Google Authenticator App Gets Cloud Backup Feature for TOTP Codes

Search giant Google on Monday unveiled a major update to its 12-year-old Authenticator app for Android and iOS with an account synchronization option that allows users to back up their time-based one-time passwords TOTPs to the cloud. "This change means users are better protected from lockout and...

WordPress miniOrange's Google Authenticator Plugin <= 5.6.5 is vulnerable to Broken Access Control

Software miniOrange's Google Authenticator Type Plugin Vulnerable versions = 5.6.5 Fixed in 5.6.6 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2022-4943 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID 1f8ee97c6af1 Credits Ramuel Gal...

2FA Bypass by Brute Force

Description Currently there are no restrictions on attempts to enter the correct 2FA code. In contrast to the first step of the authentication username + password the fields of lastloginfail and loginfailcount in the database aren't updated. An attacker can bypass the 2FA by simple brute force of...

CVE-2023-27895

SAP Authenticator for Android - version 1.3.0, allows the screen to be captured, if an authorized attacker installs a malicious app on the mobile device. The attacker could extract the currently views of the OTP and the secret OTP alphanumeric token during the token setup. On successful...

CVE-2023-27895

SAP Authenticator for Android - version 1.3.0, allows the screen to be captured, if an authorized attacker installs a malicious app on the mobile device. The attacker could extract the currently views of the OTP and the secret OTP alphanumeric token during the token setup. On successful...

Code injection

SAP Authenticator for Android - version 1.3.0, allows the screen to be captured, if an authorized attacker installs a malicious app on the mobile device. The attacker could extract the currently views of the OTP and the secret OTP alphanumeric token during the token setup. On successful...

CVE-2023-27895 Information Disclosure vulnerability in SAP Authenticator for Android

SAP Authenticator for Android - version 1.3.0, allows the screen to be captured, if an authorized attacker installs a malicious app on the mobile device. The attacker could extract the currently views of the OTP and the secret OTP alphanumeric token during the token setup. On successful...

CVE-2023-27895

SAP Authenticator for Android (version 1.3.0) is reported to expose OTP-related data when a malicious app is installed on a device, allowing screen capture during token setup. The attacker could read the currently viewed OTP and the secret OTP alphanumeric token, but cannot modify or delete data....

CVE-2023-27895 Information Disclosure vulnerability in SAP Authenticator for Android

SAP Authenticator for Android - version 1.3.0, allows the screen to be captured, if an authorized attacker installs a malicious app on the mobile device. The attacker could extract the currently views of the OTP and the secret OTP alphanumeric token during the token setup. On successful...

SAP Authenticator 安全漏洞

SAP Authenticator is a mobile application from SAP that generates passwords for systems that require one-time password authentication. A security vulnerability exists in SAP Authenticator version 1.3.0, which originated from allowing an authorized attacker to install a malicious application on a...

PT-2023-21402 · Sap · Sap Authenticator For Android

Name of the Vulnerable Software and Affected Versions: SAP Authenticator for Android version 1.3.0 Description: The issue allows an authorized attacker to capture the screen if a malicious app is installed on the mobile device. This could lead to the extraction of the currently viewed OTP and the...

How to set up two-factor authentication on Twitter using an app

If you use text based authentication as an additional level of security for your Twitter account, you may be aware that this option will be reserved for paying Twitter Blue subscribers come mid-March. This post will explain how to enable app based authentication. We found it easier to do on our...

Twitter and two-factor authentication: What's changing?

Twitter is making some dramatic shake ups to its currently available security settings. From March 19, users of Twitter wont be able to use SMS-based two-factor authentication 2FA unless they have a subscription to the paid Twitter Blue service. If you use text-based 2FA, the important thing here...

Twitter Limits SMS-Based 2-Factor Authentication to Blue Subscribers Only

Twitter has announced that it's limiting the use of SMS-based two-factor authentication 2FA to its Blue subscribers. "While historically a popular form of 2FA, unfortunately we have seen phone-number based 2FA be used – and abused – by bad actors," the company said. "We will no longer allow...

SUSE CVE-2011-5064

DigestAuthenticator.java in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 uses Catalina as the hard-coded server secret aka private key, which makes it easier for remote attackers to bypass cryptographic...

PixPirate: New Android Banking Trojan Targeting Brazilian Financial Institutions

A new Android banking trojan has set its eyes on Brazilian financial institutions to commit fraud by leveraging the PIX payments platform. Italian cybersecurity company Cleafy, which discovered the malware between the end of 2022 and the beginning of 2023, is tracking it under the name PixPirate...

CVE-2013-10013

A vulnerability was found in Bricco Authenticator Plugin. It has been declared as critical. This vulnerability affects the function authenticate/compare of the file src/java/talentum/escenic/plugins/authenticator/authenticators/DBAuthenticator.java. The manipulation leads to sql injection...

Sql injection

A vulnerability was found in Bricco Authenticator Plugin. It has been declared as critical. This vulnerability affects the function authenticate/compare of the file src/java/talentum/escenic/plugins/authenticator/authenticators/DBAuthenticator.java. The manipulation leads to sql injection...

CVE-2013-10013 Bricco Authenticator Plugin DBAuthenticator.java compare sql injection

A vulnerability was found in Bricco Authenticator Plugin. It has been declared as critical. This vulnerability affects the function authenticate/compare of the file src/java/talentum/escenic/plugins/authenticator/authenticators/DBAuthenticator.java. The manipulation leads to sql injection...

CVE-2013-10013

The CVE concerns the Bricco Authenticator Plugin, specifically the DBAuthenticator.java authenticate/compare path. The vulnerability allows SQL injection due to improper handling in that function. Affected versions are prior to 1.39. Upgrading to version 1.39 addresses the issue (patch a5456633ff...