1873 matches found
Fortinet FortiAuthenticator Appliance Cross-Site Scripting Vulnerability Vulnerability
Fortinet FortiAuthenticator is a family of secure authentication software from Fortinet that can be combined with FortiToken two-factor authentication token to provide secure two-factor authentication to third-party devices authenticated via RADIUS or LDAP. The Fortinet FortiAuthenticator Applian...
FortiAuthenticator v300 build 0007 Multiple Vulnerabilities
Fortinet FortiAuthenticator suffers from subshell bypass, cross site scripting, password disclosure, and file disclosure vulnerabilities. Fortinet FortiAuthenticator Multiple Vulnerabilities Affected Versions: Verified on FortiAuthenticator v300 build 0007 +-------------+ | Description |...
Google Apps Flaw Allowed Hacker to Hijack Account and Disable Two-factor Authentication
A critical cross-site scripting XSS vulnerability in the Google Apps administrator console allowed cyber criminals to force a Google Apps admins to execute just about any request on the domain. The Google Apps admin console allows administrators to manage their organization’s account...
Mail.ru: Раскрытие номера мобильного телефона при двухфакторной аутентификации
Different applications / API methods returned different parts of phone number, it helps to recover the number for attacker who already has access to user's mailbox...
Hacker Released 'iDict' Tool That Can Hack Your iCloud Account
Hackers have a great start of new year 2015, giving a public threat to Apple’s online iCloud service. A hacker using the handle "Pr0x13" has released a password-hacking tool to GitHub website that assures attackers to break into any iCloud account, potentially giving them free access to victims’...
Missing Two-Factor Authentication Led to JPMorgan Breach
The biggest U.S. banking breach of all time came down to the smallest of details. The New York Times, citing sources close to the ongoing investigation of the JPMorgan data breach, said hackers found a server unprotected by two-factor authentication to break in using a stolen user name and passwo...
Payment Card Data Accessed in Parking Provider Data Breach
SP+, a parking management services provider, late last week announced that 17 of its facilities in the United States had been breached and hackers may have made off with an unspecified number of payment card numbers. In a statement, the company said it was notified on Nov. 3 by a payment processo...
CVE-2014-7828
FreeIPA 4.0.x before 4.0.5 and 4.1.x before 4.1.1, when 2FA is enabled, allows remote attackers to bypass the password requirement of the two-factor authentication leveraging an enabled OTP token, which triggers an anonymous bind...
PYSEC-2014-104
FreeIPA 4.0.x before 4.0.5 and 4.1.x before 4.1.1, when 2FA is enabled, allows remote attackers to bypass the password requirement of the two-factor authentication leveraging an enabled OTP token, which triggers an anonymous bind...
PYSEC-2014-104
FreeIPA 4.0.x before 4.0.5 and 4.1.x before 4.1.1, when 2FA is enabled, allows remote attackers to bypass the password requirement of the two-factor authentication leveraging an enabled OTP token, which triggers an anonymous bind...
PYSEC-2014-101
FreeIPA 4.0.x before 4.0.5 and 4.1.x before 4.1.1, when 2FA is enabled, allows remote attackers to bypass the password requirement of the two-factor authentication leveraging an enabled OTP token, which triggers an anonymous bind...
Google Adds Hardware Security Key For Account Protection
Google is introducing an improved two-factor authentication system for Gmail and its other services that uses a tiny hardware token that will only work on legitimate Google sites. The new Security Key system is meant to help defeat attacks that rely on highly plausible fake sites that are designe...
Facebook Tool Mines Stolen Passwords
When a cache of millions—or even a billion—username-password combinations is stolen and posted to Pastebin, Github or a hacker forum, victimized organizations struggle to respond. And victimized users often twist in the wind wondering whether their identities and personal information are at risk...
Apple Extends Two-Factor Authentication to iCloud
Apple finally has enabled two-factor authentication for its iCloud storage service, more than a year and a half after the company first turned the protective measure on for iTunes purchases and Apple ID. The extension of 2FA–which Apple calls two-step verification–to iCloud comes two weeks after...
5 Million Gmail Usernames and Passwords Leaked online, Check Yours Now
.jpg.jpg Gmail credentials leaked online? Oh my God! Again I have to change my password…!! Yes, you heard right. Millions of Gmail account credentials email address and password have been stolen and made publicly available through an online forum, causing a large number of users worldwide to chan...
Apple Patches 'Find My iPhone' Vulnerability Which May Caused Celebrities Photo Leak
Apple has patched the security flaw in its Find My iPhone online service that may have allowed hackers to get access to a number of celebrities' private pictures leaked online. OVER 100 CELEBRITIES AFFECTED So far, I hope everybody have heard about probably the biggest digital exposure of persona...
Namecheap Accounts Compromised in Data Breach
LA-based domain name registrar and hosting company Namecheap warned its customers on Monday that cybercriminals have begun accessing their accounts by using the list of credentials gathered from third-party websites. The Hosting company confirmed the security breach and informed that the hackers...
Paypal Two-Factor Authentication Bypass
Today, the 5th of August, I release my Paypal 2FA bypass exploit. It's been exactly 2 months since I've reported this bug, and due to the simplicity of it, I believe I've given Paypal long enough to fix it. It's still not fixed. Full blog can be found here: http://blog.internot.info/ My website:...
Twitter Gains Team From Mitro Password Management Company
Twitter has announced that a cloud-based password management company called Mitro has joined the Twitter team, and all of Mitro’s code is now free and open source. Mitro’s offering a secure password manager that’s meant to help distributed teams share passwords for accounts and services. The...
NOAA, Satellite Data, Riddled with Vulnerabilities
The informational systems that the National Oceanic and Atmospheric Administration NOAA run are fraught with vulnerabilities and what the U.S. Department of Commerce deems “significant security deficiencies” that could leave it vulnerable to cyber attacks. That’s according to the findings of an...