152 matches found
PT-2023-14512 · Miniorange · Miniorange'S Google Authenticator – Wordpress Two Factor Authentication – 2Fa
Name of the Vulnerable Software and Affected Versions: miniOrange's Google Authenticator – WordPress Two Factor Authentication – 2FA , Two Factor, OTP SMS and Email | Passwordless login versions n/a through 5.6.1 Description: The issue is related to the exposure of sensitive information to an...
CVE-2022-4943
The miniOrange's Google Authenticator plugin for WordPress is vulnerable to authorization bypass due to a missing capability check when changing plugin settings in versions up to, and including, 5.6.5. This makes it possible for unauthenticated attackers to change the plugin's settings...
CVE-2022-4943
The miniOrange's Google Authenticator plugin for WordPress is vulnerable to authorization bypass due to a missing capability check when changing plugin settings in versions up to, and including, 5.6.5. This makes it possible for unauthenticated attackers to change the plugin's settings...
Authorization
The miniOrange's Google Authenticator plugin for WordPress is vulnerable to authorization bypass due to a missing capability check when changing plugin settings in versions up to, and including, 5.6.5. This makes it possible for unauthenticated attackers to change the plugin's settings...
CVE-2022-4943
The miniOrange's Google Authenticator plugin for WordPress is vulnerable to authorization bypass due to a missing capability check when changing plugin settings in versions up to, and including, 5.6.5. This makes it possible for unauthenticated attackers to change the plugin's settings...
CVE-2022-4943
CVE-2022-4943 – miniOrange's Google Authenticator plugin for WordPress suffers an authorization bypass due to a missing capability check when changing plugin settings in versions
CVE-2022-4943 miniOrange's Google Authenticator <= 5.6.5 - Missing Authorization to Plugin Settings Change
The miniOrange's Google Authenticator plugin for WordPress is vulnerable to authorization bypass due to a missing capability check when changing plugin settings in versions up to, and including, 5.6.5. This makes it possible for unauthenticated attackers to change the plugin's settings...
PT-2023-15929 · Miniorange · Google Authenticator
Name of the Vulnerable Software and Affected Versions: miniOrange's Google Authenticator plugin for WordPress versions up to, and including, 5.6.5 Description: The issue is related to a missing capability check when changing plugin settings, which allows unauthenticated attackers to modify the...
Retool Falls Victim to SMS-Based Phishing Attack Affecting 27 Cloud Clients
Software development company Retool has disclosed that the accounts of 27 of its cloud customers were compromised following a targeted and SMS-based social engineering attack. The San Francisco-based firm blamed a Google Account cloud synchronization feature recently introduced in April 2023 for...
A week in security (May 1 - 7)
Last week on Malwarebytes Labs: How to protect your small business from social engineering Microsoft: You're already using the last version of Windows 10 Is it OK to train an AI on your images, without permission? Upcoming webinar: Is EDR or MDR better for your business? Google Authenticator WILL...
Google Authenticator WILL get end-to-end encryption. Eventually.
Following criticism, Google has decided to bring end-to-end encryption E2EE to its Google Authenticator cloud backups. The search giant recently introduced a feature that allows users back up two-factor authentication 2FA tokens to the cloud, but the lack of encryption caused some commentators to...
Google Authenticator App Gets Cloud Backup Feature for TOTP Codes
Search giant Google on Monday unveiled a major update to its 12-year-old Authenticator app for Android and iOS with an account synchronization option that allows users to back up their time-based one-time passwords TOTPs to the cloud. "This change means users are better protected from lockout and...
Google Authenticator App Gets Cloud Backup Feature for TOTP Codes
Search giant Google on Monday unveiled a major update to its 12-year-old Authenticator app for Android and iOS with an account synchronization option that allows users to back up their time-based one-time passwords TOTPs to the cloud. "This change means users are better protected from lockout and...
WordPress miniOrange's Google Authenticator Plugin <= 5.6.5 is vulnerable to Broken Access Control
Software miniOrange's Google Authenticator Type Plugin Vulnerable versions = 5.6.5 Fixed in 5.6.6 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2022-4943 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID 1f8ee97c6af1 Credits Ramuel Gal...
SpyNote Strikes Again: Android Spyware Targeting Financial Institutions
Financial institutions are being targeted by a new version of Android malware called SpyNote at least since October 2022 that combines both spyware and banking trojan characteristics. "The reason behind this increase is that the developer of the spyware, who was previously selling it to other...
WordPress Google Authenticator has an unspecified vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. The platform supports the hosting of personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. WordPress...
WordPress miniOrange Two-Factor Authentication plugin <= 5.6.1 - Sensitive Data Exposure vulnerability
Sensitive Data Exposure vulnerability discovered by Calvin Alkan in WordPress miniOrange Two-Factor Authentication plugin versions = 5.6.1. Solution Update the WordPress miniOrange's Google Authenticator plugin to the latest available version at least 5.6.2...
CVE-2022-42461
Broken Access Control vulnerability in miniOrange's Google Authenticator plugin = 5.6.1 on WordPress...
CVE-2022-42461
Broken Access Control vulnerability in miniOrange's Google Authenticator plugin = 5.6.1 on WordPress...
Improper access control
Broken Access Control vulnerability in miniOrange's Google Authenticator plugin = 5.6.1 on WordPress...