PT-2024-34254 · Unknown · Swoop 1-Click Login: Passwordless Authentication

Name of the Vulnerable Software and Affected Versions: Swoop 1-Click Login: Passwordless Authentication version 1.4.5 Description: The issue is related to an Authentication Bypass by Primary Weakness vulnerability in the Passwordless Authentication feature. This vulnerability allows for...

WordPress 1-Click Login: Passwordless Authentication plugin 1.4.5 - Broken Authentication vulnerability

Broken Authentication vulnerability discovered by stealthcopter Patchstack Alliance in WordPress Plugin 1-Click Login: Passwordless Authentication versions 1.4.5...

WordPress 1-Click Login: Passwordless Authentication Plugin 1.4.5 is vulnerable to Broken Authentication

Software 1-Click Login: Passwordless Authentication Type Plugin Vulnerable versions 1.4.5 Fixed in N/A OWASP Top 10 A4: Insecure Design Classification Broken Authentication CVE CVE-2024-50478 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 2b1c10f4ccc7 Credits...

Beyond Passwords: Advanced API Authentication Strategies for Enhanced Security

Passwordless authentication for end users is taking the world by storm, offering organizations and individuals alike unprecedented security, user experience, and efficiency benefits. By all indications, the next generation of authentication for end users has finally arrived, sending the password...

Modernization of Authentication: Webinar on MFA, Passwords, and the Shift to Passwordless

The interest in passwordless authentication has increased due to the rise of hybrid work environments and widespread digitization. This has led to a greater need for reliable data security and user-friendly interfaces. Without these measures, organizations are at risk of experiencing data breache...

Optigo ONS-S8 安全漏洞

The Optigo ONS-S8 is an intelligent industrial switch from Optigo. A security vulnerability exists in Optigo ONS-S 81.3.7 and earlier versions, which stems from a web server containing an incomplete authentication process that could lead to an attacker completing authentication without a password...

PT-2024-31581 · Spectra · Ons-S8

Name of the Vulnerable Software and Affected Versions: ONS-S8 - Spectra Aggregation Switch affected versions not specified Description: The web server for ONS-S8 - Spectra Aggregation Switch includes an incomplete authentication process, which can lead to an attacker authenticating without a...

Improper Authentication

Overview Affected versions of this package are vulnerable to Improper Authentication due to the improper handling of the requiredaal setting in the authentication process. An attacker can bypass multi-factor authentication requirements by exploiting the incorrect storage of availableaal values in...

CVE-2024-45042 Ory Kratos's `highest_available` setting does not properly respect code + mfa credentials

Ory Kratos is an identity, user management and authentication system for cloud services. Prior to version 1.3.0, given a number of preconditions, the highestavailable setting will incorrectly assume that the identity’s highest available AAL is aal1 even though it really is aal2. This means that t...

BMC Remedy Mid Tier 安全漏洞

BMC Remedy Mid Tier is an application from BMC USA, Inc. It is used to act as a client for the Remedy AR System server and a server for the browser. A security vulnerability exists in BMC Remedy Mid Tier version 7.6.04 that originates from an unauthorized remote attacker being able to access any...

Say Goodbye to Phishing: Must-Haves to Eliminate Credential Theft

Even as cyber threats become increasingly sophisticated, the number one attack vector for unauthorized access remains phished credentials Verizon DBIR, 2024. Solving this problem resolves over 80% of your corporate risk, and a solution is possible. However, most tools available on the market toda...

Why Is It So Challenging to Go Passwordless?

Imagine a world where you never have to remember another password. Seems like a dream come true for both end users and IT teams, right? But as the old saying goes, "If it sounds too good to be true, it probably is." If your organization is like many, you may be contemplating a move to passwordles...

PT-2024-30018 · Unknown · Hotel Management System

Name of the Vulnerable Software and Affected Versions: Hotel Management System version 79d688 Description: An issue in the login component, specifically in the process login.php file, allows attackers to authenticate without providing a valid password. This enables unauthorized access to the...

CVE-2024-1721

Improper Verification of Cryptographic Signature vulnerability in HYPR Passwordless on Windows allows Malicious Software Update.This issue affects HYPR Passwordless: before 9.1...

CVE-2024-1721

Improper Verification of Cryptographic Signature vulnerability in HYPR Passwordless on Windows allows Malicious Software Update.This issue affects HYPR Passwordless: before 9.1...

CVE-2024-1721

HYPR Passwordless (Windows) has an improper verification of cryptographic signatures during software updates, affecting versions before 9.1. Root cause: the update process does not reliably verify signatures, enabling a malicious software update to be applied. Impact is described as compromising ...

HYPR 安全漏洞

HYPR is a security application from HYPR that implements Passwordless. A security vulnerability exists in HYPR Passwordless versions prior to 9.1 that stems from a cryptographic signature vulnerability in HYPR Passwordless on Windows that improperly verifies allowing malware updates...

PT-2024-18251 · Hypr · Hypr Passwordless

Name of the Vulnerable Software and Affected Versions: HYPR Passwordless versions prior to 9.1 Description: The issue is related to an Improper Verification of Cryptographic Signature vulnerability in HYPR Passwordless on Windows, which allows for a Malicious Software Update. Recommendations: For...

GHSA-P9MP-VQ4V-V5M5 eZ Publish Legacy Passwordless login for LDAP users

This security advisory fixes a vulnerability in eZ Publish Legacy, and we recommend that you install it as soon as possible if you are using Legacy. Installations that are using the legacy LDAP login handler or the TextFile login handler in combination with the standard legacy login handler, may ...

eZ Publish Legacy Passwordless login for LDAP users

This security advisory fixes a vulnerability in eZ Publish Legacy, and we recommend that you install it as soon as possible if you are using Legacy. Installations that are using the legacy LDAP login handler or the TextFile login handler in combination with the standard legacy login handler, may ...