miniOrange's Google Authenticator < 5.6.2 - Subscriber+ Settings Update

The plugin does not have authorisation check when updating its settings, which could allow any authenticated users, such as subscriber to update them...

WordPress miniOrange's Google Authenticator plugin <= 5.6.1 - Broken Access Control vulnerability

Broken Access Control vulnerability leading to Plugin Settings Change discovered by Lana Codes Patchstack Alliance in WordPress miniOrange's Google Authenticator plugin versions = 5.6.1. Solution Update the WordPress miniOrange's Google Authenticator plugin to the latest available version at leas...

PT-2022-23368 · Osu Open Source · Vncauthproxy

Name of the Vulnerable Software and Affected Versions: OSU Open Source Lab VNCAuthProxy versions 1.1.1 and earlier Description: The issue is an authentication-bypass vulnerability in the VNCServerAuthenticator, located in vncap/vnc/protocol.py, which could allow a malicious actor to gain...

Okta Jira Authenticator < 3.1.5 Cross-Site Scripting

Okta Jira Authenticator toolkit versions below 3.1.5 suffer from a reflected Cross-Site Scripting XSS vulnerability. By injecting a specific payload in the osusername GET parameter, a remote unauthenticated attacker can execute arbitrary JavaScript code in the browser context of the target...

Design/Logic Flaw

A flaw was found in keycloak affecting versions 11.0.3 and 12.0.0. An expired certificate would be accepted by the direct-grant authenticator because of missing time stamp validations. The highest threat from this vulnerability is to data confidentiality and integrity...

CVE-2020-35509

CVE-2020-35509 affects Keycloak (notably versions 11.0.3 and 12.0.0). A flaw in the direct-grant authenticator allows acceptance of expired certificates due to missing timestamp validation, impacting confidentiality and integrity. The issue is cited across multiple sources (e.g., GHSA) with remed...

$6 million heist targets video game skin trading site

An incredibly popular digital item trading site has suffered a spectacular loss at the hands of wily attackers. According to Bleeping Computer, CS Money lost out on $6 million via just 20,000 pilfered items. How did this happen, and why are digital items so popular in the first place? The digitiz...

The vulnerability of the SAP Authenticator mobile application for Android, related to information disclosure, allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the SAP Authenticator mobile application for Android relates to the disclosure of information. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected information...

2FA Bypass in Cockpit Content Platform ≤ v2.2.1

Description 2FA secret is disclosed in JWT token after user logs into his account in Cockpit Content Platform ≤ v2.2.1 allowing attacker to bypass the 2FA code. Proof of Concept 1.Login with your admin account and enable 2FA in your account and logout. 2.Go to...

CVE-2022-35290

Under certain conditions SAP Authenticator for Android allows an attacker to access information which would otherwise be restricted...

CVE-2022-35290

Under certain conditions SAP Authenticator for Android allows an attacker to access information which would otherwise be restricted...

CVE-2022-35290

Under certain conditions SAP Authenticator for Android allows an attacker to access information which would otherwise be restricted...

Authentication flaw

Under certain conditions SAP Authenticator for Android allows an attacker to access information which would otherwise be restricted...

GLSA-202208-11 : Yubico pam-u2f: Local PIN Bypass vulnerability

The remote host is affected by the vulnerability described in GLSA-202208-11 Yubico pam-u2f: Local PIN Bypass vulnerability - Yubico pam-u2f before 1.1.1 has a logic issue that, depending on the pam-u2f configuration and the application used, could lead to a local PIN bypass. This issue does not...

CVE-2022-35290

CVE-2022-35290 corresponds to an information-disclosure issue in SAP Authenticator for Android. The available documents consistently describe that under certain conditions an attacker could access information that should be restricted. The NVD entry lists a CVSS v3.1 base score of 7.5 (HIGH), wit...

CVE-2022-35290

Under certain conditions SAP Authenticator for Android allows an attacker to access information which would otherwise be restricted...

CVE-2022-35290

Under certain conditions SAP Authenticator for Android allows an attacker to access information which would otherwise be restricted...

SAP Authenticator 信息泄露漏洞

SAP Authenticator is a mobile application from SAP Germany that generates passwords for systems that require one-time password authentication. SAP Authenticator suffers from an information disclosure vulnerability. No information about this vulnerability is available at this time, so please stay...

WordPress Plugin Google Authenticator 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

Fedora: Security Advisory for golang-sigs-k8s-aws-iam-authenticator (FEDORA-2022-5038c3236c)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...