Lucene search
K

47 matches found

0day.today
0day.today
added 2021/04/21 12:0 a.m.45 views

Discourse 2.7.0 - Rate Limit Bypass leads to 2FA Bypass Exploit

Exploit Title: Discourse 2.7.0 - Rate Limit Bypass leads to 2FA Bypass Exploit Author: Mesh3l911 Vendor Homepage: https://www.discourse.org/ Software Link:https://github.com/discourse/discourse Version: Discourse 2.7.0 CVE: CVE-2021-3138 import requests username = input"\n input ur username : "...

7.5CVSS7.6AI score0.03073EPSS
Exploits4
Packet Storm
Packet Storm
added 2021/04/21 12:0 a.m.352 views

Discourse 2.7.0 2FA Bypass

Exploit Title: Discourse 2.7.0 - Rate Limit Bypass leads to 2FA Bypass Date: 14/01/2021 Exploit Author: Mesh3l911 Vendor Homepage: https://www.discourse.org/ Software Link:https://github.com/discourse/discourse Version: Discourse 2.7.0 CVE: CVE-2021-3138 import requests username = input"\n input ...

5CVSS7.6AI score0.03073EPSS
Exploits4
Hacker One
Hacker One
added 2018/02/20 1:0 a.m.41 views

Nextcloud: twofactor_auth bypassable if provider fails to load

Just want to preface this by saying that this is probably not a significant vulnerability, as it requires that the server either have recently been incorrectly upgraded or otherwise misconfigured. However in the administration of my own personal NextCloud instance I have hit this several times...

4.3CVSS1.2AI score0.00811EPSS
Exploits0
Hacker One
Hacker One
added 2017/10/21 11:28 a.m.20 views

Inflection: Limited Account Takeover via Backup codes

Researcher submitted a duplicate of a previously-submitted report and requested public disclosure of this report...

6.8AI score
Exploits0
ThreatPost
ThreatPost
added 2017/03/24 1:46 p.m.19 views

Instagram Adds Two-Factor Authentication

Instagram became the latest in a long line of services over the years to offer users two-factor authentication this week. Kevin Systrom, co-founder and CEO of the Facebook-owned mobile photo-sharing app announced the feature on its blog Thursday afternoon. With the feature – accessible via Settin...

0.1AI score
Exploits0References7
Hacker One
Hacker One
added 2015/11/19 4:6 p.m.41 views

HackerOne: Pre-generation of 2FA secret/backup codes seems like an unnecessary risk

If you manage to get a malicious script running in HackerOne, requesting https://hackerone.com/settings/authentication/edit and parsing out the two factor authentication form will yield either… - the 2FA secret key and backup codes that will be used if 2FA is enabled for the first time this sessi...

0.8AI score
Exploits0
The Hacker News
The Hacker News
added 2011/02/11 5:10 p.m.6 views

2-step verification, Advanced sign-in security for your Google account !

Has anyone you know ever lost control of an email account and inadvertently sent spam—or worse—to their friends and family? There are plenty of examples like the classic "Mugged in London" scam that demonstrate why it's important to take steps to help secure your activities online. Your Gmail...

7.3AI score
Exploits0
Rows per page
Query Builder