Lucene search
K

152 matches found

Hacker One
Hacker One
added 2017/10/16 1:6 a.m.27 views

Ian Dunn: Timing Attack in Google Authenticator - Per User Prompt

Google Authenticator - Per User Prompt contains a timing attack vulnerability in how it validates the application password for a user account. if sha1 $attemptedpasswordplaintext === $validpasswordhash || wpcheckpassword $attemptedpasswordplaintext, $validpasswordhash...

7.1AI score
Exploits0
Hacker One
Hacker One
added 2016/09/28 11:6 a.m.19 views

Ian Dunn: Google Authenticator0.6 - PHP Version Dosclosure

Hello Vulnerable File and Link : http://localhost/wordpress/wp-content/plugins/google-authenticator-per-user-prompt/views/requirements-error.php Vulnerable Link : 8 You're running version Vulnerable Code: Good Luck/...

0.8AI score
Exploits0
Hacker One
Hacker One
added 2016/09/28 10:52 a.m.11 views

Ian Dunn: Google Authenticator - Cross Site Scripting

Hello Vulnerable File: : /views/token-prompt.php Vulnerable Link : 15 " / Vulnerable Code: Good Luck/...

1.1AI score
Exploits0
hackapp
hackapp
added 2016/08/25 8:49 a.m.16 views

Google Authenticator - Exported components, External URLs, Suspicious files vulnerabilities

HackApp vulnerability scanner discovered that application Google Authenticator published at the 'play' market has multiple vulnerabilities...

0.7AI score
Exploits0References1Affected Software1
ThreatPost
ThreatPost
added 2016/07/27 12:57 p.m.51 views

NIST Recommends SMS Two-Factor Authentication Deprecation

A U.S. government agency said the end is nigh for SMS-based two-factor authentication, citing a lack of security around the feature. The latest draft version of the Digital Authentication Guideline issued this week by the U.S. National Institute for Standards and Technology NIST said the practice...

0.2AI score
Exploits0References11
Patchstack
Patchstack
added 2016/04/28 12:0 a.m.12 views

WordPress Google Authenticator Plugin <= 0.47 - Authentication Bypass

This plugin is prone to a two factor authentication Bypass vulnerability. Attackers with a valid password can bypass the two-factor OTP by using an email address. Solution Upgrade this plugin...

4.3AI score
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2016/04/28 12:0 a.m.5 views

Google Authenticator <= 0.47 - Two Factor Authentication Bypass

WordPress 4.5 introduced the ability to login with an email address instead of a username. Google Authenticator v0.47 wasn't aware of the new feature, and didn't properly handle the case where an email address was used instead of a username. Using an email address would allow an attacker with a...

1.6AI score
Exploits0References2Affected Software1
NVD
NVD
added 2014/05/29 2:19 p.m.17 views

CVE-2013-4178

The Google Authenticator login module 6.x-1.x before 6.x-1.2 and 7.x-1.x before 7.x-1.4 for Drupal allows remote attackers to obtain access by replaying the username, password, and one-time password OTP...

5CVSS6.8AI score0.01298EPSS
Exploits0References4
NVD
NVD
added 2014/05/29 2:19 p.m.14 views

CVE-2013-4177

The Google Authenticator login module 6.x-1.x before 6.x-1.2 and 7.x-1.x before 7.x-1.4 for Drupal does not properly identify user account names, which might allow remote attackers to bypass the two-factor authentication requirement via unspecified vectors...

5CVSS7AI score0.01411EPSS
Exploits0References4
Prion
Prion
added 2014/05/29 2:19 p.m.15 views

Default credentials

The Google Authenticator login module 6.x-1.x before 6.x-1.2 and 7.x-1.x before 7.x-1.4 for Drupal allows remote attackers to obtain access by replaying the username, password, and one-time password OTP...

