820 matches found
CVE-2025-59390
Apache Druid’s Kerberos authenticator is affected. If the configuration druid.auth.authenticator.kerberos.cookieSignatureSecret is not set, a weak fallback secret is generated with ThreadLocalRandom, which is not cryptographically secure. This can allow an attacker to predict or brute‑force the c...
Apache Druid 安全漏洞
Apache Druid is an American Apache Apache Foundation open source, column-oriented distributed database written in the Java language. A security vulnerability exists in Apache Druid version 34.0.0 and earlier, which stems from the use of weak fallback keys by the Kerberos authenticator, which coul...
Moderate: Red Hat Security Advisory: Red Hat Ansible Automation Platform 2.6 Product Security and Bug Fix Update
An update is now available for Red Hat Ansible Automation Platform 2.6 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...
RHEL 9 : Red Hat Ansible Automation Platform 2.6 Product Security and Bug Fix Update (Moderate) (RHSA-2025:21768)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:21768 advisory. Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT Manage...
CVE-2025-61482
Improper handling of OTP/TOTP/HOTP values in NetKnights GmbH privacyIDEA Authenticator v.4.3.0 on Android allows local attackers with root access to bypass two factor authentication. By hooking into app crypto routines and intercepting decryption paths, attacker can recover plaintext secrets,...
CVE-2025-61482
Improper handling of OTP/TOTP/HOTP values in NetKnights GmbH privacyIDEA Authenticator v.4.3.0 on Android allows local attackers with root access to bypass two factor authentication. By hooking into app crypto routines and intercepting decryption paths, attacker can recover plaintext secrets,...
CVE-2025-61482
The CVE-2025-61482 vulnerability affects privacyIDEA Authenticator for Android (version 4.3.0). A local attacker with root access can bypass two-factor authentication by hooking cryptographic routines and intercepting decryption paths to recover plaintext secrets, enabling generation of valid OTP...
privacyIDEA Authenticator 安全漏洞
privacyIDEA Authenticator is a login authentication application from the privacyIDEA organization. A security vulnerability exists in privacyIDEA Authenticator version 4.3.0 that stems from improper handling of OTP/TOTP/HOTP values, which could allow a local attacker to bypass dual authentication...
CVE-2025-61482
Improper handling of OTP/TOTP/HOTP values in NetKnights GmbH privacyIDEA Authenticator v.4.3.0 on Android allows local attackers with root access to bypass two factor authentication. By hooking into app crypto routines and intercepting decryption paths, attacker can recover plaintext secrets,...
EUVD-2025-36185
Improper handling of OTP/TOTP/HOTP values in NetKnights GmbH privacyIDEA Authenticator v.4.3.0 on Android allows local attackers with root access to bypass two factor authentication. By hooking into app crypto routines and intercepting decryption paths, attacker can recover plaintext secrets,...
CVE-2025-61482
Improper handling of OTP/TOTP/HOTP values in NetKnights GmbH privacyIDEA Authenticator v.4.3.0 on Android allows local attackers with root access to bypass two factor authentication. By hooking into app crypto routines and intercepting decryption paths, attacker can recover plaintext secrets,...
PT-2025-43966
Name of the Vulnerable Software and Affected Versions privacyIDEA Authenticator version 4.3.0 Description A flaw exists in the handling of OTP/TOTP/HOTP values within the privacyIDEA Authenticator application on Android. A local attacker with root access can bypass two-factor authentication by...
EUVD-2025-33792
Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Authenticator Login allows Authentication Bypass.This issue affects Authenticator Login: from 0.0.0 before 2.1.8...
CVE-2025-8093
Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Authenticator Login allows Authentication Bypass.This issue affects Authenticator Login: from 0.0.0 before 2.1.8...
CVE-2025-8093
Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Authenticator Login allows Authentication Bypass.This issue affects Authenticator Login: from 0.0.0 before 2.1.8...
CVE-2025-8093 Authenticator Login - Moderately critical - Access bypass - SA-CONTRIB-2025-098
Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Authenticator Login allows Authentication Bypass.This issue affects Authenticator Login: from 0.0.0 before 2.1.8...
CVE-2025-8093 Authenticator Login - Moderately critical - Access bypass - SA-CONTRIB-2025-098
Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Authenticator Login allows Authentication Bypass.This issue affects Authenticator Login: from 0.0.0 before 2.1.8...
CVE-2025-8093
The vulnerability CVE-2025-8093 affects the Drupal Authenticator Login module prior to version 2.1.8. The issue is an authentication bypass via an alternate path or channel, as described across multiple sources, with CVSS v3.1 base metrics indicating high risk (8.8, Network attack vector, Privile...
Drupal Authenticator Login 安全漏洞
Drupal Authenticator Login is a Drupal community authentication login module or feature for Drupal. A security vulnerability exists in Drupal Authenticator Login version 0.0.0 through versions prior to 2.1.8 that stems from bypassing authentication using an alternate path or channel, which could...
PT-2025-41616
Name of the Vulnerable Software and Affected Versions Drupal Authenticator Login versions prior to 2.1.8 Description An authentication bypass issue exists in Drupal Authenticator Login. This allows attackers to bypass authentication mechanisms by utilizing an alternate path or channel...