9 matches found
CVE-2026-55666 Rocket.Chat: Email Parameter Fallback Leads To Account Takeover Within Apple OAuth
Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to 8.5.1, 8.4.4, 8.3.6, 8.2.6, 8.1.6, 8.0.7, and 7.10.13, in apps/meteor/app/apple/server/loginHandler.ts, handleIdentityToken parses a JWT issued by Apple during the OAuth flow. The try block checks for an...
CVE-2026-34727
Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0, the OIDC callback handler issues a full JWT token without checking whether the matched user has TOTP two-factor authentication enabled. When a local user with TOTP enrolled is matched via the OIDC email fallback...
CVE-2026-34727
Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0, the OIDC callback handler issues a full JWT token without checking whether the matched user has TOTP two-factor authentication enabled. When a local user with TOTP enrolled is matched via the OIDC email fallback...
CVE-2026-34727 Vikunja ahs a TOTP Two-Factor Authentication Bypass via OIDC Login Path
Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0, the OIDC callback handler issues a full JWT token without checking whether the matched user has TOTP two-factor authentication enabled. When a local user with TOTP enrolled is matched via the OIDC email fallback...
Improper Authentication
Overview Affected versions of this package are vulnerable to Improper Authentication in the OIDC login process when the EmailFallback mechanism is enabled. An attacker can gain unauthorized access to accounts protected by TOTP by authenticating to the OIDC provider with a matching email address,...
Improper Authentication
Overview Affected versions of this package are vulnerable to Improper Authentication in the OIDC login process when the EmailFallback mechanism is enabled. An attacker can gain unauthorized access to accounts protected by TOTP by authenticating to the OIDC provider with a matching email address,...
GHSA-8JVC-MCX6-R4CG Vikunja has TOTP Two-Factor Authentication Bypass via OIDC Login Path
Summary The OIDC callback handler issues a full JWT token without checking whether the matched user has TOTP two-factor authentication enabled. When a local user with TOTP enrolled is matched via the OIDC email fallback mechanism, the second factor is completely skipped. Details The OIDC callback...
Vikunja has TOTP Two-Factor Authentication Bypass via OIDC Login Path
Summary The OIDC callback handler issues a full JWT token without checking whether the matched user has TOTP two-factor authentication enabled. When a local user with TOTP enrolled is matched via the OIDC email fallback mechanism, the second factor is completely skipped. Details The OIDC callback...
PT-2026-31944
Name of the Vulnerable Software and Affected Versions: Vikunja versions prior to 2.3.0 Description: A flaw exists in the OIDC callback handler where a full JWT token is issued without verifying TOTP two-factor authentication status for the matched user. Specifically, when a local user with TOTP...