Authentication Bypass Using an Alternate Path or Channel

Overview filament/filament is an A collection of full-stack components for accelerated Laravel app development. Affected versions of this package are vulnerable to Authentication Bypass Using an Alternate Path or Channel due to the handling of recovery codes for app-based multi-factor...

CVE-2025-67507

Filament is a collection of full-stack components for accelerated Laravel development. Versions 4.0.0 through 4.3.0 contain a flaw in the handling of recovery codes for app-based multi-factor authentication, allowing the same recovery code to be reused indefinitely. This issue does not affect...

PT-2025-50298

Name of the Vulnerable Software and Affected Versions Filament versions 4.0.0 through 4.3.0 Description Filament, a collection of full-stack components for accelerated Laravel development, has an issue in how it manages recovery codes for application-based multi-factor authentication. The flaw...

GHSA-PVCV-Q3Q7-266G Filament multi-factor authentication (app) recovery codes can be used multiple times

Summary A flaw in the handling of recovery codes for app-based multi-factor authentication allows the same recovery code to be reused indefinitely. This issue does not affect email-based MFA. It also only applies when recovery codes are enabled. Impact If an attacker gains access to both the user...

CVE-2024-40750

Linksys Velop Pro 6E 1.0.8 MX62001.0.8.215731 and 7 1.0.10.215314 devices send cleartext Wi-Fi passwords over the public Internet during app-based installation...

CVE-2024-40750

Linksys Velop Pro 6E 1.0.8 MX62001.0.8.215731 and 7 1.0.10.215314 devices send cleartext Wi-Fi passwords over the public Internet during app-based installation...

CVE-2024-40750

Linksys Velop Pro 6E 1.0.8 MX62001.0.8.215731 and 7 1.0.10.215314 devices send cleartext Wi-Fi passwords over the public Internet during app-based installation...

CVE-2024-40750

CVE-2024-40750 concerns Linksys Velop Pro 6E devices (versions 1.0.8 MX6200_1.0.8.215731 and 7 1.0.10.215314). The issue is that during app-based installation, cleartext Wi‑Fi passwords are transmitted over the public Internet. Root cause details are not fully specified in the provided documents,...

CVE-2024-40750

Linksys Velop Pro 6E 1.0.8 MX62001.0.8.215731 and 7 1.0.10.215314 devices send cleartext Wi-Fi passwords over the public Internet during app-based installation...

Threat Source newsletter (Feb. 23, 2023) — Social media sites are making extra security a paid feature

Welcome to this weeks edition of the Threat Source newsletter. Social medias latest business plan seems to be charging for security. Twitter recently announced a plan to make SMS-based two-factor authentication a paid service as part of Twitter Blue -- asking users to pay either $8 or $11 monthly...

How to set up two-factor authentication on Twitter using an app

If you use text based authentication as an additional level of security for your Twitter account, you may be aware that this option will be reserved for paying Twitter Blue subscribers come mid-March. This post will explain how to enable app based authentication. We found it easier to do on our...

Microsoft shifts to a comprehensive SaaS security solution

Software as a service SaaS apps are ubiquitous, hybrid work is the new normal, and protecting them and the important data they store is a big challenge for organizations. Today, 59 percent of security professionals find the SaaS sprawl challenging to manage1 and have identified cloud...

CVE-2021-22302

There is an out-of-bound read vulnerability in Taurus-AL00A 10.0.0.1C00E1R1P1. A module does not verify the some input. Attackers can exploit this vulnerability by sending malicious input through specific app. This could cause out-of-bound, compromising normal service...

Reddit Breach Highlights Limits of SMS-Based Authentication

Reddit.com today disclosed that a data breach exposed some internal data, as well as email addresses and passwords for some Reddit users. As Web site breaches go, this one doesn't seem too severe. What's interesting about the incident is that it showcases once again why relying on mobile text...