Lucene search
+L

155 matches found

Positive Technologies
Positive Technologies
added 2024/04/25 12:0 a.m.4 views

PT-2024-24923 · Zitadel · Zitadel

Name of the Vulnerable Software and Affected Versions: ZITADEL versions prior to 2.50.0 Description: ZITADEL provides users the possibility to use Time-based One-Time-Password TOTP and One-Time-Password OTP through SMS and Email. While ZITADEL already gives administrators the option to define a...

8.1CVSS7.4AI score0.00456EPSS
Exploits0References8
CNNVD
CNNVD
added 2024/01/11 12:0 a.m.8 views

Number withdrawn

Devise-Two-Factor is a minimalist extension to Devise. It is used to provide support for two-factor authentication through the TOTP scheme. This CVE number has been withdrawn...

7AI score
Exploits0References2
OSV
OSV
added 2023/04/14 2:15 p.m.7 views

CVE-2022-45174

An issue was discovered in LIVEBOX Collaboration vDesk through v018. A Bypass of Two-Factor Authentication for SAML Users can occur under the /login/backupcode endpoint and the /api/v1/vdeskintegration/challenge endpoint. The correctness of the TOTP is not checked properly, and can be bypassed by...

9.8CVSS5.8AI score0.01033EPSS
Exploits1References1
OSV
OSV
added 2023/04/14 2:15 p.m.6 views

CVE-2022-45173

An issue was discovered in LIVEBOX Collaboration vDesk through v018. A Bypass of Two-Factor Authentication can occur under the /api/v1/vdeskintegration/challenge endpoint. Because only the client-side verifies whether a check was successful, an attacker can modify the response, and fool the...

9.8CVSS5.8AI score0.01033EPSS
Exploits1References1
SUSE CVE
SUSE CVE
added 2023/02/15 4:5 a.m.3 views

SUSE CVE-2019-19687

OpenStack Keystone 15.0.0 and 16.0.0 is affected by Data Leakage in the list credentials API. Any user with a role on a project is able to list any credentials with the /v3/credentials API when enforcescope is false. Users with a role on a project are able to view any other users' credentials,...

8.8CVSS6.5AI score0.0178EPSS
Exploits1References3
Snyk
Snyk
added 2022/05/24 7:2 p.m.2 views

Access Control Bypass

Overview Affected versions of this package are vulnerable to Access Control Bypass in the MFAUserAccountSetupMVCActionCommand class that allows an authenticated used to deny service to another user by enabling the Time-based One-time password TOTP feature for their account, or by modifying the...

7.1CVSS7AI score0.01115EPSS
Exploits0References2
Snyk
Snyk
added 2022/05/24 7:2 p.m.2 views

Access Control Bypass

Overview Affected versions of this package are vulnerable to Access Control Bypass in the MFAUserAccountSetupMVCActionCommand class that allows an authenticated used to deny service to another user by enabling the Time-based One-time password TOTP feature for their account, or by modifying the...

7.1CVSS7AI score0.01115EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/04/27 12:0 a.m.7 views

Sophos Authenticator 安全漏洞

Sophos Authenticator is a simple and intuitive application from Sophos UK. It is used to provide multiple authentication on mobile devices. Sophos Authenticator suffers from a security vulnerability that stems from insecure data storage. A physical attacker with root privileges could exploit this...

3.9CVSS5.1AI score0.00225EPSS
Exploits0References2
Snyk
Snyk
added 2022/02/23 2:6 p.m.3 views

Time-Based One-Time Password (TOTP) Reuse

Overview Affected versions of this package are vulnerable to Time-Based One-Time Password TOTP Reuse due to an improper fix of CVE-2015-7225, which makes it possible to reuse the OPT after 1 interval 30 seconds by default. If otpalloweddrift is configured, the OTP will be valid for the entire...

5.3CVSS6.8AI score0.01782EPSS
Exploits0References2
OSV
OSV
added 2021/05/16 4:15 p.m.4 views

CVE-2021-29041

Denial-of-service DoS vulnerability in the Multi-Factor Authentication module in Liferay DXP 7.3 before fix pack 1 allows remote authenticated attackers to prevent any user from authenticating by 1 enabling Time-based One-time password TOTP on behalf of the other user or 2 modifying the other...

6.5CVSS5.8AI score0.01115EPSS
Exploits0References2
CNVD
CNVD
added 2020/07/31 12:0 a.m.4 views

Pulse Secure Pulse Connect Secure Authorization Issues Vulnerability

Pulse Secure Pulse Connect Secure a.k.a. PCS, formerly known as Juniper Junos Pulse is a suite of SSL VPN solutions from Pulse Secure in the United States. A security vulnerability exists in versions of Pulse Secure PCS prior to 9.1RB. An attacker could exploit the vulnerability to bypass Google...

8.1CVSS6.7AI score0.02991EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2020/07/30 12:0 a.m.4 views

PT-2020-20025 · Google +1 · Google Totp +1

Name of the Vulnerable Software and Affected Versions: Pulse Connect Secure versions prior to 9.1RB Description: An issue exists where improper authentication allows an attacker with a user's primary credentials to bypass Google TOTP authentication. Recommendations: For versions prior to 9.1RB,...

8.1CVSS6.4AI score0.02991EPSS
Exploits0References3
OSV
OSV
added 2019/12/09 6:15 p.m.4 views

UBUNTU-CVE-2019-19687

OpenStack Keystone 15.0.0 and 16.0.0 is affected by Data Leakage in the list credentials API. Any user with a role on a project is able to list any credentials with the /v3/credentials API when enforcescope is false. Users with a role on a project are able to view any other users' credentials,...

8.8CVSS6.9AI score0.0178EPSS
Exploits1References6
RedHat Linux
RedHat Linux
added 2018/11/13 6:20 p.m.8 views

keycloak: brute force protection not working for the entire login workflow

A flaw was found in Keycloak 4.2.1.Final, 4.3.0.Final. When TOPT enabled, an improper implementation of the Brute Force detection algorithm will not enforce its protection measures...

8.1CVSS5.7AI score0.01159EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2018/11/13 6:16 p.m.6 views

keycloak: brute force protection not working for the entire login workflow

A flaw was found in Keycloak 4.2.1.Final, 4.3.0.Final. When TOPT enabled, an improper implementation of the Brute Force detection algorithm will not enforce its protection measures...

8.1CVSS5.7AI score0.01159EPSS
Exploits0References4
Rows per page
Query Builder