0.33.9 <=1.95.0)

matrix-synapse PYPI version =0.33.9, =0.1.1, =1.65.0.0, =0.1.2, =0.100.2, =0.1.0, =0.1.0, =0.8.0, =0.8.4 Source cves: CVE-2023-43796 Source advisory: OSV:GHSA-MP92-3JFM-3575...