1248 matches found
CVE-2023-49947
Forgejo before 1.20.5-1 allows 2FA bypass when docker login uses Basic Authentication...
CVE-2023-49947
Forgejo before 1.20.5-1 allows 2FA bypass when docker login uses Basic Authentication...
Authentication flaw
Forgejo before 1.20.5-1 allows 2FA bypass when docker login uses Basic Authentication...
Forgejo Security Breach
Forgejo is a lightweight git service. A security vulnerability exists in versions prior to Forgejo 1.20.5-1 that stems from allowing two-factor authentication bypass when docker login is used with basic authentication...
CVE-2023-49947
CVE-2023-49947 concerns Forgejo prior to 1.20.5-1, where using docker login with Basic Authentication enables a 2FA bypass. The core issue is a bypass of two-factor authentication when Basic Auth is used during Docker login. The CVE is reflected in multiple sources (NVD, Red Hat advisories, CVE l...
CVE-2023-49947
Forgejo before 1.20.5-1 allows 2FA bypass when docker login uses Basic Authentication...
PT-2023-31418 · Docker +1 · Docker +1
Name of the Vulnerable Software and Affected Versions: Forgejo versions prior to 1.20.5-1 Description: The issue allows for 2FA bypass when docker login uses Basic Authentication. Recommendations: For versions prior to 1.20.5-1, update to version 1.20.5-1 or later to resolve the issue...
Incorrect Authorization
Forgejo before 1.20.5-1 allows 2FA bypass when docker login uses Basic Authentication...
CVE-2023-46383
LOYTEC electronics GmbH LINX Configurator all versions uses HTTP Basic Authentication, which transmits usernames and passwords in base64-encoded cleartext and allows remote attackers to steal the password and gain full control of Loytec device configuration...
CVE-2023-46383
LOYTEC electronics GmbH LINX Configurator all versions uses HTTP Basic Authentication, which transmits usernames and passwords in base64-encoded cleartext and allows remote attackers to steal the password and gain full control of Loytec device configuration...
PT-2023-29992 · Loytec Electronics Gmbh · Linx Configurator
Name of the Vulnerable Software and Affected Versions: LOYTEC electronics GmbH LINX Configurator all versions Description: The issue concerns the use of HTTP Basic Authentication in the LINX Configurator, which transmits usernames and passwords in base64-encoded cleartext. This allows remote...
Loytec LINX Configurator 7.4.10 Insecure Transit / Cleartext Secrets
CVE : CVE-2023-46383, CVE-2023-46384, CVE-2023-46385 + Title : Multiple vulnerabilities in Loytec LINX Configurator + Vendor : LOYTEC electronics GmbH + Affected Products : LINX Configurator 7.4.10 + Affected Components : LINX Configurator + Discovery Date : 01-Sep-2021 + Publication date :...
Loytec LINX Configurator 7.4.10 Insecure Transit / Cleartext Secrets Vulnerability
CVE : CVE-2023-46383, CVE-2023-46384, CVE-2023-46385 + Title : Multiple vulnerabilities in Loytec LINX Configurator + Vendor : LOYTEC electronics GmbH + Affected Products : LINX Configurator 7.4.10 + Affected Components : LINX Configurator + Discovery Date : 01-Sep-2021 + Publication date :...
PT-2023-9659 · Mendix · Mendix Runtime
Name of the Vulnerable Software and Affected Versions: Mendix Runtime V10 versions prior to V10.17.0 Mendix Runtime V10.12 versions prior to V10.12.11 Mendix Runtime V10.6 versions prior to V10.6.19 Mendix Runtime V8 versions prior to V8.18.33 Mendix Runtime V9 versions prior to V9.24.31...
CVE-2023-48309 next-auth vulnerable to possible user mocking that bypasses basic authentication
NextAuth.js provides authentication for Next.js. next-auth applications prior to version 4.24.5 that rely on the default Middleware authorization are affected by a vulnerability. A bad actor could create an empty/mock user, by getting hold of a NextAuth.js-issued JWT from an interrupted OAuth...
CVE-2023-48309 next-auth vulnerable to possible user mocking that bypasses basic authentication
NextAuth.js provides authentication for Next.js. next-auth applications prior to version 4.24.5 that rely on the default Middleware authorization are affected by a vulnerability. A bad actor could create an empty/mock user, by getting hold of a NextAuth.js-issued JWT from an interrupted OAuth...
CVE-2023-35794
An issue was discovered in Cassia Access Controller 2.1.1.2303271039. The Web SSH terminal endpoint spawned console can be accessed without authentication. Specifically, there is no session cookie validation on the Access Controller; instead, there is only Basic Authentication to the SSH console...
CVE-2023-35794
An issue was discovered in Cassia Access Controller 2.1.1.2303271039. The Web SSH terminal endpoint spawned console can be accessed without authentication. Specifically, there is no session cookie validation on the Access Controller; instead, there is only Basic Authentication to the SSH console...
CVE-2023-35794
An issue was discovered in Cassia Access Controller 2.1.1.2303271039. The Web SSH terminal endpoint spawned console can be accessed without authentication. Specifically, there is no session cookie validation on the Access Controller; instead, there is only Basic Authentication to the SSH console...
CVE-2023-35794
An issue was discovered in Cassia Access Controller 2.1.1.2303271039. The Web SSH terminal endpoint spawned console can be accessed without authentication. Specifically, there is no session cookie validation on the Access Controller; instead, there is only Basic Authentication to the SSH console...