6 matches found
CVE-2025-0672
An authentication bypass vulnerability exists in multiple WSO2 products when FIDO authentication is enabled. When a user account is deleted, the system does not automatically remove associated FIDO registration data. If a new user account is later created using the same username, the system may...
CVE-2025-0672 Authentication Bypass in Multiple WSO2 Products via Stale FIDO Credential Association
An authentication bypass vulnerability exists in multiple WSO2 products when FIDO authentication is enabled. When a user account is deleted, the system does not automatically remove associated FIDO registration data. If a new user account is later created using the same username, the system may...
CVE-2025-0672
CVE-2025-0672 describes an authentication bypass affecting multiple WSO2 products when FIDO authentication is enabled. The root cause is that, after a user account is deleted, the system does not automatically purge associated FIDO registration data. If a new user account is created with the same...
CVE-2025-0672 Authentication Bypass in Multiple WSO2 Products via Stale FIDO Credential Association
An authentication bypass vulnerability exists in multiple WSO2 products when FIDO authentication is enabled. When a user account is deleted, the system does not automatically remove associated FIDO registration data. If a new user account is later created using the same username, the system may...
PT-2025-39184
Name of the Vulnerable Software and Affected Versions WSO2 products affected versions not specified Description An authentication bypass can occur in WSO2 products when FIDO authentication is enabled. Deletion of a user account does not automatically remove associated FIDO registration data. If a...
WSO2 Identity Server 安全漏洞
WSO2 Identity Server IS is an identity server from WSO2, Inc. A security vulnerability exists in WSO2 Identity Server IS that originates from the failure to automatically remove associated FIDO registration data when a user account is deleted, which could lead to authentication bypass and...