2549 matches found
How to set up two factor authentication (2FA) on your Instagram account
Two-factor authentication 2FA isn't foolproof, but it is one of the best ways to protect your accounts from hackers. It adds a small extra step when logging in, but that extra effort pays off. Instagram’s 2FA requires an additional code whenever you try to log in from an unrecognized device or...
X to Retire Twitter.com, Users Must Re-Register Security Keys by Nov 10
X formerly Twitter is asking users with security keys to re-enroll by Nov 10 as it moves logins from twitter.com to x.com for continued 2FA access...
CVE-2025-60425
Nagios Fusion v2024R1.2 and v2024R2 does not invalidate already existing session tokens when the two-factor authentication mechanism is enabled, allowing attackers to perform a session hijacking attack...
Nagios Fusion 安全漏洞
Nagios Fusion is a centralized monitoring and visualization platform from the US-based Nagios, Inc. A security vulnerability exists in Nagios Fusion versions v2024R1.2 and v2024R2 that stems from failure to invalidate an existing session token when enabling two-factor authentication, which could...
CVE-2025-60425
Nagios Fusion v2024R1.2 and v2024R2 does not invalidate already existing session tokens when the two-factor authentication mechanism is enabled, allowing attackers to perform a session hijacking attack...
CVE-2025-61482
Improper handling of OTP/TOTP/HOTP values in NetKnights GmbH privacyIDEA Authenticator v.4.3.0 on Android allows local attackers with root access to bypass two factor authentication. By hooking into app crypto routines and intercepting decryption paths, attacker can recover plaintext secrets,...
EUVD-2025-36185
Improper handling of OTP/TOTP/HOTP values in NetKnights GmbH privacyIDEA Authenticator v.4.3.0 on Android allows local attackers with root access to bypass two factor authentication. By hooking into app crypto routines and intercepting decryption paths, attacker can recover plaintext secrets,...
CVE-2025-61482
Improper handling of OTP/TOTP/HOTP values in NetKnights GmbH privacyIDEA Authenticator v.4.3.0 on Android allows local attackers with root access to bypass two factor authentication. By hooking into app crypto routines and intercepting decryption paths, attacker can recover plaintext secrets,...
PT-2025-43966
Name of the Vulnerable Software and Affected Versions privacyIDEA Authenticator version 4.3.0 Description A flaw exists in the handling of OTP/TOTP/HOTP values within the privacyIDEA Authenticator application on Android. A local attacker with root access can bypass two-factor authentication by...
PT-2025-43978
Name of the Vulnerable Software and Affected Versions Nagios Fusion versions 2024R1.2 and 2024R2 Description Nagios Fusion versions 2024R1.2 and 2024R2 do not invalidate existing session tokens when two-factor authentication is enabled. This allows an attacker to potentially hijack active session...
CVE-2025-60425
CVE-2025-60425 affects Nagios Fusion v2024R1.2 and v2024R2. The root cause is failure to invalidate existing session tokens when two-factor authentication is enabled, enabling session hijacking attacks. The CVSSv3.1 base score is 8.6 (HIGH) with network attack vector, no user interaction, and no ...
CVE-2025-61482
The CVE-2025-61482 vulnerability affects privacyIDEA Authenticator for Android (version 4.3.0). A local attacker with root access can bypass two-factor authentication by hooking cryptographic routines and intercepting decryption paths to recover plaintext secrets, enabling generation of valid OTP...
CVE-2025-9133
A missing authorization vulnerability in Zyxel ATP series firmware versions from V4.32 through V5.40, USG FLEX series firmware versions from V4.50 through V5.40, USG FLEX 50W series firmware versions from V4.16 through V5.40, and USG20W-VPN series firmware versions from V4.16 through V5.40 could...
CVE-2025-9133
A missing authorization vulnerability in Zyxel ATP series firmware versions from V4.32 through V5.40, USG FLEX series firmware versions from V4.50 through V5.40, USG FLEX 50W series firmware versions from V4.16 through V5.40, and USG20W-VPN series firmware versions from V4.16 through V5.40 could...
CVE-2025-9133
A missing authorization vulnerability in Zyxel ATP series firmware versions from V4.32 through V5.40, USG FLEX series firmware versions from V4.50 through V5.40, USG FLEX 50W series firmware versions from V4.16 through V5.40, and USG20W-VPN series firmware versions from V4.16 through V5.40 could...
CVE-2025-9133
A missing authorization vulnerability in Zyxel ATP series firmware versions from V4.32 through V5.40, USG FLEX series firmware versions from V4.50 through V5.40, USG FLEX 50W series firmware versions from V4.16 through V5.40, and USG20W-VPN series firmware versions from V4.16 through V5.40 could...
EUVD-2025-35119
A missing authorization vulnerability in Zyxel ATP series firmware versions from V4.32 through V5.40, USG FLEX series firmware versions from V4.50 through V5.40, USG FLEX 50W series firmware versions from V4.16 through V5.40, and USG20W-VPN series firmware versions from V4.16 through V5.40 could...
CVE-2025-9133
Summary of CVE-2025-9133 (Zyxel devices) Technical details in the connected PT-2025-42828 entry show a missing authorization flaw in Zyxel ATP series, Zyxel USG FLEX series, and Zyxel USG20(W)-VPN devices. The vulnerability arises from insufficient input validation/logic in the CGI interface, spe...
CVE-2025-9133
A missing authorization vulnerability in Zyxel ATP series firmware versions from V4.32 through V5.40, USG FLEX series firmware versions from V4.50 through V5.40, USG FLEX 50W series firmware versions from V4.16 through V5.40, and USG20W-VPN series firmware versions from V4.16 through V5.40 could...
WordPress Keyy Two Factor Authentication plugin Privilege Escalation Vulnerability
WordPress Keyy Two Factor Authentication plugin is a plugin for enhancing the login security of your website. A privilege escalation vulnerability exists in the WordPress Keyy Two Factor Authentication plugin, which can be exploited by an attacker to cause an elevation of privilege, due to a...