CVE-2023-1477

The CVE-2023-1477 entry concerns the HYPR Keycloak Authenticator Extension, where an Improper Authentication flaw enables Authentication Abuse. Affected components are HYPR Keycloak Authenticator Extension prior to versions 7.10.2 and 8.0.3. Root cause: insufficient/authentication bypass risk in ...

CVE-2023-1477

Improper Authentication vulnerability in HYPR Keycloak Authenticator Extension allows Authentication Abuse.This issue affects HYPR Keycloak Authenticator Extension: before 7.10.2, before 8.0.3...

HYPR 授权问题漏洞

HYPR is a security application from HYPR that implements a passwordless... A security vulnerability exists in HYPR Keycloak Authenticator Extension that stems from incorrect authentication...

Google’s Authenticator App Now Lets You Sync 2FA Codes Across Devices

You can now sync sign-in codes across devices—but they aren’t end-to-end encrypted...

Google Authenticator App Gets Cloud Backup Feature for TOTP Codes

Search giant Google on Monday unveiled a major update to its 12-year-old Authenticator app for Android and iOS with an account synchronization option that allows users to back up their time-based one-time passwords TOTPs to the cloud. "This change means users are better protected from lockout and...

Google Authenticator App Gets Cloud Backup Feature for TOTP Codes

Search giant Google on Monday unveiled a major update to its 12-year-old Authenticator app for Android and iOS with an account synchronization option that allows users to back up their time-based one-time passwords TOTPs to the cloud. "This change means users are better protected from lockout and...

WordPress miniOrange's Google Authenticator Plugin <= 5.6.5 is vulnerable to Broken Access Control

Software miniOrange's Google Authenticator Type Plugin Vulnerable versions = 5.6.5 Fixed in 5.6.6 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2022-4943 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID 1f8ee97c6af1 Credits Ramuel Gal...

2FA Bypass by Brute Force

Description Currently there are no restrictions on attempts to enter the correct 2FA code. In contrast to the first step of the authentication username + password the fields of lastloginfail and loginfailcount in the database aren't updated. An attacker can bypass the 2FA by simple brute force of...

CVE-2023-27895

SAP Authenticator for Android - version 1.3.0, allows the screen to be captured, if an authorized attacker installs a malicious app on the mobile device. The attacker could extract the currently views of the OTP and the secret OTP alphanumeric token during the token setup. On successful...

CVE-2023-27895

SAP Authenticator for Android - version 1.3.0, allows the screen to be captured, if an authorized attacker installs a malicious app on the mobile device. The attacker could extract the currently views of the OTP and the secret OTP alphanumeric token during the token setup. On successful...

Code injection

SAP Authenticator for Android - version 1.3.0, allows the screen to be captured, if an authorized attacker installs a malicious app on the mobile device. The attacker could extract the currently views of the OTP and the secret OTP alphanumeric token during the token setup. On successful...

CVE-2023-27895 Information Disclosure vulnerability in SAP Authenticator for Android

SAP Authenticator for Android - version 1.3.0, allows the screen to be captured, if an authorized attacker installs a malicious app on the mobile device. The attacker could extract the currently views of the OTP and the secret OTP alphanumeric token during the token setup. On successful...

CVE-2023-27895

SAP Authenticator for Android (version 1.3.0) is reported to expose OTP-related data when a malicious app is installed on a device, allowing screen capture during token setup. The attacker could read the currently viewed OTP and the secret OTP alphanumeric token, but cannot modify or delete data....

CVE-2023-27895 Information Disclosure vulnerability in SAP Authenticator for Android

SAP Authenticator for Android - version 1.3.0, allows the screen to be captured, if an authorized attacker installs a malicious app on the mobile device. The attacker could extract the currently views of the OTP and the secret OTP alphanumeric token during the token setup. On successful...

SAP Authenticator 安全漏洞

SAP Authenticator is a mobile application from SAP that generates passwords for systems that require one-time password authentication. A security vulnerability exists in SAP Authenticator version 1.3.0, which originated from allowing an authorized attacker to install a malicious application on a...

PT-2023-21402 · Sap · Sap Authenticator For Android

Name of the Vulnerable Software and Affected Versions: SAP Authenticator for Android version 1.3.0 Description: The issue allows an authorized attacker to capture the screen if a malicious app is installed on the mobile device. This could lead to the extraction of the currently viewed OTP and the...

How to set up two-factor authentication on Twitter using an app

If you use text based authentication as an additional level of security for your Twitter account, you may be aware that this option will be reserved for paying Twitter Blue subscribers come mid-March. This post will explain how to enable app based authentication. We found it easier to do on our...

Twitter and two-factor authentication: What's changing?

Twitter is making some dramatic shake ups to its currently available security settings. From March 19, users of Twitter wont be able to use SMS-based two-factor authentication 2FA unless they have a subscription to the paid Twitter Blue service. If you use text-based 2FA, the important thing here...

Twitter Limits SMS-Based 2-Factor Authentication to Blue Subscribers Only

Twitter has announced that it's limiting the use of SMS-based two-factor authentication 2FA to its Blue subscribers. "While historically a popular form of 2FA, unfortunately we have seen phone-number based 2FA be used – and abused – by bad actors," the company said. "We will no longer allow...

SUSE CVE-2011-5064

DigestAuthenticator.java in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 uses Catalina as the hard-coded server secret aka private key, which makes it easier for remote attackers to bypass cryptographic...