4 matches found
CVE-2023-40260
EmpowerID before 7.205.0.1 allows an attacker to bypass an MFA multi factor authentication requirement if the first factor username and password is known, because the first factor is sufficient to change an account's email address, and the product would then send MFA codes to the new email addres...
CVE-2023-40260
EmpowerID before 7.205.0.1 allows an attacker to bypass an MFA multi factor authentication requirement if the first factor username and password is known, because the first factor is sufficient to change an account's email address, and the product would then send MFA codes to the new email addres...
CVE-2023-40260
EmpowerID prior to 7.205.0.1 is vulnerable to an MFA bypass: if an attacker knows the first factor (username/password), they can change the account’s email address and then receive MFA codes at the attacker-controlled email. This is documented across multiple sources (NVD/Red Hat entries and thir...
CVE-2023-40260
EmpowerID before 7.205.0.1 allows an attacker to bypass an MFA multi factor authentication requirement if the first factor username and password is known, because the first factor is sufficient to change an account's email address, and the product would then send MFA codes to the new email addres...