Lucene search
K

133 matches found

BDU FSTEC
BDU FSTEC
added 2023/04/11 12:0 a.m.4 views

The vulnerability of the cloud platform for protecting applications from unauthorized access by users and Cisco Duo devices for Mac OS, Windows, and RDP applications allows a intruder to replicate user session credentials and gain unauthorized access to the vulnerable device.

The vulnerability of the cloud platform for protecting applications from unauthorized users and Cisco Duo devices for Mac OS, Windows, and RDP applications relates to bypassing the authentication process by exploiting captured parameters during authentication attempts. Exploiting this vulnerabili...

6.3CVSS5.5AI score0.00247EPSS
Exploits0References3Affected Software1
Tenable Nessus
Tenable Nessus
added 2023/04/06 12:0 a.m.12 views

Cisco Duo Authentication for macOS Logon Offline Credentials Replay (cisco-sa-duo-replay-knuNKd)

According to its self-reported version, Cisco Duo Authentication for macOS is affected by a vulnerability. A vulnerability in the offline access mode of Cisco Duo Two-Factor Authentication for macOS and Duo Authentication for Windows Logon and RDP could allow an unauthenticated, physical attacker...

6.3CVSS5.2AI score0.00247EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2023/04/05 11:0 p.m.3 views

CVE-2023-20123

A vulnerability in the offline access mode of Cisco Duo Two-Factor Authentication for macOS and Duo Authentication for Windows Logon and RDP could allow an unauthenticated, physical attacker to replay valid user session credentials and gain unauthorized access to an affected macOS or Windows...

6.3CVSS5.9AI score0.00247EPSS
Exploits0References2
NVD
NVD
added 2023/04/05 7:15 p.m.15 views

CVE-2023-20123

A vulnerability in the offline access mode of Cisco Duo Two-Factor Authentication for macOS and Duo Authentication for Windows Logon and RDP could allow an unauthenticated, physical attacker to replay valid user session credentials and gain unauthorized access to an affected macOS or Windows...

6.3CVSS6.5AI score0.00247EPSS
Exploits0References1
Prion
Prion
added 2023/04/05 7:15 p.m.17 views

Design/Logic Flaw

A vulnerability in the offline access mode of Cisco Duo Two-Factor Authentication for macOS and Duo Authentication for Windows Logon and RDP could allow an unauthenticated, physical attacker to replay valid user session credentials and gain unauthorized access to an affected macOS or Windows...

2.1CVSS5AI score0.00247EPSS
Exploits0References1Affected Software2
Positive Technologies
Positive Technologies
added 2023/04/05 12:0 a.m.6 views

PT-2023-2213 · Cisco · Cisco Duo

Name of the Vulnerable Software and Affected Versions: Cisco Duo versions affected versions not specified Description: The issue is related to a vulnerability in the offline access mode of Cisco Duo Two-Factor Authentication, which could allow an unauthenticated, physical attacker to replay valid...

6.3CVSS4.6AI score0.00247EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2023/04/05 12:0 a.m.10 views

CVE-2023-20123 Cisco Duo Authentication for macOS and Duo Authentication for Windows Logon Offline Credentials Replay Vulnerability

A vulnerability in the offline access mode of Cisco Duo Two-Factor Authentication for macOS and Duo Authentication for Windows Logon and RDP could allow an unauthenticated, physical attacker to replay valid user session credentials and gain unauthorized access to an affected macOS or Windows...

6.3CVSS7.5AI score0.00247EPSS
Exploits0References1
CVE
CVE
added 2023/04/05 12:0 a.m.101 views

CVE-2023-20123

Cisco Duo for macOS and Duo Authentication for Windows Logon offline Credential replay vulnerability (CVE-2023-20123) allows an unauthenticated, physical attacker to replay previously used MFA codes because session credentials do not expire properly. Affected products include Cisco Duo on macOS a...

6.3CVSS5.4AI score0.00247EPSS
Exploits0References1Affected Software2
CNNVD
CNNVD
added 2023/04/05 12:0 a.m.5 views

Cisco Duo 安全漏洞

Cisco Duo is a fully managed solution from Cisco, Inc. It provides secure access to your applications and data. A security vulnerability exists in Cisco Duo Two-Factor Authentication for macOS and Duo Authentication for Windows Logon and RDP, which stems from session credentials that have not...

6.3CVSS5.2AI score0.00247EPSS
Exploits0References3
Huntr
Huntr
added 2023/02/19 10:33 a.m.21 views

Insufficient Session Expiration

Description Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization. When handling sessions, web developers can rely either on server tokens or generate session identifiers within the application. Each session should...

