472 matches found
Mozilla: Potential permissions request bypass via clickjacking
A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as follows: A bug in popup notifications' interaction with WebAuthn made it easier for an attacker to trick a user into granting permissions...
Mozilla: Potential permissions request bypass via clickjacking
A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as follows: A bug in popup notifications' interaction with WebAuthn made it easier for an attacker to trick a user into granting permissions...
Mozilla: Potential permissions request bypass via clickjacking
A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as follows: A bug in popup notifications' interaction with WebAuthn made it easier for an attacker to trick a user into granting permissions...
CVE-2024-2378
A vulnerability exists in the web-authentication component of the SDM600. If exploited an attacker could escalate privileges on af-fected installations...
CVE-2024-2378
A vulnerability exists in the web-authentication component of the SDM600. If exploited an attacker could escalate privileges on af-fected installations...
CVE-2024-2378
A vulnerability exists in the web-authentication component of the SDM600. If exploited an attacker could escalate privileges on af-fected installations...
CVE-2024-2378
CVE-2024-2378 affects Hitachi Energy SDM600 web-authentication (privilege escalation). Public sources confirm: vulnerable component is the SDM600 web-auth/auth mechanism; exploitation leads to elevated privileges on affected installations. Several advisories reference remediation with a newer SDM...
PT-2024-20079 · Sdm600 · Sdm600
Name of the Vulnerable Software and Affected Versions: SDM600 affected versions not specified Description: A vulnerability exists in the web-authentication component of the SDM600. If exploited, an attacker could escalate privileges on affected installations. Recommendations: At the moment, there...
Hitachi Energy SDM600 安全漏洞
Hitachi Energy SDM600 is a system data manager from Hitachi, Ltd Hitachi, Japan. A security vulnerability exists in Hitachi Energy SDM600 that stems from a problem in the Web authentication component where an attacker could elevate privileges...
keycloak: Log Injection during WebAuthn authentication or registration
A log injection flaw was found in Keycloak. A text string may be injected through the authentication form when using the WebAuthn authentication mode. This issue may have a minor impact to the logs integrity...
keycloak: Log Injection during WebAuthn authentication or registration
A log injection flaw was found in Keycloak. A text string may be injected through the authentication form when using the WebAuthn authentication mode. This issue may have a minor impact to the logs integrity...
keycloak: Log Injection during WebAuthn authentication or registration
A log injection flaw was found in Keycloak. A text string may be injected through the authentication form when using the WebAuthn authentication mode. This issue may have a minor impact to the logs integrity...
CVE-2023-44039
In VeridiumID before 3.5.0, the WebAuthn API allows an internal unauthenticated attacker who can pass enrollment verifications and is allowed to enroll a FIDO key to register their FIDO authenticator to a victim’s account and consequently take over the account...
OET-213H-BTS1 missing authorization check in the initial configuration
Overview OET-213H-BTS1 is a digital temperature measurement and face recognition terminal, developed by Zhejiang Uniview Technologies Co.,Ltd and provided by Atsumi Electric Co., Ltd. The initial configuration of the product is insecure CWE-1188, it does not perform an authorization check when...
uverif Security Vulnerabilities
uverif is a free and open source web authentication management system from uverif. A security vulnerability exists in uverif version v.2.0, which stems from the presence of a sensitive information disclosure vulnerability...
keycloak: Log Injection during WebAuthn authentication or registration
A log injection flaw was found in Keycloak. A text string may be injected through the authentication form when using the WebAuthn authentication mode. This issue may have a minor impact to the logs integrity...
keycloak: Log Injection during WebAuthn authentication or registration
A log injection flaw was found in Keycloak. A text string may be injected through the authentication form when using the WebAuthn authentication mode. This issue may have a minor impact to the logs integrity...
CVE-2023-45669
WebAuthn4J Spring Security provides Web Authentication specification support for Spring applications. Affected versions are subject to improper signature counter value handling. A flaw was found in webauthn4j-spring-security-core. When an authneticator returns an incremented signature counter val...
The vulnerability of the WebAuthn authentication mechanism in the Keycloak software for managing identification and access allows a perpetrator to influence the integrity of the protected information.
The vulnerability of the WebAuthn authentication mechanism for Keycloak’s identity management and access control lies in the improper processing of output data for registration logs. Exploiting this vulnerability could allow a malicious actor to influence the integrity of the protected informatio...
PT-2023-7514
Name of the Vulnerable Software and Affected Versions Keycloak version 22.0.5 Description A log injection flaw was found in Keycloak, related to the WebAuthn authentication mode. This issue allows a text string to be injected through the authentication form, which may have a minor impact on the...