152 matches found
Ian Dunn: Timing Attack in Google Authenticator - Per User Prompt
Google Authenticator - Per User Prompt contains a timing attack vulnerability in how it validates the application password for a user account. if sha1 $attemptedpasswordplaintext === $validpasswordhash || wpcheckpassword $attemptedpasswordplaintext, $validpasswordhash...
Ian Dunn: Google Authenticator0.6 - PHP Version Dosclosure
Hello Vulnerable File and Link : http://localhost/wordpress/wp-content/plugins/google-authenticator-per-user-prompt/views/requirements-error.php Vulnerable Link : 8 You're running version Vulnerable Code: Good Luck/...
Ian Dunn: Google Authenticator - Cross Site Scripting
Hello Vulnerable File: : /views/token-prompt.php Vulnerable Link : 15 " / Vulnerable Code: Good Luck/...
Google Authenticator - Exported components, External URLs, Suspicious files vulnerabilities
HackApp vulnerability scanner discovered that application Google Authenticator published at the 'play' market has multiple vulnerabilities...
NIST Recommends SMS Two-Factor Authentication Deprecation
A U.S. government agency said the end is nigh for SMS-based two-factor authentication, citing a lack of security around the feature. The latest draft version of the Digital Authentication Guideline issued this week by the U.S. National Institute for Standards and Technology NIST said the practice...
WordPress Google Authenticator Plugin <= 0.47 - Authentication Bypass
This plugin is prone to a two factor authentication Bypass vulnerability. Attackers with a valid password can bypass the two-factor OTP by using an email address. Solution Upgrade this plugin...
Google Authenticator <= 0.47 - Two Factor Authentication Bypass
WordPress 4.5 introduced the ability to login with an email address instead of a username. Google Authenticator v0.47 wasn't aware of the new feature, and didn't properly handle the case where an email address was used instead of a username. Using an email address would allow an attacker with a...
CVE-2013-4178
The Google Authenticator login module 6.x-1.x before 6.x-1.2 and 7.x-1.x before 7.x-1.4 for Drupal allows remote attackers to obtain access by replaying the username, password, and one-time password OTP...
CVE-2013-4177
The Google Authenticator login module 6.x-1.x before 6.x-1.2 and 7.x-1.x before 7.x-1.4 for Drupal does not properly identify user account names, which might allow remote attackers to bypass the two-factor authentication requirement via unspecified vectors...
Default credentials
The Google Authenticator login module 6.x-1.x before 6.x-1.2 and 7.x-1.x before 7.x-1.4 for Drupal allows remote attackers to obtain access by replaying the username, password, and one-time password OTP...
Authentication flaw
The Google Authenticator login module 6.x-1.x before 6.x-1.2 and 7.x-1.x before 7.x-1.4 for Drupal does not properly identify user account names, which might allow remote attackers to bypass the two-factor authentication requirement via unspecified vectors...
CVE-2013-4177
The Google Authenticator login module 6.x-1.x before 6.x-1.2 and 7.x-1.x before 7.x-1.4 for Drupal does not properly identify user account names, which might allow remote attackers to bypass the two-factor authentication requirement via unspecified vectors...
CVE-2013-4178
CVE-2013-4178 affects the Google Authenticator login module for Drupal (6.x-1.x prior to 6.x-1.2; 7.x-1.x prior to 7.x-1.4). The issue allows remote attackers to gain access by replaying a login request containing username, password, and OTP. Affected versions are explicit; Drupal core is not aff...
CVE-2013-4177
The CVE-2013-4177 entry refers to the Drupal Google Authenticator login module (versions 6.x-1.x before 6.x-1.2 and 7.x-1.x before 7.x-1.4). The underlying issue is that the module does not properly identify user account names, which could allow remote attackers to bypass the two‑factor authentic...
CVE-2013-4178
The Google Authenticator login module 6.x-1.x before 6.x-1.2 and 7.x-1.x before 7.x-1.4 for Drupal allows remote attackers to obtain access by replaying the username, password, and one-time password OTP...
SA-CONTRIB-2013-047 - Google Authenticator login - Access Bypass
This module will allow you to add Time-based One-time Password Algorithm also called "Two Step Authentication" or "Multi-Factor Authentication" support to user logins. It works with Google's Authenticator app system and support most if not all OATH based HOTP/TOTP systems. Accidental removal of...
CVE-2012-6140
pamgoogleauthenticator.c in the PAM module in Google Authenticator before 1.0 requires user-readable permissions for the secret file, which allows local users to bypass intended access restrictions and discover a shared secret via standard filesystem operations, a different vulnerability than...
CVE-2012-6140
pamgoogleauthenticator.c in the PAM module in Google Authenticator before 1.0 requires user-readable permissions for the secret file, which allows local users to bypass intended access restrictions and discover a shared secret via standard filesystem operations, a different vulnerability than...
DEBIAN-CVE-2012-6140
pamgoogleauthenticator.c in the PAM module in Google Authenticator before 1.0 requires user-readable permissions for the secret file, which allows local users to bypass intended access restrictions and discover a shared secret via standard filesystem operations, a different vulnerability than...
CVE-2012-6140
pamgoogleauthenticator.c in the PAM module in Google Authenticator before 1.0 requires user-readable permissions for the secret file, which allows local users to bypass intended access restrictions and discover a shared secret via standard filesystem operations, a different vulnerability than...