820 matches found
freeradius: forgery attack
A vulnerability in the RADIUS Remote Authentication Dial-In User Service protocol allows attackers to forge authentication responses when the Message-Authenticator attribute is not enforced. This issue arises from a cryptographically insecure integrity check using MD5, enabling attackers to spoof...
OESA-2024-1878 freeradius security update
Remote Authentication Dial-In User Service RADIUS is a networking protocol that provides centralized Authentication, Authorization, and Accounting AAA or Triple A management for users who connect and use a network service. Security Fixes: RADIUS Protocol under RFC 2865 is susceptible to forgery...
RADIUS Protocol Spoofing Vulnerability (Blast-RADIUS): July 2024
On July 7, 2024, security researchers disclosed the following vulnerability in the RADIUS protocol: CVE-2024-3596: RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by an on-path attacker who can modify any valid Response Access-Accept, Access-Reject, or Access-Challenge to any oth...
CVE-2024-3596
RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response Access-Accept, Access-Reject, or Access-Challenge to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature...
DEBIAN-CVE-2024-3596
RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response Access-Accept, Access-Reject, or Access-Challenge to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature...
CVE-2024-3596 RADIUS Protocol under RFC2865 is vulnerable to forgery attacks.
RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response Access-Accept, Access-Reject, or Access-Challenge to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature...
CVE-2024-3596
RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response Access-Accept, Access-Reject, or Access-Challenge to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature...
CVE-2024-3596
RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response Access-Accept, Access-Reject, or Access-Challenge to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature...
KB5040437: Windows Server 2022 / Azure Stack HCI 22H2 Security Update (July 2024)
The remote Windows host is missing security update 5040437. It is, therefore, affected by multiple vulnerabilities - RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response Access-Accept, Access-Reject, or Access-Challenge to any othe...
Malicious code in authenticator_client (RubyGems)
--- -= Per source details. Do not edit below this line.=-...
MAL-2024-6725 Malicious code in authenticator_client (RubyGems)
--- -= Per source details. Do not edit below this line.=-...
MAL-2024-4787 Malicious code in authanticetor (PyPI)
--- -= Per source details. Do not edit below this line.=-...
HackerOne: Improper Authentication - 2FA OTP Reusable
Vulnerability description not provided...
Google Simplifies 2-Factor Authentication Setup (It's More Important Than Ever)
Google on Monday announced that it's simplifying the process of enabling two-factor authentication 2FA for users with personal and Workspace accounts. Also called 2-Step Verification 2SV, it aims to add an extra layer of security to users' accounts to prevent takeover attacks in case the password...
Microsoft introduces passkeys for consumer accounts
Ten years ago, Microsoft envisioned a bold future: a world free of passwords. Every year, we celebrate World Password Day by updating you on our progress toward eliminating passwords for good. Today, we’re announcing passkey support for Microsoft consumer accounts, the next step toward our vision...
VeridiumID 安全漏洞
VeridiumID is an integrated passwordless platform from VeridiumID. A security vulnerability exists in VeridiumID versions prior to 3.5.0. An attacker exploited the vulnerability to take over a victim's account by registering its FIDO authenticator to that account...
CVE-2023-44039
In VeridiumID before 3.5.0, the WebAuthn API allows an internal unauthenticated attacker who can pass enrollment verifications and is allowed to enroll a FIDO key to register their FIDO authenticator to a victim’s account and consequently take over the account...
The vulnerability of the Microsoft Authenticator multi-factor authentication application lies in its lack of access control mechanisms, which allows attackers to escalate their privileges.
The vulnerability of the Microsoft Authenticator multi-factor authentication application is related to deficiencies in access control. Exploiting this vulnerability can allow attackers to enhance their privileges...
Patch Tuesday, March 2024 Edition
Apple and Microsoft recently released software updates to fix dozens of security holes in their operating systems. Microsoft today patched at least 60 vulnerabilities in its Windows OS. Meanwhile, Apples new macOS Sonoma addresses at least 68 security weaknesses, and its latest update for iOS fix...
CVE-2024-21390
Microsoft Authenticator Elevation of Privilege Vulnerability...