CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

813 matches found

OSV•added 2013/04/24 10:28 a.m.•1 views

DEBIAN-CVE-2012-6140

pamgoogleauthenticator.c in the PAM module in Google Authenticator before 1.0 requires user-readable permissions for the secret file, which allows local users to bypass intended access restrictions and discover a shared secret via standard filesystem operations, a different vulnerability than...

1.9CVSS6.6AI score0.00026EPSS

Exploits2References1

NVD•added 2013/04/24 10:28 a.m.•16 views

CVE-2012-6140

1.9CVSS6AI score0.00026EPSS

Exploits2References4

OSV•added 2013/04/24 10:28 a.m.•6 views

CVE-2012-6140

6AI score

Exploits0References4

UbuntuCve•added 2013/04/24 10:28 a.m.•18 views

CVE-2012-6140

1.9CVSS5.9AI score0.00026EPSS

Exploits2References2

Prion•added 2013/04/24 10:28 a.m.•17 views

Design/Logic Flaw

1.9CVSS6.6AI score0.00265EPSS

Exploits2References4Affected Software1

CVE•added 2013/04/24 10:0 a.m.•49 views

CVE-2012-6140

CVE-2012-6140 involves the pam_google_authenticator.c PAM module in Google Authenticator, vulnerable before 1.0. The root cause is that the secret file must have user-readable permissions, allowing local users to bypass access constraints and read the shared secret via standard filesystem operati...

1.9CVSS6.2AI score0.00026EPSS

Exploits2References4Affected Software1

Debian CVE•added 2013/04/24 10:0 a.m.•15 views

CVE-2012-6140

1.9CVSS6AI score0.00026EPSS

Exploits2

Cvelist•added 2013/04/24 10:0 a.m.•17 views

CVE-2012-6140

6AI score0.00026EPSS

Exploits2References4

seebug.org•added 2013/04/20 12:0 a.m.•38 views

Google Authenticator CVE-2012-6140本地信息泄露漏洞

CVE ID:CVE-2012-6140 Google Authenticator项目是可用于多手机平台的生成一次性密码的软件实现,包含可用于可插拔验证模块PAM的实现。 Google Authenticator在某些配置下执行私钥/状态文件管理时存在一个安全漏洞，由于缺少'user='选项，私钥SECRET文件需要为用户可读，允许本地攻击者获得预共享client-to-authentication-server私钥，可能导致假冒其他用户账户。 0 Google Authenticator 厂商解决方案用户可参考如下厂商提供的安全公告获得补丁信息：...

1.9CVSS6.6AI score0.00026EPSS

Exploits2

NVD•added 2013/03/27 9:55 p.m.•14 views

CVE-2013-0258

The Google Authenticator login galogin module 7.x before 7.x-1.3 for Drupal, when multi-factor authentication is enabled, allows remote attackers to bypass authentication for accounts without an associated Google Authenticator token by logging in with the username...

6.8CVSS6.7AI score0.00265EPSS

Exploits0References4

Cvelist•added 2013/03/27 9:0 p.m.•17 views

CVE-2013-0258

6.7AI score0.00265EPSS

Exploits0References4

CVE•added 2013/03/27 9:0 p.m.•52 views

CVE-2013-0258

The CVE-2013-0258 entry concerns the Drupal ga_login module (Drupal 7.x) prior to 7.x-1.3, where multi-factor authentication is enabled but an attacker can bypass login by using a username if no Google Authenticator token is associated with the account. The root cause is a flawed authentication b...

6.8CVSS6.9AI score0.00265EPSS

Exploits0References4Affected Software1

Atlassian•added 2013/03/20 6:9 a.m.•19 views

Custom Seraph Authenticators broken in Confluence 5.0

The constructor signature of com.atlassian.confluence.event.events.security.LoginEvent changed between Confluence 4.3.x and 5.0 - an additional String parameter was added to the constructor. From this: code public LoginEventObject src, String username, String sessionId, String remoteHost, String...

2.1AI score

Exploits0Affected Software1

Atlassian•added 2013/03/20 6:9 a.m.•26 views

Custom Seraph Authenticators broken in Confluence 5.0

2.1AI score

Exploits0Affected Software1

Drupal•added 2013/01/30 12:0 a.m.•18 views

SA-CONTRIB-2013-012 - Google Authenticator login - Access Bypass

This module will allow you to add Time-based One-time Password Algorithm also called "Two Step Authentication" or "Multi-Factor Authentication" support to user logins. Users with the permission to use multi-factor authentication need to associate a Google Authenticator token with their acount...

6.8CVSS6.3AI score0.00265EPSS

Exploits0References10

OpenVAS•added 2013/01/15 12:0 a.m.•41 views

Ubuntu Update for tomcat7 USN-1685-1

Check for the Version of tomcat7 OpenVAS Vulnerability Test $Id: gbubuntuUSN16851.nasl 8526 2018-01-25 06:57:37Z teissa $ Ubuntu Update for tomcat7 USN-1685-1 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free softwar...

4.3CVSS6.7AI score0.2277EPSS

Exploits3References2

Ubuntu•added 2013/01/14 1:50 p.m.•90 views

USN-1685-1: Tomcat vulnerabilities

It was discovered that Tomcat incorrectly performed certain security constraint checks in the FORM authenticator. A remote attacker could possibly use this flaw with a specially-crafted URI to bypass security constraint checks. This issue only affected Ubuntu 10.04 LTS, Ubuntu 11.10 and Ubuntu...

4.3CVSS6.8AI score0.2277EPSS

Exploits3

OpenVAS•added 2012/12/14 12:0 a.m.•10 views

Fedora Update for totpcgi FEDORA-2012-19605

Check for the Version of totpcgi OpenVAS Vulnerability Test Fedora Update for totpcgi FEDORA-2012-19605 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...

7.4AI score

Exploits0References2

Fedora•added 2012/12/12 4:33 a.m.•7 views

[SECURITY] Fedora 17 Update: totpcgi-0.5.4-1.fc17

A CGI/FCGI application to centralize google-authenticator deployments...

1.7AI score

Exploits0

RedHat Linux•added 2012/09/19 5:20 p.m.•1 views

qpid-cpp-server-cluster: unauthorized broker access caused by the use of NullAuthenticator catch-up shadow connections

Apache QPID 0.14, 0.16, and earlier uses a NullAuthenticator mechanism to authenticate catch-up shadow connections to AMQP brokers, which allows remote attackers to bypass authentication...

5CVSS5.9AI score0.01146EPSS

Exploits1References4

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by