33 matches found
EUVD-2023-44927
Malicious code in bioql PyPI...
EUVD-2022-28659
Malicious code in bioql PyPI...
CVE-2022-23723
An MFA bypass vulnerability exists in the PingFederate PingOne MFA Integration Kit when adapter HTML templates are used as part of an authentication flow...
GHSA-7726-43HG-M23V OpenAM FreeMarker template injection
OpenAM is an open access management solution. In versions 15.0.3 and prior, the getCustomLoginUrlTemplate method in RealmOAuth2ProviderSettings.java is vulnerable to template injection due to its usage of user input. Although the developer intended to implement a custom URL for handling login to...
CVE-2024-41667
OpenAM
CVE-2023-40356
PingOne MFA Integration Kit contains a vulnerability related to the Prompt Users to Set Up MFA configuration. Under certain conditions, this configuration could allow for a new MFA device to be paired with a target user account without requiring second-factor authentication from the target’s...
CVE-2023-40702
PingOne MFA Integration Kit contains a vulnerability where the skipMFA action can be configured such that user authentication does not require the second factor authentication from the user's existing registered devices. A threat actor might be able to exploit this vulnerability to authenticate a...
CVE-2023-40356 PingOne MFA Integration Kit MFA bypass
PingOne MFA Integration Kit contains a vulnerability related to the Prompt Users to Set Up MFA configuration. Under certain conditions, this configuration could allow for a new MFA device to be paired with a target user account without requiring second-factor authentication from the target’s...
CVE-2023-40356
Affected software: PingOne MFA Integration Kit. Vulnerability: a flaw in the MFA setup prompt could allow pairing a new MFA device with a target user without requiring second‑factor authentication from the user’s existing devices. Root cause / trigger (as stated): may be exploited by a threat act...
CVE-2023-40356 PingOne MFA Integration Kit MFA bypass
PingOne MFA Integration Kit contains a vulnerability related to the Prompt Users to Set Up MFA configuration. Under certain conditions, this configuration could allow for a new MFA device to be paired with a target user account without requiring second-factor authentication from the target’s...
CVE-2023-40702 PingOne MFA Integration Kit MFA bypass
PingOne MFA Integration Kit contains a vulnerability where the skipMFA action can be configured such that user authentication does not require the second factor authentication from the user's existing registered devices. A threat actor might be able to exploit this vulnerability to authenticate a...
CVE-2023-40702
CVE-2023-40702 affects PingOne MFA Integration Kit (Ping Identity). The vulnerability arises from misconfiguration of the skipMFA action, allowing a bypass of second-factor authentication so a threat actor with knowledge of a target user’s first-factor credentials can authenticate as that user. R...
CVE-2023-40702 PingOne MFA Integration Kit MFA bypass
PingOne MFA Integration Kit contains a vulnerability where the skipMFA action can be configured such that user authentication does not require the second factor authentication from the user's existing registered devices. A threat actor might be able to exploit this vulnerability to authenticate a...
PingOne MFA Integration Kit Security Vulnerability
The PingOne MFA Integration Kit is an integration kit from Ping Identity designed to help developers integrate Multi-Factor Authentication MFA functionality into their applications or services. A security vulnerability exists in PingOne MFA Integration Kit versions prior to 2.3.1, which stems fro...
CVE-2023-39231
PingFederate using the PingOne MFA adapter allows a new MFA device to be paired without requiring second factor authentication from an existing registered device. A threat actor may be able to exploit this vulnerability to register their own MFA device if they have knowledge of a victim user's...
CVE-2023-39231
PingFederate using the PingOne MFA adapter allows a new MFA device to be paired without requiring second factor authentication from an existing registered device. A threat actor may be able to exploit this vulnerability to register their own MFA device if they have knowledge of a victim user's...
CVE-2023-39231 PingFederate PingOne MFA IK Device Pairing Second Factor Authentication Bypass
PingFederate using the PingOne MFA adapter allows a new MFA device to be paired without requiring second factor authentication from an existing registered device. A threat actor may be able to exploit this vulnerability to register their own MFA device if they have knowledge of a victim user's...
CVE-2023-39231
CVE-2023-39231 affects PingFederate with the PingOne MFA adapter, where a threat actor who knows a victim’s first-factor credentials can pair a new MFA device without second-factor authentication. Core impact is unauthorized MFA enrollment, risking account compromise. Affected product/adapter and...
CVE-2023-39231 PingFederate PingOne MFA IK Device Pairing Second Factor Authentication Bypass
PingFederate using the PingOne MFA adapter allows a new MFA device to be paired without requiring second factor authentication from an existing registered device. A threat actor may be able to exploit this vulnerability to register their own MFA device if they have knowledge of a victim user's...
MAL-2022-502 Malicious code in @pingone/net (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0b034c29b3becd2d3619e28b984139f85ed7d62e1ab8fd2d0eeb30d54571102a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...