152 matches found
Design/Logic Flaw
pamgoogleauthenticator.c in the PAM module in Google Authenticator before 1.0 requires user-readable permissions for the secret file, which allows local users to bypass intended access restrictions and discover a shared secret via standard filesystem operations, a different vulnerability than...
CVE-2012-6140
pamgoogleauthenticator.c in the PAM module in Google Authenticator before 1.0 requires user-readable permissions for the secret file, which allows local users to bypass intended access restrictions and discover a shared secret via standard filesystem operations, a different vulnerability than...
CVE-2012-6140
CVE-2012-6140 involves the pam_google_authenticator.c PAM module in Google Authenticator, vulnerable before 1.0. The root cause is that the secret file must have user-readable permissions, allowing local users to bypass access constraints and read the shared secret via standard filesystem operati...
CVE-2012-6140
pamgoogleauthenticator.c in the PAM module in Google Authenticator before 1.0 requires user-readable permissions for the secret file, which allows local users to bypass intended access restrictions and discover a shared secret via standard filesystem operations, a different vulnerability than...
Google Authenticator CVE-2012-6140本地信息泄露漏洞
CVE ID:CVE-2012-6140 Google Authenticator项目是可用于多手机平台的生成一次性密码的软件实现,包含可用于可插拔验证模块PAM的实现。 Google Authenticator在某些配置下执行私钥/状态文件管理时存在一个安全漏洞,由于缺少'user='选项,私钥SECRET文件需要为用户可读,允许本地攻击者获得预共享client-to-authentication-server私钥,可能导致假冒其他用户账户。 0 Google Authenticator 厂商解决方案 用户可参考如下厂商提供的安全公告获得补丁信息:...
CVE-2013-0258
The Google Authenticator login galogin module 7.x before 7.x-1.3 for Drupal, when multi-factor authentication is enabled, allows remote attackers to bypass authentication for accounts without an associated Google Authenticator token by logging in with the username...
CVE-2013-0258
The Google Authenticator login galogin module 7.x before 7.x-1.3 for Drupal, when multi-factor authentication is enabled, allows remote attackers to bypass authentication for accounts without an associated Google Authenticator token by logging in with the username...
CVE-2013-0258
The CVE-2013-0258 entry concerns the Drupal ga_login module (Drupal 7.x) prior to 7.x-1.3, where multi-factor authentication is enabled but an attacker can bypass login by using a username if no Google Authenticator token is associated with the account. The root cause is a flawed authentication b...
SA-CONTRIB-2013-012 - Google Authenticator login - Access Bypass
This module will allow you to add Time-based One-time Password Algorithm also called "Two Step Authentication" or "Multi-Factor Authentication" support to user logins. Users with the permission to use multi-factor authentication need to associate a Google Authenticator token with their acount...
Fedora Update for totpcgi FEDORA-2012-19605
Check for the Version of totpcgi OpenVAS Vulnerability Test Fedora Update for totpcgi FEDORA-2012-19605 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...
[SECURITY] Fedora 17 Update: totpcgi-0.5.4-1.fc17
A CGI/FCGI application to centralize google-authenticator deployments...
Looking to Bolster Security, Dropbox Adds Two-Factor Authentication
Several weeks after announcing that some of its users’ log-ins and passwords had been stolen, file storage company Dropbox announced it has added a two-step authentication process over the weekend to help reinforce the security of its users’ accounts. The added layer of security is currently...