2 matches found
CVE-2022-45174
An issue was discovered in LIVEBOX Collaboration vDesk through v018. A Bypass of Two-Factor Authentication for SAML Users can occur under the /login/backupcode endpoint and the /api/v1/vdeskintegration/challenge endpoint. The correctness of the TOTP is not checked properly, and can be bypassed by...
CVE-2022-45174
CVE-2022-45174 affects LIVEBOX Collaboration vDesk versions through v018. The issue allows bypassing Two-Factor Authentication for SAML users via /login/backup_code and /api/v1/vdeskintegration/challenge, by supplying a non-validated backup code, due to improper TOTP verification. Documents descr...