Lucene search
+L

152 matches found

NVD
NVD
added 2024/03/05 10:15 p.m.23 views

CVE-2024-1900

Improper session management in the identity provider authentication flow in Devolutions Server 2023.3.14.0 and earlier allows an authenticated user via an identity provider to stay authenticated after his user is disabled or deleted in the identity provider such as Okta or Microsoft O365. The use...

5.5CVSS6.5AI score0.00228EPSS
Exploits0References1
CVE
CVE
added 2024/03/05 9:34 p.m.51 views

CVE-2024-1900

This CVE affects Devolutions Server (versions up to 2023.3.14.0) where improper session management in the identity provider authentication flow can allow an authenticated user, validated via an external IdP (e.g., Okta or O365), to remain authenticated after their identity is disabled or deleted....

5.5CVSS6.8AI score0.00228EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2024/01/12 12:0 a.m.10 views

PT-2024-12262 · Checkmk · Checkmk

Name of the Vulnerable Software and Affected Versions: Checkmk versions prior to 2.2.0p17 Checkmk versions prior to 2.1.0p37 Checkmk versions prior to 2.0.0p39 Description: The issue is related to an insufficient authentication flow, allowing an attacker to utilize locked credentials...

8.8CVSS7.3AI score0.00507EPSS
Exploits0References9
Malwarebytes
Malwarebytes
added 2023/08/04 1:45 p.m.24 views

Microsoft Teams used in phishing campaign to bypass multi-factor authentication

Attackers believed to have ties to Russia's Foreign Intelligence Service SVR are using Microsoft Teams chats as credential theft phishing lures. Microsoft Threat Intelligence has posted details about the perceived attacks targeted at fewer than 40 unique global organizations. The targeted...

7.1AI score
Exploits0
Positive Technologies
Positive Technologies
added 2023/08/03 12:0 a.m.6 views

PT-2023-6515 · Nvidia · Nvidia Omniverse Workstation Launcher

Name of the Vulnerable Software and Affected Versions: NVIDIA Omniverse Workstation Launcher for Windows and Linux affected versions not specified Description: The issue is related to the authentication flow in the NVIDIA Omniverse Workstation Launcher, where a user's access token is visible in t...

5.3CVSS5.1AI score0.00317EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2023/07/12 12:0 a.m.8 views

PT-2023-26210 · Jenkins · Jenkins Assembla Auth Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Assembla Auth Plugin versions 1.14 and earlier Description: A cross-site request forgery CSRF vulnerability allows attackers to trick users into logging in to the attacker's account. This issue arises because the plugin does not...

8.8CVSS8.8AI score0.0048EPSS
Exploits0References6
Prion
Prion
added 2023/06/09 8:15 p.m.20 views

Authorization

UmbracoIdentityExtensions is an Umbraco add-on package that enables easy extensibility points for ASP.Net Identity integration. In affected versions client secrets are not required which may expose some endpoints to untrusted actors. Since Umbraco is not a single-page application, the implicit fl...

5CVSS5.3AI score0.00625EPSS
Exploits0References4Affected Software1
Citrix
Citrix
added 2023/03/21 12:0 a.m.8 views

[NetScaler] LDAP password can be changed with an incorrect Radius Passcode

Below is an example of common 2Factor authentication flow: Root factor: Start Login Schema XML = /nsconfig/loginschema/LoginSchema/DualAuth.xml Adv Authn Policy = LDAPPol Rule = true Action = LDAPAct Next Factor if Success = RadiusFactor Login Schema Profile = LSCHEMAINT Adv Authn Policy =...

7.5AI score
Exploits0
NVD
NVD
added 2022/11/15 9:15 p.m.32 views

CVE-2022-20928

A vulnerability in the authentication and authorization flows for VPN connections in Cisco Adaptive Security Appliance ASA Software and Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to establish a connection as a different user. This vulnerability is due to...

5.8CVSS0.00683EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2022/05/04 5:15 p.m.7 views

CVE-2022-23724

Use of static encryption key material allows forging an authentication token to other users within a tenant organization. MFA may be bypassed by redirecting an authentication flow to a target user. To exploit the vulnerability, must have compromised user credentials...

