CVE-2025-30235

Shearwater SecurEnvoy SecurAccess Enrol before 9.4.515 is intended to disable accounts that have had more than 10 failed authentication attempts, but instead allows hundreds of failed authentication attempts, because concurrent attempts are mishandled...

CVE-2025-30236

CVE-2025-30236 affects Shearwater SecurEnvoy SecurAccess Enrol before 9.4.515. A POST request containing a SESSION parameter can bypass the password check and authenticate with a six‑digit TOTP code, enabling potential unauthorized access. The CVSS 3.1 base score is 8.6 (HIGH) with network attack...

CVE-2025-30235

Shearwater SecurEnvoy SecurAccess Enrol before 9.4.515 is intended to disable accounts that have had more than 10 failed authentication attempts, but instead allows hundreds of failed authentication attempts, because concurrent attempts are mishandled...

Shearwater SecurEnvoy SecurAccess Enrol 安全漏洞

Shearwater SecurEnvoy SecurAccess Enrol is a zero-trust security solution from Shearwater SecurEnvoy. A security vulnerability exists in Shearwater SecurEnvoy SecurAccess Enrol versions prior to 9.4.515, which stems from authentication by only a six-digit TOTP code...