CVE-2023-44039

In VeridiumID before 3.5.0, the WebAuthn API allows an internal unauthenticated attacker who can pass enrollment verifications and is allowed to enroll a FIDO key to register their FIDO authenticator to a victim’s account and consequently take over the account...

CVE-2023-44039

In VeridiumID before 3.5.0, the WebAuthn API allows an internal unauthenticated attacker who can pass enrollment verifications and is allowed to enroll a FIDO key to register their FIDO authenticator to a victim’s account and consequently take over the account...

VeridiumID 安全漏洞

VeridiumID is an integrated passwordless platform from VeridiumID. A security vulnerability exists in VeridiumID versions prior to 3.5.0. An attacker exploited the vulnerability to take over a victim's account by registering its FIDO authenticator to that account...

HYPR Server 安全漏洞

HYPR Server is a server from HYPR, Inc. A security vulnerability exists in HYPR Server versions prior to 6.14.1 that stems from an insecure direct object reference vulnerability that allows remote authentication attackers to tamper with parameters in the Device Manager page that would add a FIDO2...

Webauthn-Framework 授权问题漏洞

Webauthn-Framework is an authentication mechanism. It is used by Web applications to create and use strong, proven, scoped, public-key based credentials for strong authentication of users. Webauthn-Framework suffers from a security vulnerability that allows an attacker in control of a user's syst...