Lucene search
K

1873 matches found

CNVD
CNVD
added 2015/02/02 12:0 a.m.3 views

Fortinet FortiAuthenticator Appliance Cross-Site Scripting Vulnerability Vulnerability

Fortinet FortiAuthenticator is a family of secure authentication software from Fortinet that can be combined with FortiToken two-factor authentication token to provide secure two-factor authentication to third-party devices authenticated via RADIUS or LDAP. The Fortinet FortiAuthenticator Applian...

6.7AI score
Exploits0References1
0day.today
0day.today
added 2015/01/29 12:0 a.m.48 views

FortiAuthenticator v300 build 0007 Multiple Vulnerabilities

Fortinet FortiAuthenticator suffers from subshell bypass, cross site scripting, password disclosure, and file disclosure vulnerabilities. Fortinet FortiAuthenticator Multiple Vulnerabilities Affected Versions: Verified on FortiAuthenticator v300 build 0007 +-------------+ | Description |...

7AI score0.01091EPSS
Exploits2
The Hacker News
The Hacker News
added 2015/01/22 10:4 p.m.23 views

Google Apps Flaw Allowed Hacker to Hijack Account and Disable Two-factor Authentication

A critical cross-site scripting XSS vulnerability in the Google Apps administrator console allowed cyber criminals to force a Google Apps admins to execute just about any request on the domain. The Google Apps admin console allows administrators to manage their organization’s account...

6.2AI score
Exploits0
Hacker One
Hacker One
added 2015/01/14 4:58 p.m.16 views

Mail.ru: Раскрытие номера мобильного телефона при двухфакторной аутентификации

Different applications / API methods returned different parts of phone number, it helps to recover the number for attacker who already has access to user's mailbox...

1.5AI score
Exploits0
The Hacker News
The Hacker News
added 2015/01/02 11:0 p.m.53 views

Hacker Released 'iDict' Tool That Can Hack Your iCloud Account

Hackers have a great start of new year 2015, giving a public threat to Apple’s online iCloud service. A hacker using the handle "Pr0x13" has released a password-hacking tool to GitHub website that assures attackers to break into any iCloud account, potentially giving them free access to victims’...

7AI score
Exploits0
ThreatPost
ThreatPost
added 2014/12/24 10:0 a.m.10 views

Missing Two-Factor Authentication Led to JPMorgan Breach

The biggest U.S. banking breach of all time came down to the smallest of details. The New York Times, citing sources close to the ongoing investigation of the JPMorgan data breach, said hackers found a server unprotected by two-factor authentication to break in using a stolen user name and passwo...

0.5AI score
Exploits0References3
ThreatPost
ThreatPost
added 2014/12/01 5:5 p.m.13 views

Payment Card Data Accessed in Parking Provider Data Breach

SP+, a parking management services provider, late last week announced that 17 of its facilities in the United States had been breached and hackers may have made off with an unspecified number of payment card numbers. In a statement, the company said it was notified on Nov. 3 by a payment processo...

0.4AI score
Exploits0References3
OSV
OSV
added 2014/11/19 6:59 p.m.7 views

CVE-2014-7828

FreeIPA 4.0.x before 4.0.5 and 4.1.x before 4.1.1, when 2FA is enabled, allows remote attackers to bypass the password requirement of the two-factor authentication leveraging an enabled OTP token, which triggers an anonymous bind...

7.3AI score
Exploits0References8
PyPA
PyPA
added 2014/11/19 6:59 p.m.5 views

PYSEC-2014-104

FreeIPA 4.0.x before 4.0.5 and 4.1.x before 4.1.1, when 2FA is enabled, allows remote attackers to bypass the password requirement of the two-factor authentication leveraging an enabled OTP token, which triggers an anonymous bind...

3.5CVSS7.3AI score0.01787EPSS
Exploits0References8Affected Software1
OSV
OSV
added 2014/11/19 6:59 p.m.4 views

PYSEC-2014-104

FreeIPA 4.0.x before 4.0.5 and 4.1.x before 4.1.1, when 2FA is enabled, allows remote attackers to bypass the password requirement of the two-factor authentication leveraging an enabled OTP token, which triggers an anonymous bind...

