Ian Dunn: Google Authenticator0.6 - PHP Version Dosclosure

Hello Vulnerable File and Link : http://localhost/wordpress/wp-content/plugins/google-authenticator-per-user-prompt/views/requirements-error.php Vulnerable Link : 8 You're running version Vulnerable Code: Good Luck/...

Ian Dunn: Google Authenticator - Cross Site Scripting

Hello Vulnerable File: : /views/token-prompt.php Vulnerable Link : 15 " / Vulnerable Code: Good Luck/...

Google Authenticator - Exported components, External URLs, Suspicious files vulnerabilities

HackApp vulnerability scanner discovered that application Google Authenticator published at the 'play' market has multiple vulnerabilities...

NIST Recommends SMS Two-Factor Authentication Deprecation

A U.S. government agency said the end is nigh for SMS-based two-factor authentication, citing a lack of security around the feature. The latest draft version of the Digital Authentication Guideline issued this week by the U.S. National Institute for Standards and Technology NIST said the practice...

Google Authenticator <= 0.47 - Two Factor Authentication Bypass

WordPress 4.5 introduced the ability to login with an email address instead of a username. Google Authenticator v0.47 wasn't aware of the new feature, and didn't properly handle the case where an email address was used instead of a username. Using an email address would allow an attacker with a...

WordPress Google Authenticator Plugin <= 0.47 - Authentication Bypass

This plugin is prone to a two factor authentication Bypass vulnerability. Attackers with a valid password can bypass the two-factor OTP by using an email address. Solution Upgrade this plugin...

Falcon System Consulting WisePoint and WisePoint Authenticator Clickjacking Attack Vulnerability

Falcon System Consulting WisePoint and WisePoint Authenticator are products of Falcon System Consulting, Japan. The former is an authentication system, and the latter is a product for enhancing the authentication mechanism of RADIUS protocol-enabled devices, such as SSL-VPN devices. A security...

CVE-2016-1177

The management screen in Falcon WisePoint 4.3.1 and earlier and WisePoint Authenticator 4.1.19.22 and earlier allows remote attackers to conduct clickjacking attacks via unspecified vectors...

Code injection

The management screen in Falcon WisePoint 4.3.1 and earlier and WisePoint Authenticator 4.1.19.22 and earlier allows remote attackers to conduct clickjacking attacks via unspecified vectors...

CVE-2016-1177

The management screen in Falcon WisePoint 4.3.1 and earlier and WisePoint Authenticator 4.1.19.22 and earlier allows remote attackers to conduct clickjacking attacks via unspecified vectors...

CVE-2016-1177

The management screen in Falcon WisePoint 4.3.1 and earlier and WisePoint Authenticator 4.1.19.22 and earlier allows remote attackers to conduct clickjacking attacks via unspecified vectors...

JVN#28480773: WisePoint contains issue in preventing clickjacking attacks

WisePoint contains an issue in the protection against clickjacking attacks on the management screen. Impact If a user views a malicious page while logged in, unintended operations may be conducted. Solution Update the Software Update to the latest version according to the information provided by...

Battle.net Authenticator - Customized SSL, Redefined SSL Common Names verifier, WebView code execution vulnerabilities

HackApp vulnerability scanner discovered that application Battle.net Authenticator published at the 'play' market has multiple vulnerabilities...

openSUSE Security Update : exim (openSUSE-2016-326)

This update to exim 4.86.2 fixes the following issues : - CVE-2016-1531: local privilege escalation for set-uid root exim when using 'perlstartup' boo968844 Important: Exim now cleans the complete execution environment by default. This affects Exim and subprocesses such as transports calling othe...

MePIN Secure Authenticator - Customized SSL, Exported components, External URLs vulnerabilities

HackApp vulnerability scanner discovered that application MePIN Secure Authenticator published at the 'play' market has multiple vulnerabilities...

[SECURITY] Fedora 22 Update: wpa_supplicant-2.4-7.fc22

wpasupplicant is a WPA Supplicant for Linux, BSD and Windows with support for WPA and WPA2 IEEE 802.11i / RSN. Supplicant is the IEEE 802.1X/WPA component that is used in the client stations. It implements key negotiation with a WPA Authenticator and it controls the roaming and IEEE 802.11...

[SECURITY] Fedora 23 Update: wpa_supplicant-2.4-6.fc23

wpasupplicant is a WPA Supplicant for Linux, BSD and Windows with support for WPA and WPA2 IEEE 802.11i / RSN. Supplicant is the IEEE 802.1X/WPA component that is used in the client stations. It implements key negotiation with a WPA Authenticator and it controls the roaming and IEEE 802.11...

Apple Mac OSX 10.7.510.8.210.9.510.10.2 - Rootpipe Local Privilege Escalation

Apple Mac OSX 10.7.510.8.210.9.510.10.2 - Rootpipe Local Privilege Escalation PoC exploit code for rootpipe CVE-2015-1130 Created by Emil Kvarnhammar, TrueSec Tested on OS X 10.7.5, 10.8.2, 10.9.5 and 10.10.2 import os import sys import platform import re import ctypes import objc import sys from...

National Science Foundation Squid Web Proxy 1.0/1.1/2.1 Authentication Failure

No description provided by source. source: http://www.securityfocus.com/bid/741/info There is a vulnerability present in certain versions of the Squid Web Proxy Cache developed by the National Science Foundation. This problem is only in effect when users of the cache are using an external...

Secure Computing e.iD Authenticator for Palm 2.0 PIN Brute-Force Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/2105/info Summary: An attacker that obtains access to the sceiddb.pdb file, part of Secure Computing's e.iD Authenticator for Palm, can determine the user's PIN. Problem Description: Secure Computing's SafeWord is a syste...