Lucene search
K

7 matches found

Github Security Blog
Github Security Blog
added 2026/03/02 9:40 p.m.11 views

OneUptime has WebAuthn 2FA bypass: server accepts client-supplied challenge instead of server-stored value, allowing credential replay

Summary The WebAuthn authentication implementation does not store the challenge on the server side. Instead, the challenge is returned to the client and accepted back from the client request body during verification. This violates the WebAuthn specification W3C Web Authentication Level 2, §13.4.3...

9CVSS6AI score0.00276EPSS
Exploits1References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/02 12:0 a.m.7 views

PT-2026-22998

Name of the Vulnerable Software and Affected Versions OneUptime versions 10.0.11 and prior Description The WebAuthn authentication implementation does not store the challenge on the server side. Instead, the challenge is returned to the client and accepted back from the client request body during...

9CVSS6AI score0.00276EPSS
Exploits1References11
RedhatCVE
RedhatCVE
added 2025/12/17 8:7 a.m.5 views

CVE-2025-68113

ALTCHA is privacy-first software for captcha and bot protection. A cryptographic semantic binding flaw in ALTCHA libraries allows challenge payload splicing, which may enable replay attacks. The HMAC signature does not unambiguously bind challenge parameters to the nonce, allowing an attacker to...

6.5CVSS6.7AI score0.00262EPSS
Exploits0References1
Snyk
Snyk
added 2025/12/16 12:43 a.m.2 views

Improper Verification of Cryptographic Signature

Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature via the HMAC computation. An attacker can bypass intended challenge expiration and reuse previously solved challenges by submitting a valid proof-of-work with a modified expiration value,...

6.9CVSS6.8AI score0.00262EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2020-25302

Malware in sbrugna...

6.8CVSS6.5AI score0.00971EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2004/07/06 12:0 a.m.26 views

RHEL 2.1 : vnc (RHSA-2002:287)

Updated VNC packages are available to fix a challenge replay attack that is present in the VNC server. VNC is a tool for providing a remote graphical user interface. The VNC DES authentication scheme is implemented using a challenge-response architecture, producing a random and different challeng...

7.5CVSS5.5AI score0.02404EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2003/01/16 3:46 p.m.4 views

Moderate: Red Hat Security Advisory: vnc security update

Updated VNC packages are available to fix a challenge replay attack that is present in the VNC server. VNC is a tool for providing a remote graphical user interface. The VNC DES authentication scheme is implemented using a challenge-response architecture, producing a random and different challeng...

7.5CVSS5.8AI score0.02404EPSS
Exploits0References3
Rows per page
Query Builder