7.7AI score
Exploits0References8
OSV
OSV
added 2014/11/19 6:59 p.m.2 views

PYSEC-2014-101

FreeIPA 4.0.x before 4.0.5 and 4.1.x before 4.1.1, when 2FA is enabled, allows remote attackers to bypass the password requirement of the two-factor authentication leveraging an enabled OTP token, which triggers an anonymous bind...

7.7AI score
Exploits0References8
ThreatPost
ThreatPost
added 2014/10/21 10:18 a.m.11 views

Google Adds Hardware Security Key For Account Protection

Google is introducing an improved two-factor authentication system for Gmail and its other services that uses a tiny hardware token that will only work on legitimate Google sites. The new Security Key system is meant to help defeat attacks that rely on highly plausible fake sites that are designe...

7.1AI score
Exploits0References4
ThreatPost
ThreatPost
added 2014/10/17 12:0 p.m.9 views

Facebook Tool Mines Stolen Passwords

When a cache of millions—or even a billion—username-password combinations is stolen and posted to Pastebin, Github or a hacker forum, victimized organizations struggle to respond. And victimized users often twist in the wind wondering whether their identities and personal information are at risk...

0.1AI score
Exploits0References5
ThreatPost
ThreatPost
added 2014/09/17 7:23 a.m.9 views

Apple Extends Two-Factor Authentication to iCloud

Apple finally has enabled two-factor authentication for its iCloud storage service, more than a year and a half after the company first turned the protective measure on for iTunes purchases and Apple ID. The extension of 2FA–which Apple calls two-step verification–to iCloud comes two weeks after...

0.8AI score
Exploits0References1
The Hacker News
The Hacker News
added 2014/09/10 11:9 p.m.17 views

5 Million Gmail Usernames and Passwords Leaked online, Check Yours Now

.jpg.jpg Gmail credentials leaked online? Oh my God! Again I have to change my password…!! Yes, you heard right. Millions of Gmail account credentials email address and password have been stolen and made publicly available through an online forum, causing a large number of users worldwide to chan...

7AI score
Exploits0
The Hacker News
The Hacker News
added 2014/09/04 7:6 a.m.11 views

Apple Patches 'Find My iPhone' Vulnerability Which May Caused Celebrities Photo Leak

Apple has patched the security flaw in its Find My iPhone online service that may have allowed hackers to get access to a number of celebrities' private pictures leaked online. OVER 100 CELEBRITIES AFFECTED So far, I hope everybody have heard about probably the biggest digital exposure of persona...

7AI score
Exploits0
The Hacker News
The Hacker News
added 2014/09/02 8:1 p.m.33 views

Namecheap Accounts Compromised in Data Breach

LA-based domain name registrar and hosting company Namecheap warned its customers on Monday that cybercriminals have begun accessing their accounts by using the list of credentials gathered from third-party websites. The Hosting company confirmed the security breach and informed that the hackers...

8.4AI score
Exploits0
Packet Storm
Packet Storm
added 2014/08/05 12:0 a.m.31 views

Paypal Two-Factor Authentication Bypass

Today, the 5th of August, I release my Paypal 2FA bypass exploit. It's been exactly 2 months since I've reported this bug, and due to the simplicity of it, I believe I've given Paypal long enough to fix it. It's still not fixed. Full blog can be found here: http://blog.internot.info/ My website:...

0.5AI score
Exploits0
ThreatPost
ThreatPost
added 2014/08/01 9:40 a.m.16 views

Twitter Gains Team From Mitro Password Management Company

Twitter has announced that a cloud-based password management company called Mitro has joined the Twitter team, and all of Mitro’s code is now free and open source. Mitro’s offering a secure password manager that’s meant to help distributed teams share passwords for accounts and services. The...

0.3AI score
Exploits0References3
ThreatPost
ThreatPost
added 2014/07/29 3:55 p.m.9 views

NOAA, Satellite Data, Riddled with Vulnerabilities

The informational systems that the National Oceanic and Atmospheric Administration NOAA run are fraught with vulnerabilities and what the U.S. Department of Commerce deems “significant security deficiencies” that could leave it vulnerable to cyber attacks. That’s according to the findings of an...

0.1AI score
Exploits0References2
Rows per page
Query Builder