CVE-2022-40725

PingID Desktop prior to the latest released version 1.7.4 contains a vulnerability that can be exploited to bypass the maximum PIN attempts permitted before the time-based lockout is activated...

EulerOS 2.0 SP9 : kernel (EulerOS-SA-2023-1487)

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Bluetooth legacy BR/EDR PIN code pairing in Bluetooth Core Specification 1.0B through 5.2 may permit an unauthenticated nearby device to spoof t...

SUSE CVE-2016-9800

In BlueZ 5.42, a buffer overflow was observed in "pincodereplydump" function in "tools/parser/hci.c" source file. The issue exists because "pin" array is overflowed by supplied parameter due to lack of boundary checks on size of the buffer from frame "pincodereplycp cp" parameter...

SUSE CVE-2020-26555

Bluetooth legacy BR/EDR PIN code pairing in Bluetooth Core Specification 1.0B through 5.2 may permit an unauthenticated nearby device to spoof the BDADDR of the peer device to complete pairing without knowledge of the PIN...

CVE-2022-4312

A cleartext storage of sensitive information vulnerability exists in PcVue versions 8.10 through 15.2.3. This could allow an unauthorized user with access the email and short messaging service SMS accounts configuration files to discover the associated simple mail transfer protocol SMTP account...

CVE-2022-25837

Bluetooth® Pairing in Bluetooth Core Specification v1.0B through v5.3 may permit an unauthenticated MITM to acquire credentials with two pairing devices via adjacent access when at least one device supports BR/EDR Secure Connections pairing and the other BR/EDR Legacy PIN code pairing if the MITM...

PT-2022-5920 · Linux +1 · Linux Kernel +1

Name of the Vulnerable Software and Affected Versions: Bluetooth Core Specification versions 1.0B through 5.3 Linux kernel affected versions not specified Description: The issue concerns Bluetooth pairing and may allow an unauthenticated Man-In-The-Middle MITM attacker to acquire credentials when...

CVE-2022-45877

OpenHarmony-v3.1.4 and prior versions had an vulnerability. PIN code is transmitted to the peer device in plain text during cross-device authentication, which reduces the difficulty of man-in-the-middle attacks...

CVE-2022-45877

OpenHarmony v3.1.4 and earlier are affected by CVE-2022-45877, where the PIN code is transmitted in plaintext during cross-device authentication, enabling easier MITM attempts. Affected component: cross-device authentication flow in OpenHarmony before 3.1.4. Root cause: PIN code transmitted in pl...

PT-2022-27665 · Unknown · Openharmony

Name of the Vulnerable Software and Affected Versions: OpenHarmony versions prior to 3.1.4 Description: The issue allows a PIN code to be transmitted in plain text during cross-device authentication, making it easier for attackers to perform man-in-the-middle attacks. Recommendations: For version...

Authentication flaw

An improper authentication vulnerability exists in Rocket.Chat Mobile App 4.14.1.22788 that allowed an attacker with physical access to a mobile device to bypass local authentication PIN code...

CVE-2022-30124

An improper authentication vulnerability exists in Rocket.Chat Mobile App 4.14.1.22788 that allowed an attacker with physical access to a mobile device to bypass local authentication PIN code...

Code injection

An issue was discovered in DSK DSKNet 2.16.136.0 and 2.17.136.5. It mishandles access control. This allows a remote attacker to access account information pages including personal data without being authenticated. The collected information includes the badge numbers that operate as user login...

CVE-2022-24689

The CVE-2022-24689 entry concerns DSK DSKNet 2.16.136.0 and 2.17.136.5, where broken access control allows an unauthenticated remote attacker to view account information pages (including personal data) and obtain login badge numbers; PINs are four-digit and susceptible to a 10,000-guess brute for...

CVE-2022-24689

An issue was discovered in DSK DSKNet 2.16.136.0 and 2.17.136.5. It mishandles access control. This allows a remote attacker to access account information pages including personal data without being authenticated. The collected information includes the badge numbers that operate as user login...

CVE-2021-37116

PCManager has a Weaknesses Introduced During Design vulnerability .Successful exploitation of this vulnerability may cause that the PIN of the subscriber is changed...

CVE-2021-42111

An issue was discovered in the RCDevs OpenOTP app 1.4.13 and 1.4.14 for iOS. If it is installed on a jailbroken device, it is possible to retrieve the PIN code used to access the application. The IOS app version 1.4.1631262629 resolves this issue by storing a hash PIN code...

Code injection

An issue was discovered in the RCDevs OpenOTP app 1.4.13 and 1.4.14 for iOS. If it is installed on a jailbroken device, it is possible to retrieve the PIN code used to access the application. The IOS app version 1.4.1631262629 resolves this issue by storing a hash PIN code...

CVE-2021-42111

The CVE-2021-42111 entry concerns the RCDevs OpenOTP iOS app (versions 1.4.13 and 1.4.14). If installed on a jailbroken device, the PIN used to access the application can be retrieved. A fix is available in the iOS version 1.4.1631262629, which stores the PIN as a hash. This is a local vulnerabil...

CVE-2021-42111

An issue was discovered in the RCDevs OpenOTP app 1.4.13 and 1.4.14 for iOS. If it is installed on a jailbroken device, it is possible to retrieve the PIN code used to access the application. The IOS app version 1.4.1631262629 resolves this issue by storing a hash PIN code...