819 matches found
CVE-2023-39979
There is a vulnerability in MXsecurity versions prior to 1.0.1 that can be exploited to bypass authentication. A remote attacker might access the system if the web service authenticator has insufficient random values...
PT-2023-4653 · Unknown · Mxsecurity
Name of the Vulnerable Software and Affected Versions: MXsecurity versions prior to 1.0.1 Description: The issue is related to insufficient entropy in the web service authenticator, which can be exploited by a remote attacker to bypass authentication and potentially access the system. This is due...
The vulnerability of the Android Mobile Authenticator App, a software solution for managing enterprise mobility, within the Oracle Mobile Security Suite, a software platform of Oracle Fusion Middleware, allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of the Android Mobile Authenticator App, a software solution for managing enterprise mobility, within the Oracle Mobile Security Suite, a software platform from Oracle Fusion Middleware, is related to errors in processing input data. Exploiting this vulnerability can allow an...
CVE-2023-21994
Vulnerability in the Oracle Mobile Security Suite product of Oracle Fusion Middleware component: Android Mobile Authenticator App. Supported versions that are affected are Prior to 11.1.2.3.1. Easily exploitable vulnerability allows unauthenticated attacker with access to the physical communicati...
CVE-2023-21994
Vulnerability in the Oracle Mobile Security Suite product of Oracle Fusion Middleware component: Android Mobile Authenticator App. Supported versions that are affected are Prior to 11.1.2.3.1. Easily exploitable vulnerability allows unauthenticated attacker with access to the physical communicati...
GHSA-5CC8-PGP5-7MPM Keycloak Untrusted Certificate Validation vulnerability
A flaw was found in keycloak-core. This flaw considers the scenario when using X509 Client Certificate Authenticatior with the option "Revalidate Client Certificate". A user may be able to choose, if directly connect to keycloak not passing via reverse proxy a specific certificate. If there's a...
Keycloak Untrusted Certificate Validation vulnerability
A flaw was found in keycloak-core. This flaw considers the scenario when using X509 Client Certificate Authenticatior with the option "Revalidate Client Certificate". A user may be able to choose, if directly connect to keycloak not passing via reverse proxy a specific certificate. If there's a...
CVE-2023-3036
An unchecked read in NTP server in github.com/cloudflare/cfnts prior to commit 783490b https://github.com/cloudflare/cfnts/commit/783490b913f05e508a492cd7b02e3c4ec2297b71 enabled a remote attacker to trigger a panic by sending an NTSAuthenticator packet with extension length longer than the packe...
cfnts 缓冲区错误漏洞
Cloudflare cfnts is Cloudflare's implementation of the NTS protocol written in Rust. A security vulnerability exists in versions prior to cfnts 783490b, which stems from an unchecked read in the NTP server that allows a remote attacker to trigger a panic by sending an NTSAuthenticator packet with...
matrix-server-isenguard (=0.1.1), matrix-synapse-testutils (>=1.65.0.0 <=1.73.0.1) +7 more potentially affected by CVE-2023-32323 via matrix-synapse (>=0.33.9 <=1.73.0)
matrix-synapse PYPI version =0.33.9, =1.65.0.0, =0.1.2, =0.100.2, =0.1.0, =0.1.0, =0.8.0, =0.8.4 Source cves: CVE-2023-32323 Source advisory: OSV:PYSEC-2023-67...
matrix-server-isenguard (=0.1.1), matrix-synapse-testutils (>=1.65.0.0 <=1.73.0.1) +7 more potentially affected by CVE-2023-32323 via matrix-synapse (>=0.33.9 <=1.73.0)
matrix-synapse PYPI version =0.33.9, =1.65.0.0, =0.1.2, =0.100.2, =0.1.0, =0.1.0, =0.8.0, =0.8.4 Source cves: CVE-2023-32323 Source advisory: OSV:GHSA-F3WC-3VXV-XMVR...
A week in security (May 1 - 7)
Last week on Malwarebytes Labs: How to protect your small business from social engineering Microsoft: You're already using the last version of Windows 10 Is it OK to train an AI on your images, without permission? Upcoming webinar: Is EDR or MDR better for your business? Google Authenticator WILL...
How Microsoft can help you go passwordless this World Password Day
It’s that time of year again. World Password Day is May 4, 2023.1 There’s a reason it’s still going strong 10 years after being created by cybersecurity professionals. A recent study that analyzed more than 15 billion passwords found that the top 10 most popular passwords still include...
Google Authenticator WILL get end-to-end encryption. Eventually.
Following criticism, Google has decided to bring end-to-end encryption E2EE to its Google Authenticator cloud backups. The search giant recently introduced a feature that allows users back up two-factor authentication 2FA tokens to the cloud, but the lack of encryption caused some commentators to...
CVE-2023-1477
Improper Authentication vulnerability in HYPR Keycloak Authenticator Extension allows Authentication Abuse.This issue affects HYPR Keycloak Authenticator Extension: before 7.10.2, before 8.0.3...
Authentication flaw
Improper Authentication vulnerability in HYPR Keycloak Authenticator Extension allows Authentication Abuse.This issue affects HYPR Keycloak Authenticator Extension: before 7.10.2, before 8.0.3...
CVE-2023-1477
Improper Authentication vulnerability in HYPR Keycloak Authenticator Extension allows Authentication Abuse.This issue affects HYPR Keycloak Authenticator Extension: before 7.10.2, before 8.0.3...
CVE-2023-1477
The CVE-2023-1477 entry concerns the HYPR Keycloak Authenticator Extension, where an Improper Authentication flaw enables Authentication Abuse. Affected components are HYPR Keycloak Authenticator Extension prior to versions 7.10.2 and 8.0.3. Root cause: insufficient/authentication bypass risk in ...
HYPR 授权问题漏洞
HYPR is a security application from HYPR that implements a passwordless... A security vulnerability exists in HYPR Keycloak Authenticator Extension that stems from incorrect authentication...
Google’s Authenticator App Now Lets You Sync 2FA Codes Across Devices
You can now sync sign-in codes across devices—but they aren’t end-to-end encrypted...