228 matches found
Memory leaks in EdDSA DNSSEC verification code
...
Memory leak in ECDSA DNSSEC verification code
...
CVE-2022-24132
phpshe V1.8 is affected by a denial of service DoS attack in the registry's verification code, which can paralyze the target service...
CVE-2022-24132
phpshe V1.8 is affected by a denial of service DoS attack in the registry's verification code, which can paralyze the target service...
Code injection
phpshe V1.8 is affected by a denial of service DoS attack in the registry's verification code, which can paralyze the target service...
CVE-2022-24132
CVE-2022-24132 affects phpshe V1.8. The vulnerability is a denial of service in the registry verification/authentication path caused by mishandling a large number of message requests, potentially paralyzing the target service. Exploitation details are not provided beyond the DoS effect in the reg...
CVE-2022-25575
Multiple cross-site scripting XSS vulnerabilities in Parking Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via crafted payloads injected into the user name, password, and verification code text boxes...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in Parking Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via crafted payloads injected into the user name, password, and verification code text boxes...
CVE-2021-22565
An attacker could prematurely expire a verification code, making it unusable by the patient, making the patient unable to upload their TEKs to generate exposure notifications. We recommend upgrading the Exposure Notification server to V1.1.2 or greater...
CVE-2021-22565
An attacker could prematurely expire a verification code, making it unusable by the patient, making the patient unable to upload their TEKs to generate exposure notifications. We recommend upgrading the Exposure Notification server to V1.1.2 or greater...
Design/Logic Flaw
An attacker could prematurely expire a verification code, making it unusable by the patient, making the patient unable to upload their TEKs to generate exposure notifications. We recommend upgrading the Exposure Notification server to V1.1.2 or greater...
CVE-2021-22565 Insufficient Granularity of Access Control in GAEN Notification Server
An attacker could prematurely expire a verification code, making it unusable by the patient, making the patient unable to upload their TEKs to generate exposure notifications. We recommend upgrading the Exposure Notification server to V1.1.2 or greater...
CVE-2021-22565
CVE-2021-22565 affects the Google Exposure Notifications Verification Server. Root cause: insufficient granularity of access control in the verification-server component, enabling an attacker with permission to expire verification codes to invalidate codes that belong to another realm if the UUID...
PT-2021-15144 · Unknown · Exposure Notification Server
Name of the Vulnerable Software and Affected Versions: Exposure Notification server versions prior to V1.1.2 Description: An attacker could prematurely expire a verification code, making it unusable by the patient, and preventing the patient from uploading their TEKs to generate exposure...
Microsoft makes a bold move towards a password-less future
In a recent blog Microsoft announced that as of September 15, 2021 you can completely remove the password from your Microsoft account and use the Microsoft Authenticator app, Windows Hello, a security key, or a verification code sent to your phone or email to sign in to Microsoft apps and service...
The passwordless future is here for your Microsoft account
Nobody likes passwords. They’re inconvenient. They’re a prime target for attacks. Yet for years they’ve been the most important layer of security for everything in our digital lives—from email to bank accounts, shopping carts to video games. We are expected to create complex and unique passwords,...
U.S. General Services Administration: e-mail verification bypass through interception & modification of response status
Hi, During registration of account at https://tams.preprod.gsa.gov, e-mail verification code validation can be bypassed through intercepting & modifying the response status-from "success":false to "success":true Video F1284281 is for reference. Steps To Reproduce 1. Open User Registration Url -...
Flaw allowed bypassing verification code, log in to any Microsoft account
By Deeba Ahmed A bug bounty hunter has identified and reported a vulnerability that allowed an attacker to log in to any Microsoft account. This is a post from HackRead.com Read the original post: Flaw allowed bypassing verification code, log in to any Microsoft account...
TikTok: Lack of rate limitation on careers site allows the attacker to brute force the verification code
An attacker could have potentially attempted to brute force the verification code needed to reset a candidate's password by leveraging a lack of rate limiting on the TikTok careers portal. We thank @iambouali for reporting this to our team and confirming the resolution...
CVE-2020-26236
In ScratchVerifier before commit a603769, an attacker can hijack the verification process to log into someone else's account on any site that uses ScratchVerifier for logins. A possible exploitation would follow these steps: 1. User starts login process. 2. Attacker attempts login for user, and i...