7.5CVSS8.9AI score0.00438EPSS
Exploits0References1
CNNVD
CNNVD
added 2022/08/08 12:0 a.m.5 views

Cockpit 代码问题漏洞

Cockpit is an interactive server management interface. An access control error vulnerability exists in Cockpit versions prior to 2.2.0 that stems from insufficient session expiration. An attacker could exploit the vulnerability to take control of an account using expired session credentials...

9.8CVSS5.6AI score0.00956EPSS
Exploits1References3
CNNVD
CNNVD
added 2022/07/18 12:0 a.m.3 views

IBM Engineering Requirements Quality Assistant 跨站脚本漏洞

IBM Engineering Requirements Quality Assistant is a Watson AI-based software from IBM to assist developers in improving the quality of engineering requirements. All versions of IBM Engineering Requirements Quality Assistant are vulnerable to a cross-site scripting vulnerability that stems from a...

5.4CVSS5.6AI score0.00421EPSS
Exploits0References4
OSV
OSV
added 2022/06/27 9:15 p.m.2 views

DEBIAN-CVE-2022-31085

LDAP Account Manager LAM is a webfrontend for managing entries e.g. users, groups, DHCP settings stored in an LDAP directory. In versions prior to 8.0 the session files include the LDAP user name and password in clear text if the PHP OpenSSL extension is not installed or encryption is disabled by...

6.1CVSS6.1AI score0.00257EPSS
Exploits0References1
NVD
NVD
added 2022/05/10 11:15 a.m.25 views

CVE-2022-24042

A vulnerability has been identified in Desigo DXR2 All versions V01.21.142.5-22, Desigo PXC3 All versions V01.21.142.4-18, Desigo PXC4 All versions V02.20.142.10-10884, Desigo PXC5 All versions V02.20.142.10-10884. The web application returns an AuthToken that does not expire at the defined auto...

9.1CVSS0.00899EPSS
Exploits0References1
Prion
Prion
added 2022/05/10 11:15 a.m.11 views

Authorization

A vulnerability has been identified in Desigo DXR2 All versions V01.21.142.5-22, Desigo PXC3 All versions V01.21.142.4-18, Desigo PXC4 All versions V02.20.142.10-10884, Desigo PXC5 All versions V02.20.142.10-10884. The web application returns an AuthToken that does not expire at the defined auto...

6.4CVSS8.9AI score0.00899EPSS
Exploits0References1Affected Software4
Cvelist
Cvelist
added 2022/05/10 9:46 a.m.22 views

CVE-2022-24042

A vulnerability has been identified in Desigo DXR2 All versions V01.21.142.5-22, Desigo PXC3 All versions V01.21.142.4-18, Desigo PXC4 All versions V02.20.142.10-10884, Desigo PXC5 All versions V02.20.142.10-10884. The web application returns an AuthToken that does not expire at the defined auto...

9.1AI score0.00899EPSS
Exploits0References1
CNNVD
CNNVD
added 2022/05/10 12:0 a.m.26 views

多款Siemens产品代码问题漏洞

Desigo DXR2 controllers are programmable automation stations to support the standard control needs of end HVAC equipment and TRA Total Room Automation applications. the Desigo PXC3 series of automation stations can be used in buildings where functionality and flexibility are more demanding. Use...

9.1CVSS8.2AI score0.00899EPSS
Exploits0References5
NVD
NVD
added 2022/02/28 7:15 p.m.14 views

CVE-2022-25014

Ice Hrm 30.0.0.OS was discovered to contain a reflected cross-site scripting XSS vulnerability via the "m" parameter in the Dashboard of the current user. This vulnerability allows attackers to compromise session credentials via user interaction with a crafted link...

6.1CVSS0.00705EPSS
Exploits1References1
NVD
NVD
added 2021/11/04 4:15 p.m.18 views

CVE-2021-34739

A vulnerability in the web-based management interface of multiple Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to replay valid user session credentials and gain unauthorized access to the web-based management interface of an affected device. This...

8.1CVSS0.01617EPSS
Exploits0References1
Prion
Prion
added 2021/11/04 4:15 p.m.17 views

Design/Logic Flaw

A vulnerability in the web-based management interface of multiple Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to replay valid user session credentials and gain unauthorized access to the web-based management interface of an affected device. This...

6.8CVSS8AI score0.01617EPSS
Exploits0References1Affected Software194
Rows per page
Query Builder