8.1CVSS7.2AI score0.00416EPSS
Exploits0References3
OSV
OSV
added 2022/05/02 10:15 p.m.2 views

CVE-2022-23723

An MFA bypass vulnerability exists in the PingFederate PingOne MFA Integration Kit when adapter HTML templates are used as part of an authentication flow...

7.7CVSS5.8AI score0.00824EPSS
Exploits0References2
NVD
NVD
added 2022/05/02 10:15 p.m.22 views

CVE-2022-23723

An MFA bypass vulnerability exists in the PingFederate PingOne MFA Integration Kit when adapter HTML templates are used as part of an authentication flow...

7.7CVSS0.00824EPSS
Exploits0References2
Prion
Prion
added 2022/05/02 10:15 p.m.14 views

Security feature bypass

An MFA bypass vulnerability exists in the PingFederate PingOne MFA Integration Kit when adapter HTML templates are used as part of an authentication flow...

5CVSS7.6AI score0.00824EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2022/05/02 10:5 p.m.32 views

CVE-2022-23723 PingFederate PingOneMFA Integration Kit MFA Bypass

An MFA bypass vulnerability exists in the PingFederate PingOne MFA Integration Kit when adapter HTML templates are used as part of an authentication flow...

7.7CVSS7.9AI score0.00824EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/05/02 12:0 a.m.6 views

Ping Identity PingFederate授权问题漏洞

Ping Identity PingFederate is a flagship software-based federation server in the United States. for identity management. Ping Identity PingFederate has a security vulnerability that originates from an MFA bypass vulnerability in the PingOne MFA Integration Toolkit when an adapter HTML template is...

7.7CVSS7.4AI score0.00824EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2022/05/02 12:0 a.m.8 views

PT-2022-16228 · Ping Identity · Pingfederate Pingone Mfa Integration Kit

Name of the Vulnerable Software and Affected Versions: PingFederate PingOne MFA Integration Kit affected versions not specified Description: An MFA bypass issue exists when adapter HTML templates are used as part of an authentication flow. This allows for potential bypass of multi-factor...

7.7CVSS7.6AI score0.00824EPSS
Exploits0References6
Hacker One
Hacker One
added 2021/06/27 3:45 p.m.22 views

Zenly: Account Takeover via SMS Authentication Flow

Summary: During the authentication flow, an SMS is sent to the user in order to validate the session and proceed to the user account. The way Zenly API handles this flow is by: 1. Calling the /SessionCreate endpoint with the mobile phone number of the user. 2. A session for the user is created an...

0.7AI score
Exploits0
CVE
CVE
added 2020/06/29 7:45 p.m.68 views

CVE-2020-4037

CVE-2020-4037 concerns OAuth2 Proxy where versions 5.1.1 and older (up to 5.9.x) allow a user-supplied redirect URL at the end of the authentication flow. The redirect target is validated by the proxy, but the issue arises from insufficiently restricted redirects, potentially enabling open redire...

5.8CVSS4.8AI score0.00896EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2020/06/10 12:0 a.m.5 views

The vulnerability of the BruteForceProtector component of the Keycloak identity and access management software allows a hacker to gain unauthorized access to protected information.

The software for managing identities and access control in Keycloak is vulnerable due to errors in configuring the “Conditional OTP Authentication Flow”. Exploiting this vulnerability could allow a malicious actor to gain unauthorized access to protected information...

10CVSS6.7AI score0.01092EPSS
Exploits0References4Affected Software3
OSV
OSV
added 2020/03/24 2:15 p.m.11 views

CVE-2020-1744

A flaw was found in keycloak before version 9.0.1. When configuring an Conditional OTP Authentication Flow as a post login flow of an IDP, the failure login events for OTP are not being sent to the brute force protection event queue. So BruteForceProtector does not handle this events...

5.6CVSS6.8AI score0.01092EPSS
Exploits0References2
Rows per page
Query Builder