Lucene search
K

6 matches found

OSV
OSV
added 2025/09/23 6:15 p.m.9 views

CVE-2025-0672

An authentication bypass vulnerability exists in multiple WSO2 products when FIDO authentication is enabled. When a user account is deleted, the system does not automatically remove associated FIDO registration data. If a new user account is later created using the same username, the system may...

3.8CVSS5.8AI score0.00202EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/09/23 5:30 p.m.6 views

CVE-2025-0672 Authentication Bypass in Multiple WSO2 Products via Stale FIDO Credential Association

An authentication bypass vulnerability exists in multiple WSO2 products when FIDO authentication is enabled. When a user account is deleted, the system does not automatically remove associated FIDO registration data. If a new user account is later created using the same username, the system may...

3.3CVSS0.00202EPSS
Exploits0References1
CVE
CVE
added 2025/09/23 5:30 p.m.17 views

CVE-2025-0672

CVE-2025-0672 describes an authentication bypass affecting multiple WSO2 products when FIDO authentication is enabled. The root cause is that, after a user account is deleted, the system does not automatically purge associated FIDO registration data. If a new user account is created with the same...

3.8CVSS6.4AI score0.00202EPSS
Exploits0References1Affected Software3
Vulnrichment
Vulnrichment
added 2025/09/23 5:30 p.m.2 views

CVE-2025-0672 Authentication Bypass in Multiple WSO2 Products via Stale FIDO Credential Association

An authentication bypass vulnerability exists in multiple WSO2 products when FIDO authentication is enabled. When a user account is deleted, the system does not automatically remove associated FIDO registration data. If a new user account is later created using the same username, the system may...

3.3CVSS6.4AI score0.00202EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/09/23 12:0 a.m.5 views

PT-2025-39184

Name of the Vulnerable Software and Affected Versions WSO2 products affected versions not specified Description An authentication bypass can occur in WSO2 products when FIDO authentication is enabled. Deletion of a user account does not automatically remove associated FIDO registration data. If a...

3.3CVSS6.5AI score0.00202EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/09/23 12:0 a.m.3 views

WSO2 Identity Server 安全漏洞

WSO2 Identity Server IS is an identity server from WSO2, Inc. A security vulnerability exists in WSO2 Identity Server IS that originates from the failure to automatically remove associated FIDO registration data when a user account is deleted, which could lead to authentication bypass and...

3.8CVSS6.8AI score0.00202EPSS
Exploits0References1
Rows per page
Query Builder