CVE-2026-8293 Really Simple Security < 9.5.10.1 - Authentication Bypass via Two-Factor OTP Skip

The Really Simple Security WordPress plugin before 9.5.10.1 does not enforce the second-factor challenge in two of its two-factor authentication REST endpoints, allowing an attacker who knows a user's password to obtain a WordPress authentication session for that user without completing the email...

CVE-2024-0391

The check user account lock states feature within the email OTP flow fails to validate user input, allowing an attacker to infer the existence of registered user accounts. The discovery of valid usernames can increase the risk of brute-force and social engineering attacks. Attackers can leverage...

CVE-2024-0391 Username Enumeration via Email OTP Flow in Multiple WSO2 Products Allows User Account Discovery

The check user account lock states feature within the email OTP flow fails to validate user input, allowing an attacker to infer the existence of registered user accounts. The discovery of valid usernames can increase the risk of brute-force and social engineering attacks. Attackers can leverage...

EUVD-2023-50921

Malicious code in bioql PyPI...

CVE-2023-46754

The admin panel for Obl.ong before 1.1.2 allows authorization bypass because the email OTP feature accepts arbitrary numerical values...

Drugs.com: Email OTP/2FA Bypass

The application had a 2FA functionality by email OTP. The vulnerability allowed bypassing the 2FA by deleting the "bbrefresh" cookie during the authentication process. This enabled successful login without the required 2FA...

CVE-2023-46754

The admin panel for Obl.ong before 1.1.2 allows authorization bypass because the email OTP feature accepts arbitrary numerical values...

CVE-2023-46754

The admin panel for Obl.ong before 1.1.2 allows authorization bypass because the email OTP feature accepts arbitrary numerical values...

Authorization

The admin panel for Obl.ong before 1.1.2 allows authorization bypass because the email OTP feature accepts arbitrary numerical values...

CVE-2023-46754

The admin panel for Obl.ong before 1.1.2 allows authorization bypass because the email OTP feature accepts arbitrary numerical values...

CVE-2023-46754

CVE-2023-46754 affects Obl.ong prior to 1.1.2. The issue is an authorization bypass in the admin panel caused by the email OTP feature accepting arbitrary numerical values. Affected component/file is the admin panel’s OTP handling; root cause is lax validation of OTP input, enabling bypass of acc...

CVE-2023-46754

The admin panel for Obl.ong before 1.1.2 allows authorization bypass because the email OTP feature accepts arbitrary numerical values...

How to configure Email OTP without email ID registration

This article covers two kind of Email OTP authentication methods, which deployed in Citrix ADC Nfactor AAA virtual server. How to configure standard withemail ID registration email OTP How to configure simple without email ID registrationemail OTP...

Authentication flaw

When a password reset mechanism is configured to use the Authentication API with an Authentication Policy, email One-Time Password, PingID or SMS authentication, an existing user can reset another existing user’s password...