25 matches found
The Qey: Implementation and Performance Study of Post Quantum Cryptography in FIDO2
Authentication systems have evolved a lot since the 1960s when Fernando Corbato first proposed the password-based authentication. In 2013, the FIDO Alliance proposed using secure hardware for authentication, thus marking a milestone in the passwordless authentication era 1. Passwordless...
EUVD-2025-30912
Malicious code in bioql PyPI...
CVE-2025-0672
An authentication bypass vulnerability exists in multiple WSO2 products when FIDO authentication is enabled. When a user account is deleted, the system does not automatically remove associated FIDO registration data. If a new user account is later created using the same username, the system may...
CVE-2025-0672
An authentication bypass vulnerability exists in multiple WSO2 products when FIDO authentication is enabled. When a user account is deleted, the system does not automatically remove associated FIDO registration data. If a new user account is later created using the same username, the system may...
CVE-2025-0672 Authentication Bypass in Multiple WSO2 Products via Stale FIDO Credential Association
An authentication bypass vulnerability exists in multiple WSO2 products when FIDO authentication is enabled. When a user account is deleted, the system does not automatically remove associated FIDO registration data. If a new user account is later created using the same username, the system may...
CVE-2025-0672 Authentication Bypass in Multiple WSO2 Products via Stale FIDO Credential Association
An authentication bypass vulnerability exists in multiple WSO2 products when FIDO authentication is enabled. When a user account is deleted, the system does not automatically remove associated FIDO registration data. If a new user account is later created using the same username, the system may...
CVE-2025-0672
CVE-2025-0672 describes an authentication bypass affecting multiple WSO2 products when FIDO authentication is enabled. The root cause is that, after a user account is deleted, the system does not automatically purge associated FIDO registration data. If a new user account is created with the same...
PT-2025-39184
Name of the Vulnerable Software and Affected Versions WSO2 products affected versions not specified Description An authentication bypass can occur in WSO2 products when FIDO authentication is enabled. Deletion of a user account does not automatically remove associated FIDO registration data. If a...
PoisonSeed Attack Turns Out to Be Not a FIDO Bypass After All
Cybersecurity firm Expel, in an update shared on July 25, 2025, said it's retracting its findings about a phishing attack that it said leveraged cross-device sign-in to get around FIDO account protections despite being not in physical proximity to the authenticating client device. "The evidence...
USDA Releases Success Story Detailing the Implementation of Phishing-Resistant Multifactor Authentication
Today, the Cybersecurity and Infrastructure Security Agency CISA and the U.S. Department of Agriculture USDA released Phishing-Resistant Multifactor Authentication MFA Success Story: USDA’s FIDO Implementation. This report details how USDA successfully implemented phishing-resistant authenticatio...
EulerOS Virtualization 2.12.1 : openssh (EulerOS-SA-2024-2313)
According to the versions of the openssh packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : An issue was discovered in OpenSSH before 8.9. If a client is using public-key authentication with agent forwarding but without...
Huawei EulerOS: Security Advisory for openssh (EulerOS-SA-2024-2246)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for openssh (EulerOS-SA-2024-2222)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
EulerOS 2.0 SP12 : openssh (EulerOS-SA-2024-2222)
According to the versions of the openssh packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : An issue was discovered in OpenSSH before 8.9. If a client is using public-key authentication with agent forwarding but without -oLogLevel=verbos...
Google Adds Passkeys to Advanced Protection Program for High-Risk Users
Google on Wednesday announced that it's making available passkeys for high-risk users to enroll in its Advanced Protection Program APP. "Users traditionally needed a physical security key for APP — now they can choose a passkey to secure their account," Shuvo Chatterjee, product lead of APP, said...
Advisory ROSA-SA-2024-2440
Software: openssh 8.0p1 OS: ROSA Virtualization 2.1 packageevrstring: openssh-8.0p1 CVE-ID: CVE-2019-16905 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: OpenSSH, when compiled with an experimental key type, has an integer overflow before authentication if the client or server is configured to use a...
Huawei EulerOS: Security Advisory for openssh (EulerOS-SA-2022-2097)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
EulerOS Virtualization 2.10.1 : openssh (EulerOS-SA-2022-2117)
According to the versions of the openssh packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - DISPUTED An issue was discovered in OpenSSH before 8.9. If a client is using public-key authentication with agent forwarding but...
An issue was discovered in OpenSSH before 8.9. If a client is using public-key authentication with agent forwarding but without -oLogLevel=verbose and an attacker has silently modified the server to support the None authentication option then the user cannot determine whether FIDO authentication is going to confirm that the user wishes to connect to that server or that the user wishes to allow that server to connect to a different server on the user's behalf. NOTE: the vendor's position is "this is not an authentication bypass since nothing is being bypassed.
...
CVE-2021-36368
An issue was discovered in OpenSSH before 8.9. If a client is using public-key authentication with agent forwarding but without -oLogLevel=verbose, and an attacker has silently modified the server to support the None authentication option, then the user cannot determine whether FIDO authenticatio...