820 matches found
RedHat Update for tomcat6 RHSA-2013:0964-01
The remote host is missing an update for the Copyright C 2013 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
tomcat: Session fixation in form authenticator
java/org/apache/catalina/authenticator/FormAuthenticator.java in the form authentication feature in Apache Tomcat 6.0.21 through 6.0.36 and 7.x before 7.0.33 does not properly handle the relationships between authentication requirements and sessions, which allows remote attackers to inject a...
tomcat: Session fixation in form authenticator
java/org/apache/catalina/authenticator/FormAuthenticator.java in the form authentication feature in Apache Tomcat 6.0.21 through 6.0.36 and 7.x before 7.0.33 does not properly handle the relationships between authentication requirements and sessions, which allows remote attackers to inject a...
tomcat: Session fixation in form authenticator
java/org/apache/catalina/authenticator/FormAuthenticator.java in the form authentication feature in Apache Tomcat 6.0.21 through 6.0.36 and 7.x before 7.0.33 does not properly handle the relationships between authentication requirements and sessions, which allows remote attackers to inject a...
tomcat: Session fixation in form authenticator
java/org/apache/catalina/authenticator/FormAuthenticator.java in the form authentication feature in Apache Tomcat 6.0.21 through 6.0.36 and 7.x before 7.0.33 does not properly handle the relationships between authentication requirements and sessions, which allows remote attackers to inject a...
SA-CONTRIB-2013-047 - Google Authenticator login - Access Bypass
This module will allow you to add Time-based One-time Password Algorithm also called "Two Step Authentication" or "Multi-Factor Authentication" support to user logins. It works with Google's Authenticator app system and support most if not all OATH based HOTP/TOTP systems. Accidental removal of...
[SECURITY] CVE-2013-2067 Session fixation with FORM authenticator
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2013-2067 Session fixation with FORM authenticator Severity: Important Vendor: The Apache Software Foundation Versions Affected: - - Tomcat 7.0.0 to 7.0.32 - - Tomcat 6.0.21 to 6.0.36 Description: FORM authentication associates the most recent...
DEBIAN-CVE-2012-6140
pamgoogleauthenticator.c in the PAM module in Google Authenticator before 1.0 requires user-readable permissions for the secret file, which allows local users to bypass intended access restrictions and discover a shared secret via standard filesystem operations, a different vulnerability than...
CVE-2012-6140
pamgoogleauthenticator.c in the PAM module in Google Authenticator before 1.0 requires user-readable permissions for the secret file, which allows local users to bypass intended access restrictions and discover a shared secret via standard filesystem operations, a different vulnerability than...
CVE-2012-6140
pamgoogleauthenticator.c in the PAM module in Google Authenticator before 1.0 requires user-readable permissions for the secret file, which allows local users to bypass intended access restrictions and discover a shared secret via standard filesystem operations, a different vulnerability than...
Design/Logic Flaw
pamgoogleauthenticator.c in the PAM module in Google Authenticator before 1.0 requires user-readable permissions for the secret file, which allows local users to bypass intended access restrictions and discover a shared secret via standard filesystem operations, a different vulnerability than...
CVE-2012-6140
pamgoogleauthenticator.c in the PAM module in Google Authenticator before 1.0 requires user-readable permissions for the secret file, which allows local users to bypass intended access restrictions and discover a shared secret via standard filesystem operations, a different vulnerability than...
CVE-2012-6140
pamgoogleauthenticator.c in the PAM module in Google Authenticator before 1.0 requires user-readable permissions for the secret file, which allows local users to bypass intended access restrictions and discover a shared secret via standard filesystem operations, a different vulnerability than...
CVE-2012-6140
CVE-2012-6140 involves the pam_google_authenticator.c PAM module in Google Authenticator, vulnerable before 1.0. The root cause is that the secret file must have user-readable permissions, allowing local users to bypass access constraints and read the shared secret via standard filesystem operati...
CVE-2012-6140
pamgoogleauthenticator.c in the PAM module in Google Authenticator before 1.0 requires user-readable permissions for the secret file, which allows local users to bypass intended access restrictions and discover a shared secret via standard filesystem operations, a different vulnerability than...
Google Authenticator CVE-2012-6140本地信息泄露漏洞
CVE ID:CVE-2012-6140 Google Authenticator项目是可用于多手机平台的生成一次性密码的软件实现,包含可用于可插拔验证模块PAM的实现。 Google Authenticator在某些配置下执行私钥/状态文件管理时存在一个安全漏洞,由于缺少'user='选项,私钥SECRET文件需要为用户可读,允许本地攻击者获得预共享client-to-authentication-server私钥,可能导致假冒其他用户账户。 0 Google Authenticator 厂商解决方案 用户可参考如下厂商提供的安全公告获得补丁信息:...
CVE-2013-0258
The Google Authenticator login galogin module 7.x before 7.x-1.3 for Drupal, when multi-factor authentication is enabled, allows remote attackers to bypass authentication for accounts without an associated Google Authenticator token by logging in with the username...
CVE-2013-0258
The CVE-2013-0258 entry concerns the Drupal ga_login module (Drupal 7.x) prior to 7.x-1.3, where multi-factor authentication is enabled but an attacker can bypass login by using a username if no Google Authenticator token is associated with the account. The root cause is a flawed authentication b...
CVE-2013-0258
The Google Authenticator login galogin module 7.x before 7.x-1.3 for Drupal, when multi-factor authentication is enabled, allows remote attackers to bypass authentication for accounts without an associated Google Authenticator token by logging in with the username...
Custom Seraph Authenticators broken in Confluence 5.0
The constructor signature of com.atlassian.confluence.event.events.security.LoginEvent changed between Confluence 4.3.x and 5.0 - an additional String parameter was added to the constructor. From this: code public LoginEventObject src, String username, String sessionId, String remoteHost, String...