Lucene search
K

320 matches found

Github Security Blog
Github Security Blog
added 2024/03/04 8:45 p.m.24 views

Coder's OIDC authentication allows email with partially matching domain to register

Summary A vulnerability in Coder's OIDC authentication could allow an attacker to bypass the CODEROIDCEMAILDOMAIN verification and create an account with an email not in the allowlist. Deployments are only affected if the OIDC provider allows users to create accounts on the provider such as publi...

8.2CVSS6.9AI score0.00965EPSS
Exploits0References7Affected Software2
RedhatCVE
RedhatCVE
added 2024/02/14 9:36 p.m.31 views

CVE-2024-23324

A flaw was found in the Envoy proxy. External authentication can be bypassed by downstream connections that use the PROXY protocol. Downstream clients can force invalid gRPC requests to send to extauthz, circumventing extauthz checks when failuremodeallow is set to true...

7.3CVSS7.2AI score0.006EPSS
Exploits0References4
NVD
NVD
added 2024/02/14 9:15 p.m.38 views

CVE-2024-25618

Mastodon is a free, open-source social network server based on ActivityPub. Mastodon allows new identities from configured authentication providers CAS, SAML, OIDC to attach to existing local users with the same e-mail address. This results in a possible account takeover if the authentication...

7.4CVSS4.4AI score0.00477EPSS
Exploits1References2
Prion
Prion
added 2024/02/14 9:15 p.m.14 views

Design/Logic Flaw

Mastodon is a free, open-source social network server based on ActivityPub. Mastodon allows new identities from configured authentication providers CAS, SAML, OIDC to attach to existing local users with the same e-mail address. This results in a possible account takeover if the authentication...

4CVSS7.1AI score0.00477EPSS
Exploits1References2
OSV
OSV
added 2024/02/14 8:45 p.m.33 views

CVE-2024-25618 External OpenID Connect Account Takeover by E-Mail Change in mastodon

Mastodon is a free, open-source social network server based on ActivityPub. Mastodon allows new identities from configured authentication providers CAS, SAML, OIDC to attach to existing local users with the same e-mail address. This results in a possible account takeover if the authentication...

4.2CVSS4.6AI score0.00477EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2024/02/14 12:0 a.m.4 views

PT-2024-2727 · Mastodon · Mastodon

Name of the Vulnerable Software and Affected Versions: Mastodon versions prior to 3.5.18 Mastodon versions prior to 4.0.14 Mastodon versions prior to 4.1.14 Mastodon versions prior to 4.2.6 Description: The issue is related to the implementation of CAS, SAML, and OpenID Connect protocols in...

7.4CVSS7.1AI score0.00477EPSS
Exploits1References11
NVD
NVD
added 2024/02/09 11:15 p.m.20 views

CVE-2024-23324

Envoy is a high-performance edge/middle/service proxy. External authentication can be bypassed by downstream connections. Downstream clients can force invalid gRPC requests to be sent to extauthz, circumventing extauthz checks when failuremodeallow is set to true. This issue has been addressed in...

8.6CVSS8.7AI score0.006EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/02/09 10:48 p.m.25 views

CVE-2024-23324 Envoy ext auth can be bypassed when Proxy protocol filter sets invalid UTF-8 metadata

Envoy is a high-performance edge/middle/service proxy. External authentication can be bypassed by downstream connections. Downstream clients can force invalid gRPC requests to be sent to extauthz, circumventing extauthz checks when failuremodeallow is set to true. This issue has been addressed in...

8.6CVSS8.8AI score0.006EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2024/02/07 12:0 a.m.6 views

The vulnerability of the SAP NetWeaver software integration platform and the SAP Web Dispatcher web dispatcher lies in the lack of proper input validation when querying an external authentication server. This allows a malicious actor to gain unauthorized access to protected information.

The vulnerability of the SAP NetWeaver software integration platform and the SAP Web Dispatcher web dispatcher is related to the lack of proper input validation when requesting external server authentication. Exploiting this vulnerability can allow an attacker to gain unauthorized access to...

7.8CVSS7.2AI score0.00326EPSS
Exploits0References2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/09/07 5:31 p.m.43 views

Security Bulletin: IBM Sterling Secure Proxy is vulnerable to multiple issues

Summary Multple vulnerabilities affect IBM Sterling Secure Proxy and are addressed in the latest release and iFix Vulnerability Details CVEID:CVE-2023-26048 DESCRIPTION: Eclipse Jetty is vulnerable to a denial of service, caused by an out of memory flaw in the HttpServletRequest.getParameter or...

