Lucene search
K

11 matches found

Talos Blog
Talos Blog
added 2024/12/19 7:2 p.m.7 views

Welcome to the party, pal!

Welcome to the final Threat Source newsletter of 2024. Watching "Die Hard" during the Christmas season has become a widely recognized tradition for many, despite ongoing debates about its classification as a Christmas movie. I know it isn't everyone's cup of tea. Whether you like the movie or not...

7.9AI score
Exploits0
NVD
NVD
added 2022/05/11 6:15 p.m.13 views

CVE-2022-24584

Incorrect access control in Yubico OTP functionality of the YubiKey hardware tokens along with the Yubico OTP validation server. The Yubico OTP supposedly creates hardware bound second factor credentials. When a user reprograms the OTP functionality by "writing" it on a token using the Yubico...

6.5CVSS0.0098EPSS
Exploits1References4
Prion
Prion
added 2022/05/11 6:15 p.m.10 views

Design/Logic Flaw

DISPUTED Incorrect access control in Yubico OTP functionality of the YubiKey hardware tokens along with the Yubico OTP validation server. The Yubico OTP supposedly creates hardware bound second factor credentials. When a user reprograms the OTP functionality by "writing" it on a token using the...

4CVSS6.4AI score0.0098EPSS
Exploits1References4
CVE
CVE
added 2022/05/11 5:49 p.m.86 views

CVE-2022-24584

CVE-2022-24584 concerns incorrect access control in Yubico OTP on YubiKey hardware tokens and the Yubico OTP validation server. The issue is that a user can reprogram the OTP functionality via the Yubico Personalization Tool and then upload the new configuration to Yubico’s OTP validation servers...

6.5CVSS6.4AI score0.0098EPSS
Exploits1References4Affected Software1
Positive Technologies
Positive Technologies
added 2022/05/11 12:0 a.m.5 views

PT-2022-16736 · Yubico · Yubikey

Name of the Vulnerable Software and Affected Versions: YubiKey affected versions not specified Description: The issue concerns incorrect access control in the Yubico OTP functionality of the YubiKey hardware tokens and the Yubico OTP validation server. The Yubico OTP is supposed to create...

6.5CVSS6.9AI score0.0098EPSS
Exploits1References7
The Hacker News
The Hacker News
added 2021/10/25 1:4 p.m.16 views

Hardware-grade enterprise authentication without hardware: new SIM security solution for IAM

The average cost of a data breach, according to the latest research by IBM, now stands at USD 4.24 million, the highest reported. The leading cause? Compromised credentials, often caused by human error. Although these findings continue to show an upward trend in the wrong direction, the challenge...

Exploits0
The Hacker News
The Hacker News
added 2021/06/29 9:48 a.m.44 views

New API Lets App Developers Authenticate Users via SIM Cards

Online account creation poses a challenge for engineers and system architects: if you put up too many barriers, you risk turning away genuine users. Make it too easy, and you risk fraud or fake accounts. The Problem with Identity Verification The traditional model of online identity –...

Exploits0
Akamai Blog
Akamai Blog
added 2020/12/15 2:0 p.m.36 views

Smartphones are not the problem with MFA security

We've recently seen big attacks play out on prominent technology companies despite their use of smartphone-based multi-factor authentication. These attacks are real, they do happen, and it appears that even the smartphone cannot protect us anymore. While this conclusion may be tempting, it actual...

7.1AI score
Exploits0
ThreatPost
ThreatPost
added 2019/01/16 10:9 p.m.15 views

Threatpost Survey Says: 2FA is Just Fine, But Go Ahead and Kill SMS

The author of a recently released penetration testing tool called Modlishka, which can bypass mainstream two-factor authentication 2FA, asked a provocative question in a recently published research note: “Is 2FA broken?” Since this isn’t the first example of how 2FA can be defeated, we asked...

7.5AI score
Exploits0References12
Wired Threat Level
Wired Threat Level
added 2018/09/24 11:0 a.m.22 views

The Series 5 YubiKey Will Help Kill the Password

The latest batch of hardware-based tokens from Yubico will eventually let you skip the password altogether...

0.4AI score
Exploits0
ThreatPost
ThreatPost
added 2013/04/26 10:39 a.m.11 views

Google Joins FIDO Alliance Effort to Move Beyond Passwords

Google, which gradually has been moving its users away from using passwords as their main form of authentication for Web services, has joined a young organization whose goal is to phase out passwords and replace them with various forms of strong authentication. The FIDO Alliance, formed last year...

0.9AI score
Exploits0References1
Rows per page
Query Builder