46 matches found
CVE-2009-10007
CVE-2009-10007 affects Catalyst::Plugin::Authentication for Perl prior to 0.10_027. The vulnerability arises because the plugin does not automatically change the session id after authentication, enabling session fixation where an attacker with a valid session cookie can impersonate the victim. Do...
CVE-2009-10007
Catalyst::Plugin::Authentication versions before 0.10027 for Perl is susceptible to session fixation attacks. Catalyst::Plugin::Authentication does not automatically change the session id after authentication. An attacker that obtains a session id cookie can use this to impersonate the victim...
CVE-2026-10611
An authentication bypass vulnerability exists in MISP when LDAP mixed authentication is enabled with OTP enforcement. In deployments configured with LdapAuth.mixedAuth=true and Security.requireotp=true, users authenticated through an authentication plugin, such as LDAP, may have their authenticat...
CVE-2026-10611
An authentication bypass vulnerability exists in MISP when LDAP mixed authentication is enabled with OTP enforcement. In deployments configured with LdapAuth.mixedAuth=true and Security.requireotp=true, users authenticated through an authentication plugin, such as LDAP, may have their authenticat...
CVE-2026-10611 OTP bypass via plugin-based LDAP authentication in MISP when LDAP mixed authentication is enabled
An authentication bypass vulnerability exists in MISP when LDAP mixed authentication is enabled with OTP enforcement. In deployments configured with LdapAuth.mixedAuth=true and Security.requireotp=true, users authenticated through an authentication plugin, such as LDAP, may have their authenticat...
CVE-2026-10611
An authentication bypass vulnerability exists in MISP when LDAP mixed authentication is enabled with OTP enforcement. In deployments configured with LdapAuth.mixedAuth=true and Security.requireotp=true, users authenticated through an authentication plugin, such as LDAP, may have their authenticat...
EUVD-2026-33917
An authentication bypass vulnerability exists in MISP when LDAP mixed authentication is enabled with OTP enforcement. In deployments configured with LdapAuth.mixedAuth=true and Security.requireotp=true, users authenticated through an authentication plugin, such as LDAP, may have their authenticat...
[SECURITY] Fedora 44 Update: perl-Catalyst-Plugin-Authentication-0.10026-1.fc44
The authentication plugin provides generic user support for Catalyst apps. It is the basis for both authentication checking the user is who they claim to be, and authorization allowing the user to do what the system authorizes them to do...
PT-2026-45744
An authentication bypass vulnerability exists in MISP when LDAP mixed authentication is enabled with OTP enforcement. In deployments configured with LdapAuth.mixedAuth=true and Security.require otp=true, users authenticated through an authentication plugin, such as LDAP, may have their...
CVE-2026-5091
A flaw was found in Catalyst::Plugin::Authentication. This vulnerability allows a remote attacker to conduct timing attacks by observing discrepancies in the time it takes to compare passwords or hashes. This could enable the attacker to guess the underlying hash or password, leading to...
MGASA-2026-0160 Updated perl-Catalyst-Plugin-Authentication package fixes a security vulnerability
The updated package fixes a security vulnerability: Catalyst::Plugin::Authentication versions through 0.10024 for Perl is susceptible to timing attacks. CVE-2026-5091...
Linux Distros Unpatched Vulnerability : CVE-2026-5091
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Catalyst::Plugin::Authentication versions through 0.10024 for Perl is susceptible to timing attacks. These versions use Perl's built-in eq comparison...
CVE-2026-5091
Catalyst::Plugin::Authentication versions through 0.10024 for Perl is susceptible to timing attacks. These versions use Perl's built-in eq comparison. Discrepencies in timing could be used to guess the underlying hash or password...
UBUNTU-CVE-2026-5091
Catalyst::Plugin::Authentication versions through 0.10024 for Perl is susceptible to timing attacks. These versions use Perl's built-in eq comparison. Discrepencies in timing could be used to guess the underlying hash or password...
CVE-2026-5091
Catalyst::Plugin::Authentication versions through 0.10024 for Perl is susceptible to timing attacks. These versions use Perl's built-in eq comparison. Discrepencies in timing could be used to guess the underlying hash or password...
CVE-2026-5091
CVE-2026-5091 affects Catalyst::Plugin::Authentication up to version 0.10024 for Perl. The issue is a timing-attack vulnerability arising from using Perl’s built-in eq comparison, enabling an attacker with local access to distinguish timing differences and potentially infer the underlying hash or...
CVE-2026-5091
Catalyst::Plugin::Authentication versions through 0.10024 for Perl is susceptible to timing attacks. These versions use Perl's built-in eq comparison. Discrepencies in timing could be used to guess the underlying hash or password...
Catalyst-Plugin-Authentication 安全漏洞
Catalyst-Plugin-Authentication is an open-source authentication plugin framework developed by Catalyst. Versions of Catalyst-Plugin-Authentication prior to 0.10024 contain security vulnerabilities; these vulnerabilities stem from the use of the Perl built-in eq comparison function, which may lead...
PT-2026-42551
Catalyst::Plugin::Authentication versions through 0.10024 for Perl is susceptible to timing attacks. These versions use Perl's built-in eq comparison. Discrepencies in timing could be used to guess the underlying hash or password...
CVE-2026-41394 OpenClaw < 2026.3.31 - Unauthorized Operator Scope Access in Unauthenticated Plugin-Auth Routes
OpenClaw before 2026.3.31 contains an authentication bypass vulnerability where unauthenticated plugin-auth HTTP routes receive operator runtime write scopes. Attackers can access these routes without authentication to perform privileged runtime actions intended for authorized operators...