155 matches found
SUSE CVE-2025-6014
Vault and Vault Enterprise's “Vault” TOTP Secrets Engine code validation endpoint is susceptible to code reuse within its validity period. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23...
eduMFA: Incorrect InnoDB snapshot isolation possibly allows token reusage
Impact For deployments using MySQL or MariaDB = 11.6.2 the default is ON, which is not affected - Same rules applies for Galera with underlying MariaDB Patches Fixed in version 2.9.1 by locking rows prior to write with SELECT FOR UPDATE. Workarounds Set innodbsnapshotisolation to ON default in...
Exposure Of Sensitive Information
io.github.davidalmeidac, sealed-env-core is vulnerable to Exposure of Sensitive Information. The vulnerability is due to embedding the operator’s plaintext TOTP secret in the base64-encoded JWS payload of minted unseal tokens, which allows an attacker to decode observed tokens from logs,...
Duplicate Advisory: phpMyFAQ enables unauthenticated 2FA brute-force attack via /admin/check acceptance of arbitrary user-id
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-9pq7-mfwh-xx2j. This link is maintained to preserve external references. Original Description phpMyFAQ before 4.1.2 contains an improper restriction of excessive authentication attempts vulnerability in the...
CVE-2026-46474 Trog::TOTP versions before 1.006 for Perl generate secrets using rand
Trog::TOTP versions before 1.006 for Perl generate secrets using rand. Secrets were generated using Perl's built-in rand function, which is predictable and unsuitable for security usage...
EUVD-2026-30577
Trog::TOTP versions before 1.006 for Perl generate secrets using rand. Secrets were generated using Perl's built-in rand function, which is predictable and unsuitable for security usage...
CVE-2026-42452
Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. Prior to version 2.1.0, /users/login issues a temporary JWT temptoken for TOTP-enabled accounts. That token carries a pendingTOTP state and should only be valid for the second-factor flow...
sealed-env 信息泄露漏洞
Sealed-Env is a cross-platform zero-trust key management library developed by David Almeida. It supports encrypted storage and TOTP verification. Versions of Sealed-Env from 0.1.0-alpha.1 to 0.1.0-alpha.3 contained information leakage vulnerabilities. These vulnerabilities stemmed from the fact...
CVE-2026-42452 Termix: Pending-TOTP temporary token can regenerate backup codes and neutralize TOTP
Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. Prior to version 2.1.0, /users/login issues a temporary JWT temptoken for TOTP-enabled accounts. That token carries a pendingTOTP state and should only be valid for the second-factor flow...
CVE-2026-41660
Admidio prior to version 5.0.9 contains an inverted authorization check in two_factor_authentication.php that allows non-admin group leaders with profile edit rights on an admin account to strip that admin’s 2FA, compromising admin accounts. The issue is fixed in 5.0.9; upgrade to 5.0.9+ to mitig...
Admidio 安全漏洞
Admidio is a set of open-source member management systems developed by the Admidio team. This system supports features such as member lists, event management, message boards, photo albums, and downloads. Prior to Admidio 5.0.9, there were security vulnerabilities. These vulnerabilities stemmed fr...
GHSA-9PQ7-MFWH-XX2J phpMyFAQ enables unauthenticated 2FA brute-force attack via /admin/check acceptance of arbitrary user-id
Summary The /admin/check endpoint in AuthenticationController implements SkipsAuthenticationCheck, making it reachable without any prior authentication. An anonymous attacker Bob can POST arbitrary user-id and token values to brute-force any user's 6-digit TOTP code. No rate limiting exists. The...
CVE-2026-28510
eLabFTW is an open source electronic lab notebook. In elabftw versions through 5.4.1, the login flow did not reliably preserve the multi-factor authentication state across authentication steps. Under certain conditions, an attacker with valid primary credentials could complete authentication with...
EUVD-2026-27311
eLabFTW is an open source electronic lab notebook. In elabftw versions through 5.4.1, the login flow did not reliably preserve the multi-factor authentication state across authentication steps. Under certain conditions, an attacker with valid primary credentials could complete authentication with...
CVE-2026-28510 elabftw allows MFA bypass during login
eLabFTW is an open source electronic lab notebook. In elabftw versions through 5.4.1, the login flow did not reliably preserve the multi-factor authentication state across authentication steps. Under certain conditions, an attacker with valid primary credentials could complete authentication with...
CVE-2026-4116
Improper handling of Unicode encoding in SonicWall SMA1000 series appliances allows a remote authenticated SSLVPN user to bypass Workplace/Connect Tunnel TOTP authentication...
CVE-2026-4114
Improper handling of Unicode encoding in SonicWall SMA1000 series appliances allows a remote authenticated SSLVPN admin to bypass AMC TOTP authentication...
CVE-2026-35597
Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0, the TOTP failed-attempt lockout mechanism is non-functional due to a database transaction handling bug. When a TOTP validation fails, the login handler in pkg/routes/api/v1/login.go calls HandleFailedTOTPAuth and then...
CVE-2026-34727
Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0, the OIDC callback handler issues a full JWT token without checking whether the matched user has TOTP two-factor authentication enabled. When a local user with TOTP enrolled is matched via the OIDC email fallback...
CVE-2026-35597 Vikunja Affected by TOTP Brute-Force Due to Non-Functional Account Lockout
Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0, the TOTP failed-attempt lockout mechanism is non-functional due to a database transaction handling bug. When a TOTP validation fails, the login handler in pkg/routes/api/v1/login.go calls HandleFailedTOTPAuth and then...