287 matches found
Authentication flaw
The Token Authentication tokenauth module 6.x-1.x before 6.x-1.7 for Drupal does not properly revert user sessions, which might allow remote attackers to perform requests with extra privileges...
CVE-2012-2720
The Token Authentication tokenauth module 6.x-1.x before 6.x-1.7 for Drupal does not properly revert user sessions, which might allow remote attackers to perform requests with extra privileges...
CVE-2012-2720
The CVE-2012-2720 entry applies to the Drupal Token Authentication module (tokenauth) in 6.x-1.x prior to 6.x-1.7. The underlying issue is that sessions are not properly reverted, which could allow remote attackers to perform requests with extra privileges. Affected component: Tokenauth 6.x-1.x (...
SA-CONTRIB-2012-091 - Token Authentication - Access bypass
The Token Authentication module provides a token for use in the URL to authenticate users to a site. Under certain uncommon situations, the module may not revert a user's session properly. Depending on how tokenauth is used, this could result in subsequent requests being performed as a user with...
Netease Weibo CSRF two use-vulnerability warning-the black bar safety net
Does not perform token authentication vulnerable to CSRF attacks Detailed description: A malicious attacker may construct a malicious form, and the defrauded victims of the click, when the victim clicks on the link, on behalf of the victim to produce a microblogging information, this method can...
[Full-Disclosure] Clear text password exposure in Datakey's tokens and smartcards
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Clear text password exposure in Datakey's tokens and smartcards Classification: =============== Level: LOW-med-high-crit ID: HEXVIEW200408031 Overview: ========= Datakey http://www.datakey.com delivers smartcard and token-based authentication and...
DUO-PSA-2020-003: Duo Product Security Advisory
Duo Product Security Advisory Advisory ID: DUO-PSA-2020-003 Publication Date: 2020-06-30 Revision Date: 2020-06-30 Status: Confirmed, Fixed Document Revision: 2 Overview Duo has identified and fixed an issue in the Duo Connect client that allows end-users to choose insecure configurations. If...