5CVSS7.4AI score0.01298EPSS
Exploits0References4Affected Software1
Prion
Prion
added 2014/05/29 2:19 p.m.13 views

Authentication flaw

The Google Authenticator login module 6.x-1.x before 6.x-1.2 and 7.x-1.x before 7.x-1.4 for Drupal does not properly identify user account names, which might allow remote attackers to bypass the two-factor authentication requirement via unspecified vectors...

5CVSS7.5AI score0.01411EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2014/05/29 2:0 p.m.20 views

CVE-2013-4177

The Google Authenticator login module 6.x-1.x before 6.x-1.2 and 7.x-1.x before 7.x-1.4 for Drupal does not properly identify user account names, which might allow remote attackers to bypass the two-factor authentication requirement via unspecified vectors...

7AI score0.01411EPSS
Exploits0References4
CVE
CVE
added 2014/05/29 2:0 p.m.41 views

CVE-2013-4178

CVE-2013-4178 affects the Google Authenticator login module for Drupal (6.x-1.x prior to 6.x-1.2; 7.x-1.x prior to 7.x-1.4). The issue allows remote attackers to gain access by replaying a login request containing username, password, and OTP. Affected versions are explicit; Drupal core is not aff...

5CVSS7AI score0.01298EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2014/05/29 2:0 p.m.43 views

CVE-2013-4177

The CVE-2013-4177 entry refers to the Drupal Google Authenticator login module (versions 6.x-1.x before 6.x-1.2 and 7.x-1.x before 7.x-1.4). The underlying issue is that the module does not properly identify user account names, which could allow remote attackers to bypass the two‑factor authentic...

5CVSS7.2AI score0.01411EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2014/05/29 2:0 p.m.21 views

CVE-2013-4178

The Google Authenticator login module 6.x-1.x before 6.x-1.2 and 7.x-1.x before 7.x-1.4 for Drupal allows remote attackers to obtain access by replaying the username, password, and one-time password OTP...

6.8AI score0.01298EPSS
Exploits0References4
Drupal
Drupal
added 2013/05/15 12:0 a.m.21 views

SA-CONTRIB-2013-047 - Google Authenticator login - Access Bypass

This module will allow you to add Time-based One-time Password Algorithm also called "Two Step Authentication" or "Multi-Factor Authentication" support to user logins. It works with Google's Authenticator app system and support most if not all OATH based HOTP/TOTP systems. Accidental removal of...

6.5AI score
Exploits0References10
NVD
NVD
added 2013/04/24 10:28 a.m.28 views

CVE-2012-6140

pamgoogleauthenticator.c in the PAM module in Google Authenticator before 1.0 requires user-readable permissions for the secret file, which allows local users to bypass intended access restrictions and discover a shared secret via standard filesystem operations, a different vulnerability than...

1.9CVSS6AI score0.0023EPSS
Exploits2References4
OSV
OSV
added 2013/04/24 10:28 a.m.7 views

CVE-2012-6140

pamgoogleauthenticator.c in the PAM module in Google Authenticator before 1.0 requires user-readable permissions for the secret file, which allows local users to bypass intended access restrictions and discover a shared secret via standard filesystem operations, a different vulnerability than...

6AI score
Exploits0References4
OSV
OSV
added 2013/04/24 10:28 a.m.2 views

DEBIAN-CVE-2012-6140

pamgoogleauthenticator.c in the PAM module in Google Authenticator before 1.0 requires user-readable permissions for the secret file, which allows local users to bypass intended access restrictions and discover a shared secret via standard filesystem operations, a different vulnerability than...

1.9CVSS6.6AI score0.0023EPSS
Exploits2References1
UbuntuCve
UbuntuCve
added 2013/04/24 10:28 a.m.29 views

CVE-2012-6140

pamgoogleauthenticator.c in the PAM module in Google Authenticator before 1.0 requires user-readable permissions for the secret file, which allows local users to bypass intended access restrictions and discover a shared secret via standard filesystem operations, a different vulnerability than...

1.9CVSS5.9AI score0.0023EPSS
Exploits2References2
Rows per page
Query Builder