7 matches found
PT-2025-22486 · Gitlab · Gitlab Ce/Ee
Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 11.1 through 17.10.6 GitLab CE/EE versions 17.11 through 17.11.2 GitLab CE/EE versions 18.0 through 18.0.0 Description: An issue has been discovered in GitLab CE/EE, where improper XPath validation allows a modified SAML...
CVE-2022-36249
Shop Beat Solutions Pty LTD Shop Beat Media Player 2.5.95 up to 3.2.57 is vulnerable to Bypass 2FA via APIs. For Controlpanel Lite. "After login we are directly able to use the bearer token or jsession ID to access the apis instead of entering the 2FA code. Thus, leading to bypass of 2FA on API...
Session fixation
An issue was discovered in LemonLDAP::NG before 2.16.1. Weak session ID generation in the AuthBasic handler and incorrect failure handling during a password check allow attackers to bypass 2FA verification. Any plugin that tries to deny session creation after the store step does not deny an...
CVE-2023-28862
An issue was discovered in LemonLDAP::NG before 2.16.1. Weak session ID generation in the AuthBasic handler and incorrect failure handling during a password check allow attackers to bypass 2FA verification. Any plugin that tries to deny session creation after the store step does not deny an...
Improper access control
An improper access control vulnerability CWE-284 in FortiToken Mobile Android external push notification 5.1.0 and below may allow a remote attacker having already obtained a user's password to access the protected system during the 2FA procedure, even though the deny button is clicked by the...
CVE-2020-24612
An issue was discovered in the selinux-policy aka Reference Policy package 3.14 through 2020-08-24 because the .config/Yubico directory is mishandled. Consequently, when SELinux is in enforced mode, pam-u2f is not allowed to read the user's U2F configuration file. If configured with the nouserok...
VK.com: Обходим 2FA и/или получаем access_token, если мы когда-либо были на аккаунте жертвы
Частичный обход 2FA в некоторых случаях, имея доступ к странице. Была возможность всего один раз побывав на аккаунте в последующих случаях обходить 2FA. Хеши на https://login.vk.com/?act=grantaccess не имели срока действия и привязки к значимым параметрам аккаунта включена ли 2фа, когда посл. раз...