9.8CVSS9.2AI score0.46836EPSS
Exploits5Affected Software1
OSV
OSV
added 2023/09/05 12:15 a.m.5 views

CVE-2023-32338

IBM Sterling Secure Proxy and IBM Sterling External Authentication Server 6.0.3 and 6.1.0 stores user credentials in plain clear text which can be read by a local user with container access. IBM X-Force ID: 255585...

5.5CVSS5.8AI score0.0018EPSS
Exploits0References4
NVD
NVD
added 2023/09/05 12:15 a.m.16 views

CVE-2023-32338

IBM Sterling Secure Proxy and IBM Sterling External Authentication Server 6.0.3 and 6.1.0 stores user credentials in plain clear text which can be read by a local user with container access. IBM X-Force ID: 255585...

5.5CVSS5.9AI score0.0018EPSS
Exploits0References4
CVE
CVE
added 2023/09/04 11:57 p.m.46 views

CVE-2023-32338

CVE-2023-32338 affects IBM Sterling Secure Proxy and IBM Sterling External Authentication Server (versions 6.0.3 and 6.1.0). The root cause is storing user credentials in plain text, readable by a local user with container access. Reported impact is credential disclosure with high confidentiality...

5.5CVSS4.9AI score0.0018EPSS
Exploits0References4Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2023/08/31 7:12 p.m.42 views

Security Bulletin: IBM Sterling External Authentication Server is vulnerable to multiple issues

Summary Multple vulnerabilities affect IBM Sterling External Authentication Server and are addressed in the latest iFixes. Vulnerability Details CVEID:CVE-2023-26048 DESCRIPTION: Eclipse Jetty is vulnerable to a denial of service, caused by an out of memory flaw in the...

9.8CVSS9.6AI score0.22709EPSS
Exploits3Affected Software1
Citrix
Citrix
added 2023/08/31 12:0 a.m.9 views

"Not authorized to execute this command" error for External Authentication System User

After login ADC management GUI using local AD user, belowError message prompt: "2 errors encountered. Not authorized to execute this command show ns license Not authorized to execute this command show ns feature"...

7.3AI score
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2023/04/29 3:45 a.m.34 views

Security Bulletin: IBM Sterling External Authentication Server is vulnerable to multiple vulnerabilities due to IBM Java Runtime

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 1.8 used by IBM Sterling External Authentication Server. IBM Sterling External Authentication Server has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2022-21628 DESCRIPTION: Java SE is vulnerabl...

6.5CVSS6.4AI score0.03203EPSS
Exploits0Affected Software1
Cisco
Cisco
added 2023/04/19 4:0 p.m.55 views

Cisco Modeling Labs External Authentication Bypass Vulnerability

A vulnerability in the external authentication mechanism of Cisco Modeling Labs could allow an unauthenticated, remote attacker to access the web interface with administrative privileges. This vulnerability is due to the improper handling of certain messages that are returned by the associated...

9.1CVSS9.4AI score0.00895EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/04/19 12:0 a.m.5 views

PT-2023-2555 · Cisco · Cisco Modeling Labs

Name of the Vulnerable Software and Affected Versions: Cisco Modeling Labs affected versions not specified Description: The issue is related to the external authentication mechanism of Cisco Modeling Labs, which can be exploited by an unauthenticated, remote attacker to access the web interface...

9.7CVSS7AI score0.00895EPSS
Exploits0References9
Citrix
Citrix
added 2023/04/07 12:0 a.m.8 views

Citrix Hypervisor - Unable to join server to existing pool

Unable to join the server to pool. Error from xencenter: "The server was unable to contact your domain server to enable external authentication. Check that your settings are correct and a route to the server exists."...

7AI score
Exploits0
Amazon
Amazon
added 2023/04/05 12:0 a.m.31 views

Low: openvpn

Issue Overview: OpenVPN 2.1 until v2.4.12 and v2.5.6 may enable authentication bypass in external authentication plug-ins when more than one of them makes use of deferred authentication replies, which allows an external user to be granted access with only partially correct credentials...

9.8CVSS8AI score0.03519EPSS
Exploits0
Rows per page
Query Builder