20 matches found
EUVD-2026-18857
Insufficient authentication security controls in the browser-based authentication components in Amazon Athena ODBC driver before 2.1.0.0 might allow a threat actor to intercept or hijack authentication sessions due to insufficient protections in the browser-based authentication flows. To remediat...
CVE-2025-59028
When sending invalid base64 SASL data, login process is disconnected from the auth server, causing all active authentication sessions to fail. Invalid BASE64 data can be used to DoS a vulnerable server to break concurrent logins. Install fixed version or disable concurrency in login processes hea...
CVE-2026-24835
CVE-2026-24835 : Podman Desktop contains a critical authentication bypass where isAccessAllowed() unconditionally returns true, allowing malicious extensions to impersonate any user, hijack authentication sessions, and access sensitive resources. Affected: Podman Desktop (all versions prior to 1....
EUVD-2024-24398
Malicious code in bioql PyPI...
dotnet: Privilege Escalation Vulnerability in .NET SignInManager.RefreshSignInAsync Method
A flaw was found in the SignInManager.RefreshSignInAsync method. This flaw allows an attacker with local access and low privileges to escalate privileges. The issue might lead to unauthorized access or manipulation of authentication sessions...
dotnet: Privilege Escalation Vulnerability in .NET SignInManager.RefreshSignInAsync Method
A flaw was found in the SignInManager.RefreshSignInAsync method. This flaw allows an attacker with local access and low privileges to escalate privileges. The issue might lead to unauthorized access or manipulation of authentication sessions...
dotnet: Privilege Escalation Vulnerability in .NET SignInManager.RefreshSignInAsync Method
A flaw was found in the SignInManager.RefreshSignInAsync method. This flaw allows an attacker with local access and low privileges to escalate privileges. The issue might lead to unauthorized access or manipulation of authentication sessions...
dotnet: Privilege Escalation Vulnerability in .NET SignInManager.RefreshSignInAsync Method
A flaw was found in the SignInManager.RefreshSignInAsync method. This flaw allows an attacker with local access and low privileges to escalate privileges. The issue might lead to unauthorized access or manipulation of authentication sessions...
CVE-2024-27157
The sessions are stored in clear-text logs. An attacker can retrieve authentication sessions. A remote attacker can retrieve the credentials and bypass the authentication mechanism. As for the affected products/models/versions, see the reference URL...
CVE-2024-27157
CVE-2024-27157 affects Toshiba e-STUDIO MFPs. The vulnerability involves authentication sessions being stored in clear-text logs, enabling an observer with access to the logs to retrieve sessions and credentials, potentially bypassing authentication. Impact details are described across multiple s...
CVE-2024-27156 Leak of authentication sessions in secure logs
The session cookies, used for authentication, are stored in clear-text logs. An attacker can retrieve authentication sessions. A remote attacker can retrieve the credentials and bypass the authentication mechanism. As for the affected products/models/versions, see the reference URL...
Asterisk 资源管理错误漏洞
Asterisk is software for a PBX system that runs on Linux and supports IP calls using SIP, IAX, and H323 protocols. Asterisk suffers from a security vulnerability that stems from the vulnerability of remote authentication sessions, which is reused after release in respjsippubsub.c, resulting in a...
CVE-2022-3916
A flaw was found in the offlineaccess scope in Keycloak. This issue would affect users of shared computers more especially if cookies are not cleared, due to a lack of root session validation, and the reuse of session ids across root and user authentication sessions. This enables an attacker to...
keycloak-model-infinispan: authenticationSessions map in RootAuthenticationSessionEntity grows boundlessly could lead to a DoS attack
A flaw was found in keycloak-model-infinispan where the authenticationSessions map in RootAuthenticationSessionEntity grows boundlessly. This issue leads to a denial of service...
keycloak-model-infinispan: authenticationSessions map in RootAuthenticationSessionEntity grows boundlessly could lead to a DoS attack
A flaw was found in keycloak-model-infinispan where the authenticationSessions map in RootAuthenticationSessionEntity grows boundlessly. This issue leads to a denial of service...
keycloak-model-infinispan: authenticationSessions map in RootAuthenticationSessionEntity grows boundlessly could lead to a DoS attack
A flaw was found in keycloak-model-infinispan where the authenticationSessions map in RootAuthenticationSessionEntity grows boundlessly. This issue leads to a denial of service...
keycloak-model-infinispan: authenticationSessions map in RootAuthenticationSessionEntity grows boundlessly could lead to a DoS attack
A flaw was found in keycloak-model-infinispan where the authenticationSessions map in RootAuthenticationSessionEntity grows boundlessly. This issue leads to a denial of service...
Red Hat Keycloak 安全漏洞
Red Hat Keycloak is a suite of software from Red Hat, Inc. that provides authentication and management capabilities for modern applications and services. A security vulnerability exists in keycloak prior to 14.0.0 that stems from authenticationSessions mappings growing indefinitely in the...
ZSQL: Aging Time of Non-Authentication Sessions
To prevent DOS attacks from malicious clients that occupy server resources. Set the UNAUTHSESSIONEXPIRETIME parameter to forcibly disconnect from the server if no authentication is performed at the specified time after the TCP connection is established. SPDX-FileCopyrightText: 2020 Greenbone AG...
NetSupport Manager Client Spoofing Remote Authentication Bypass
NetSupport Manager NSM, a multi-platform remote control application, is installed on the remote host. According to its version, the NetSupport Manager client component on the remote host does not properly handle authentication sessions. A remote attacker may be able to leverage this issue to pose...