Lucene search
K

8 matches found

Packet Storm News
Packet Storm News
added 2026/03/26 12:0 a.m.4 views

Usability of Passwordless Authentication in Wi-Fi Networks: A Comparative Study of Passkeys and Passwords in Captive Portals

Passkeys have recently emerged as a passwordless authentication mechanism, yet their usability in captive portals remains unexplored. This paper presents an empirical, comparative usability study of passkeys and passwords in a Wi-Fi hotspot using a captive portal. We conducted a controlled...

5.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/09/02 12:0 a.m.4 views

Passwords and FIDO2 Are Meant to Be Secret: a Practical Secure Authentication Channel for Web Browsers

Password managers provide significant security benefits to users. However, malicious client-side scripts and browser extensions can steal passwords after the manager has autofilled them into the web page. In this paper, we extend prior work by Stock and Johns, showing how password autofill can be...

6.2AI score
Exploits0
NVD
NVD
added 2025/04/03 3:15 a.m.19 views

CVE-2025-29991

Yubico YubiKey 5.4.1 through 5.7.3 before 5.7.4 has an incorrect FIDO CTAP PIN/UV Auth Protocol Two implementation. It uses the signature length from CTAP PIN/UV Auth Protocol One, even when CTAP PIN/UV Auth Protocol Two was chosen, resulting in a partial signature verification...

2.2CVSS0.00107EPSS
Exploits0References1
CVE
CVE
added 2025/04/03 12:0 a.m.74 views

CVE-2025-29991

CVE-2025-29991 affects Yubico YubiKey 5.4.1–5.7.3; the FIDO CTAP PIN/UV Auth Protocol Two implementation incorrectly uses the 16-byte signature length from Protocol One, causing partial signature verification when Protocol Two is chosen. Remediation: update to version 5.7.4 or later. Other disclo...

2.2CVSS7AI score0.00107EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/04/03 12:0 a.m.23 views

CVE-2025-29991

Yubico YubiKey 5.4.1 through 5.7.3 before 5.7.4 has an incorrect FIDO CTAP PIN/UV Auth Protocol Two implementation. It uses the signature length from CTAP PIN/UV Auth Protocol One, even when CTAP PIN/UV Auth Protocol Two was chosen, resulting in a partial signature verification...

2.2CVSS0.00107EPSS
Exploits0References1
Yubico
Yubico
added 2025/02/05 12:0 a.m.28 views

YSA-2025-02 | Yubico

A low severity issue has been identified in YubiKeys versions 5.4.1 through 5.7.3 in the FIDO CTAP PIN/UV Auth Protocol Two implementation. These YubiKey versions use the 16 byte signature length from CTAP PIN/UV Auth Protocol One during the verification step, even when the 32 byte CTAP PIN/UV Au...

2.2CVSS7AI score0.00107EPSS
Exploits0
BDU FSTEC
BDU FSTEC
added 2022/05/05 12:0 a.m.6 views

Vulnerability of the Server component: PAM Auth Plugin of the MySQL Server database management system, which allows attackers to gain unauthorized access to protected information.

The vulnerability of the MySQL Server database management system’s PAM Auth Plugin relates to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor, operating remotely, to gain unauthorized access to protected information using the FIDO network protocol...

7.1CVSS6.7AI score0.02023EPSS
Exploits0References6Affected Software1
ThreatPost
ThreatPost
added 2013/02/12 7:23 p.m.11 views

DARPA, FIDO Alliance Join Race to Replace Passwords

Nearly everyone agrees that passwords are the bane of Internet security. For years, industry thinkers have somewhat vaguely referenced the need for Internet fingerprints capable of reliably verifing identities online. Yet here we are, it’s 2013 and passwords remain the primary means of...

0.3AI score
Exploits0References5
Rows per page
Query Builder