MAL-2025-16794 Malicious code in character-authenticator (npm)

The package character-authenticator was found to contain malicious code...

Malicious code in eosio-reference-chrome-extension-authenticator-app (npm)

The package eosio-reference-chrome-extension-authenticator-app was found to contain malicious code...

MAL-2025-19693 Malicious code in eosio-reference-chrome-extension-authenticator-app (npm)

The package eosio-reference-chrome-extension-authenticator-app was found to contain malicious code...

Drupal Authenticator Login module < 2.1.4 - Unauthenticated Broken Access Control vulnerability

Unauthenticated Broken Access Control vulnerability discovered by Pierre Rudloff prudloff in WordPress Module Authenticator Login versions 2.1.4...

python3.11-django-ansible-base: Sensitive Authenticator Secrets Returned in Clear Text via API in AAP

A flaw was found in Ansible Automation Platform AAP where the Gateway API returns the client secret for certain GitHub Enterprise authenticators in clear text. This vulnerability affects administrators or auditors accessing authenticator configurations. While access is limited to privileged users...

CVE-2025-7738

A flaw was found in Ansible Automation Platform AAP where the Gateway API returns the client secret for certain GitHub Enterprise authenticators in clear text. This vulnerability affects administrators or auditors accessing authenticator configurations. While access is limited to privileged users...

CVE-2025-49827

Conjur provides secrets management and application identity for infrastructure. Conjur OSS versions 1.19.5 through 1.22.0 and Secrets Manager, Self-Hosted formerly known as Conjur Enterprise 13.1 through 13.5 and 13.6 are vulnerable to bypass of the IAM authenticator. An attacker who can manipula...

CVE-2025-49827

Conjur provides secrets management and application identity for infrastructure. Conjur OSS versions 1.19.5 through 1.22.0 and Secrets Manager, Self-Hosted formerly known as Conjur Enterprise 13.1 through 13.5 and 13.6 are vulnerable to bypass of the IAM authenticator. An attacker who can manipula...

CVE-2025-49831 Conjur OSS and Secrets Manager, Self-Hosted (formerly Conjur Enterprise) vulnerable to IAM Authenticator Bypass via Mis-configured Network Device

An attacker of Secrets Manager, Self-Hosted installations that route traffic from Secrets Manager to AWS through a misconfigured network device can reroute authentication requests to a malicious server under the attacker’s control. CyberArk believes there to be very few installations where this...

CVE-2025-49827

CVE-2025-49827 affects CyberArk Conjur OSS (versions 1.19.5–1.22.0) and Secrets Manager, Self-Hosted (13.1–13.5, 13.6). Root cause is bypass of the IAM authenticator via manipulation of AWS-signed headers and a malformed regex that redirects the authentication validation request to a attacker-con...

CVE-2025-49827 Conjur OSS and Secrets Manager, Self-Hosted (formerly Conjur Enterprise) Vulnerable to Bypass of IAM Authenticator

Conjur provides secrets management and application identity for infrastructure. Conjur OSS versions 1.19.5 through 1.22.0 and Secrets Manager, Self-Hosted formerly known as Conjur Enterprise 13.1 through 13.5 and 13.6 are vulnerable to bypass of the IAM authenticator. An attacker who can manipula...

CVE-2025-49827 Conjur OSS and Secrets Manager, Self-Hosted (formerly Conjur Enterprise) Vulnerable to Bypass of IAM Authenticator

Conjur provides secrets management and application identity for infrastructure. Conjur OSS versions 1.19.5 through 1.22.0 and Secrets Manager, Self-Hosted formerly known as Conjur Enterprise 13.1 through 13.5 and 13.6 are vulnerable to bypass of the IAM authenticator. An attacker who can manipula...

CVE-2025-49827 Conjur OSS and Secrets Manager, Self-Hosted (formerly Conjur Enterprise) Vulnerable to Bypass of IAM Authenticator

Conjur provides secrets management and application identity for infrastructure. Conjur OSS versions 1.19.5 through 1.22.0 and Secrets Manager, Self-Hosted formerly known as Conjur Enterprise 13.1 through 13.5 and 13.6 are vulnerable to bypass of the IAM authenticator. An attacker who can manipula...

CyberArk Conjur 安全漏洞

CyberArk Conjur is an open source key management software from CyberArk. A security vulnerability exists in CyberArk Conjur that stems from an IAM authenticator bypass that could lead to elevated privileges...

PT-2025-29612

Name of the Vulnerable Software and Affected Versions Conjur OSS versions 1.19.5 through 1.22.0 Secrets Manager, Self-Hosted versions 13.1 through 13.6 Description Conjur provides secrets management and application identity for infrastructure. A malformed regular expression allows an attacker...

Microsoft Removes Password Management from Authenticator App Starting August 2025

Microsoft has said that it's ending support for passwords in its Authenticator app starting August 1, 2025. Microsoft's move is part of a much larger shift away from traditional password-based logins. The company said the changes are also meant to streamline autofill within its two-factor...

Siemens SCALANCE, RUGGEDCOM, SIPLUS, and SINEC RADIUS Protocol Forgery Attacks (CVE-2024-3596)

RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify responses Access-Reject or Access-Accept using a chosen-prefix collision attack against MD5 Response Authenticator signature. This plugin only works with Tenable.ot. Please visit...

Fedora 41 : krb5 (2025-42a13f896e)

The remote Fedora 41 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-42a13f896e advisory. Disallowing use of the arcfour-hmac-md5 encryption type for session keys Add support for the PKINIT paChecksum2 sequence, required for Active Directory...

Fedora 42 : krb5 (2025-3de9fe91ff)

The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-3de9fe91ff advisory. Disallowing use of the arcfour-hmac-md5 encryption type for session keys Add support for the PKINIT paChecksum2 sequence, required for Active Directory...

GHSA-9QVJ-RPJ8-V5C8 Pekko Management may not properly apply authenticator when Basic Authentication is enabled

If you enable Basic Authentication in Pekko Management using the Java DSL, the authenticator may not be properly applied. Users that rely on authentication instead of making sure the Management API ports are only available to trusted users are recommended to upgrade to version 1.1.1, which fixes...