CVE-2025-55003

OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. In versions 2.3.1 and below, OpenBao's Login Multi-Factor Authentication MFA system allows enforcing MFA using Time-based One Time Password TOTP. Due to...

HashiCorp Vault ldap auth method may not have correctly enforced MFA

Vault and Vault Enterprise’s “Vault” ldap auth method may not have correctly enforced MFA if usernameasalias was set to true and a user had multiple CNs that are equal but with leading or trailing spaces. Fixed in Vault Community Edition 1.20.2 and Vault Enterprise 1.20.2, 1.19.8, 1.18.13, and...

CVE-2025-6675

Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Enterprise MFA - TFA for Drupal allows Authentication Bypass.This issue affects Enterprise MFA - TFA for Drupal: from 0.0.0 before 4.8.0, from 5.2.0 before 5.2.1, from 0.0.0 before 5.0., from 0.0.0 before 5.1...

Updated Guidance on Play Ransomware

CISA, the Federal Bureau of Investigation FBI, and the Australian Signals Directorate’s Australian Cyber Security Centre ASD’s ACSC have issued an updated advisory on Play ransomware, also known as Playcrypt. This advisory highlights new tactics, techniques, and procedures used by the Play...

Defending against evolving identity attack techniques

In today’s evolving cyber threat landscape, threat actors are committed to advancing the sophistication of their attacks. The increasing adoption of essential security features like multifactor authentication MFA, passwordless solutions, and robust email protections has changed many aspects of th...

Strengthening Cybersecurity Resilience in Agriculture through Educational Interventions: a Case Study of the Ponca Tribe of Nebraska

The increasing digitization of agricultural operations has introduced new cybersecurity challenges for the farming community. This paper introduces an educational intervention called Cybersecurity Improvement Initiative for Agriculture CIIA, which aims to strengthen cybersecurity awareness and...

CVE-2024-21495

Versions of the package github.com/greenpau/caddy-security before 1.0.42 are vulnerable to Insecure Randomness due to using an insecure random number generation library which could possibly be predicted via a brute-force search. Attackers could use the potentially predictable nonce value used for...

CVE-2024-52586

eLabFTW is an open source electronic lab notebook for research labs. A vulnerability has been found starting in version 4.6.0 and prior to version 5.1.0 that allows an attacker to bypass eLabFTW's built-in multifactor authentication mechanism. An attacker who can authenticate locally by knowing o...

CVE-2020-27178

Apereo CAS 5.3.x before 5.3.16, 6.x before 6.1.7.2, 6.2.x before 6.2.4, and 6.3.x before 6.3.0-RC4 mishandles secret keys with Google Authenticator for multifactor authentication...

CVE-2025-47941

TYPO3 is an open source, PHP based web content management system. In versions on the 12.x branch prior to 12.4.31 LTS and the 13.x branch prior to 13.4.2 LTS, the multifactor authentication MFA dialog presented during backend login can be bypassed due to insufficient enforcement of access...

Multifactor Authentication (MFA) Bypass

typo3/cms-backend is vulnerable to Multifactor Authentication MFA Bypass. The vulnerability is due to insufficient enforcement of access restrictions on backend routes, allowing MFA to be bypassed after successful authentication...

GHSA-744G-7QM9-HJH9 The TYPO3 CMS Backend has Broken Authentication in Backend MFA

Problem The multifactor authentication MFA dialog presented during backend login can be bypassed due to insufficient enforcement of access restrictions on all backend routes. Successful exploitation requires valid backend user credentials, as MFA can only be bypassed after successful...

The TYPO3 CMS Backend has Broken Authentication in Backend MFA

Problem The multifactor authentication MFA dialog presented during backend login can be bypassed due to insufficient enforcement of access restrictions on all backend routes. Successful exploitation requires valid backend user credentials, as MFA can only be bypassed after successful...

CVE-2025-47941

TYPO3 is an open source, PHP based web content management system. In versions on the 12.x branch prior to 12.4.31 LTS and the 13.x branch prior to 13.4.2 LTS, the multifactor authentication MFA dialog presented during backend login can be bypassed due to insufficient enforcement of access...

CVE-2025-47941 TYPO3 Has Broken Authentication in Backend MFA

TYPO3 is an open source, PHP based web content management system. In versions on the 12.x branch prior to 12.4.31 LTS and the 13.x branch prior to 13.4.2 LTS, the multifactor authentication MFA dialog presented during backend login can be bypassed due to insufficient enforcement of access...

CVE-2025-47941 TYPO3 Has Broken Authentication in Backend MFA

TYPO3 is an open source, PHP based web content management system. In versions on the 12.x branch prior to 12.4.31 LTS and the 13.x branch prior to 13.4.2 LTS, the multifactor authentication MFA dialog presented during backend login can be bypassed due to insufficient enforcement of access...

CVE-2025-47941 TYPO3 Has Broken Authentication in Backend MFA

TYPO3 is an open source, PHP based web content management system. In versions on the 12.x branch prior to 12.4.31 LTS and the 13.x branch prior to 13.4.2 LTS, the multifactor authentication MFA dialog presented during backend login can be bypassed due to insufficient enforcement of access...

PT-2025-22143 · Typo3 · Typo3

Name of the Vulnerable Software and Affected Versions: TYPO3 versions 12.x prior to 12.4.31 LTS TYPO3 versions 13.x prior to 13.4.2 LTS Description: The issue concerns the multifactor authentication MFA dialog presented during backend login, which can be bypassed due to insufficient enforcement o...

TYPO3 12.0.0 < 12.4.31 / 13.0.0 < 13.4.12 (TYPO3-CORE-SA-2025-015)

The version of TYPO3 installed on the remote host is 12.0.0 prior to 12.4.31 / 13.0.0 prior to 13.4.12. It is, therefore, affected by a vulnerability as referenced in the TYPO3-CORE-SA-2025-015 advisory. - The multifactor authentication MFA dialog presented during backend login can be bypassed du...

ZOHO ManageEngine ADSelfService Plus SQL注入漏洞

ZOHO ManageEngine ADSelfService Plus is ZOHO's integrated self-service password management and single sign-on solution for Active Directory and cloud applications. A security vulnerability exists in ZOHO ManageEngine ADSelfService Plus 6513 and prior versions, which stems from an MFA report of...