Lucene search
K

6 matches found

EUVD
EUVD
added 2026/05/19 10:52 a.m.15 views

EUVD-2026-30886

A flaw was found in Keycloak. This authentication vulnerability allows a remote attacker to replay ExecuteActionsActionToken tokens within Keycloak's WebAuthn Web Authentication flow. By intercepting an execute-actions email link, an attacker can register their own authenticator to a victim's...

6.8CVSS5.8AI score0.0044EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/19 10:52 a.m.8 views

CVE-2026-37982 Keycloak: org.keycloak.authentication: keycloak: unauthorized account takeover via webauthn token replay

A flaw was found in Keycloak. This authentication vulnerability allows a remote attacker to replay ExecuteActionsActionToken tokens within Keycloak's WebAuthn Web Authentication flow. By intercepting an execute-actions email link, an attacker can register their own authenticator to a victim's...

6.8CVSS5.8AI score0.0044EPSS
Exploits0References4
Packet Storm News
Packet Storm News
added 2026/01/10 12:0 a.m.5 views

QES-Backed Virtual FIDO2 Authenticators: Architectural Options for Secure, Synchronizable WebAuthn Credentials

FIDO2 and the WebAuthn standard offer phishing-resistant, public-key based authentication but traditionally rely on device-bound cryptographic keys that are not naturally portable across user devices. Recent passkey deployments address this limitation by enabling multi-device credentials...

6.7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/07/10 12:0 a.m.5 views

KeyDroid: a Large-Scale Analysis of Secure Key Storage in Android Apps

Most contemporary mobile devices offer hardware-backed storage for cryptographic keys, user data, and other sensitive credentials. Such hardware protects credentials from extraction by an adversary who has compromised the main operating system, such as a malicious third-party app. Since 2011,...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/03/04 12:19 p.m.23 views

Samsung Encryption Flaw

Researchers have found a major encryption flaw in 100 million Samsung Galaxy phones. From the abstract: In this work, we expose the cryptographic design and implementation of Androids Hardware-Backed Keystore in Samsungs Galaxy S8, S9, S10, S20, and S21 flagship devices. We reversed-engineered an...

0.3AI score
Exploits0
Microsoft Secure
Microsoft Secure
added 2020/03/17 4:0 p.m.301 views

Secured-core PCs: A brief showcase of chip-to-cloud security against kernel attacks

Gaining kernel privileges by taking advantage of legitimate but vulnerable kernel drivers has become an established tool of choice for advanced adversaries. Multiple malware attacks, including RobbinHood, Uroburos, Derusbi, GrayFish, and Sauron, and campaigns by the threat actor STRONTIUM, have...

7.2CVSS9.1AI score0.07799EPSS
Exploits13
Rows per page
Query Builder