Lucene search
K

4 matches found

RedhatCVE
RedhatCVE
added 2026/01/09 12:31 p.m.7 views

CVE-2023-40260

EmpowerID before 7.205.0.1 allows an attacker to bypass an MFA multi factor authentication requirement if the first factor username and password is known, because the first factor is sufficient to change an account's email address, and the product would then send MFA codes to the new email addres...

9.1CVSS7AI score0.00526EPSS
Exploits0References1
NVD
NVD
added 2023/08/11 6:15 a.m.12 views

CVE-2023-40260

EmpowerID before 7.205.0.1 allows an attacker to bypass an MFA multi factor authentication requirement if the first factor username and password is known, because the first factor is sufficient to change an account's email address, and the product would then send MFA codes to the new email addres...

9.1CVSS5.2AI score0.00526EPSS
Exploits0References2
CVE
CVE
added 2023/08/11 12:0 a.m.47 views

CVE-2023-40260

EmpowerID prior to 7.205.0.1 is vulnerable to an MFA bypass: if an attacker knows the first factor (username/password), they can change the account’s email address and then receive MFA codes at the attacker-controlled email. This is documented across multiple sources (NVD/Red Hat entries and thir...

9.1CVSS6.7AI score0.00526EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2023/08/11 12:0 a.m.13 views

CVE-2023-40260

EmpowerID before 7.205.0.1 allows an attacker to bypass an MFA multi factor authentication requirement if the first factor username and password is known, because the first factor is sufficient to change an account's email address, and the product would then send MFA codes to the new email addres...

7AI score0.00526EPSS
Exploits0References2
Rows per page
Query Builder