133 matches found
The vulnerability of the cloud platform for protecting applications from unauthorized access by users and Cisco Duo devices for Mac OS, Windows, and RDP applications allows a intruder to replicate user session credentials and gain unauthorized access to the vulnerable device.
The vulnerability of the cloud platform for protecting applications from unauthorized users and Cisco Duo devices for Mac OS, Windows, and RDP applications relates to bypassing the authentication process by exploiting captured parameters during authentication attempts. Exploiting this vulnerabili...
Cisco Duo Authentication for macOS Logon Offline Credentials Replay (cisco-sa-duo-replay-knuNKd)
According to its self-reported version, Cisco Duo Authentication for macOS is affected by a vulnerability. A vulnerability in the offline access mode of Cisco Duo Two-Factor Authentication for macOS and Duo Authentication for Windows Logon and RDP could allow an unauthenticated, physical attacker...
CVE-2023-20123
A vulnerability in the offline access mode of Cisco Duo Two-Factor Authentication for macOS and Duo Authentication for Windows Logon and RDP could allow an unauthenticated, physical attacker to replay valid user session credentials and gain unauthorized access to an affected macOS or Windows...
CVE-2023-20123
A vulnerability in the offline access mode of Cisco Duo Two-Factor Authentication for macOS and Duo Authentication for Windows Logon and RDP could allow an unauthenticated, physical attacker to replay valid user session credentials and gain unauthorized access to an affected macOS or Windows...
Design/Logic Flaw
A vulnerability in the offline access mode of Cisco Duo Two-Factor Authentication for macOS and Duo Authentication for Windows Logon and RDP could allow an unauthenticated, physical attacker to replay valid user session credentials and gain unauthorized access to an affected macOS or Windows...
PT-2023-2213 · Cisco · Cisco Duo
Name of the Vulnerable Software and Affected Versions: Cisco Duo versions affected versions not specified Description: The issue is related to a vulnerability in the offline access mode of Cisco Duo Two-Factor Authentication, which could allow an unauthenticated, physical attacker to replay valid...
CVE-2023-20123 Cisco Duo Authentication for macOS and Duo Authentication for Windows Logon Offline Credentials Replay Vulnerability
A vulnerability in the offline access mode of Cisco Duo Two-Factor Authentication for macOS and Duo Authentication for Windows Logon and RDP could allow an unauthenticated, physical attacker to replay valid user session credentials and gain unauthorized access to an affected macOS or Windows...
CVE-2023-20123
Cisco Duo for macOS and Duo Authentication for Windows Logon offline Credential replay vulnerability (CVE-2023-20123) allows an unauthenticated, physical attacker to replay previously used MFA codes because session credentials do not expire properly. Affected products include Cisco Duo on macOS a...
Cisco Duo 安全漏洞
Cisco Duo is a fully managed solution from Cisco, Inc. It provides secure access to your applications and data. A security vulnerability exists in Cisco Duo Two-Factor Authentication for macOS and Duo Authentication for Windows Logon and RDP, which stems from session credentials that have not...
Insufficient Session Expiration
Description Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization. When handling sessions, web developers can rely either on server tokens or generate session identifiers within the application. Each session should...
Cockpit 代码问题漏洞
Cockpit is an interactive server management interface. An access control error vulnerability exists in Cockpit versions prior to 2.2.0 that stems from insufficient session expiration. An attacker could exploit the vulnerability to take control of an account using expired session credentials...
IBM Engineering Requirements Quality Assistant 跨站脚本漏洞
IBM Engineering Requirements Quality Assistant is a Watson AI-based software from IBM to assist developers in improving the quality of engineering requirements. All versions of IBM Engineering Requirements Quality Assistant are vulnerable to a cross-site scripting vulnerability that stems from a...
DEBIAN-CVE-2022-31085
LDAP Account Manager LAM is a webfrontend for managing entries e.g. users, groups, DHCP settings stored in an LDAP directory. In versions prior to 8.0 the session files include the LDAP user name and password in clear text if the PHP OpenSSL extension is not installed or encryption is disabled by...
CVE-2022-24042
A vulnerability has been identified in Desigo DXR2 All versions V01.21.142.5-22, Desigo PXC3 All versions V01.21.142.4-18, Desigo PXC4 All versions V02.20.142.10-10884, Desigo PXC5 All versions V02.20.142.10-10884. The web application returns an AuthToken that does not expire at the defined auto...
Authorization
A vulnerability has been identified in Desigo DXR2 All versions V01.21.142.5-22, Desigo PXC3 All versions V01.21.142.4-18, Desigo PXC4 All versions V02.20.142.10-10884, Desigo PXC5 All versions V02.20.142.10-10884. The web application returns an AuthToken that does not expire at the defined auto...
CVE-2022-24042
A vulnerability has been identified in Desigo DXR2 All versions V01.21.142.5-22, Desigo PXC3 All versions V01.21.142.4-18, Desigo PXC4 All versions V02.20.142.10-10884, Desigo PXC5 All versions V02.20.142.10-10884. The web application returns an AuthToken that does not expire at the defined auto...
多款Siemens产品代码问题漏洞
Desigo DXR2 controllers are programmable automation stations to support the standard control needs of end HVAC equipment and TRA Total Room Automation applications. the Desigo PXC3 series of automation stations can be used in buildings where functionality and flexibility are more demanding. Use...
CVE-2022-25014
Ice Hrm 30.0.0.OS was discovered to contain a reflected cross-site scripting XSS vulnerability via the "m" parameter in the Dashboard of the current user. This vulnerability allows attackers to compromise session credentials via user interaction with a crafted link...
CVE-2021-34739
A vulnerability in the web-based management interface of multiple Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to replay valid user session credentials and gain unauthorized access to the web-based management interface of an affected device. This...
Design/Logic Flaw
A vulnerability in the web-based management interface of multiple Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to replay valid user session credentials and gain unauthorized access to the web-based management interface of an affected device. This...