29 matches found
Zitadel - User Registration Bypass
The open-source identity infrastructure software Zitadel allows administrators to disable the user self-registration. Due to a missing security check in versions prior to 2.64.0, 2.63.5, 2.62.7, 2.61.4, 2.60.4, 2.59.5, and 2.58.7, disabling the "User Registration allowed" option only hid the...
How Microsoft Defender protects high-value assets in real-world attack scenarios
In this article 1. Using asset context to strengthen detection 2. How high-value asset protection works 3. Real-world high-value asset protection scenarios 4. Protecting your HVAs 5. Learn more High-value assets including domain controllers, web servers, and identity infrastructure are frequent...
EUVD-2023-2814
Malicious code in bioql PyPI...
EUVD-2023-2909
Malicious code in bioql PyPI...
EUVD-2024-2329
Malicious code in bioql PyPI...
EUVD-2025-8871
Malicious code in bioql PyPI...
EUVD-2025-7787
Malicious code in bioql PyPI...
EUVD-2023-2852
Malicious code in bioql PyPI...
EUVD-2023-50475
Malicious code in bioql PyPI...
EUVD-2025-8872
Malicious code in bioql PyPI...
CVE-2025-48936 ZITADEL Allows Account Takeover via Malicious X-Forwarded-Proto Header Injection
Zitadel is open-source identity infrastructure software. Prior to versions 2.70.12, 2.71.10, and 3.2.2, a potential vulnerability exists in the password reset mechanism. ZITADEL utilizes the Forwarded or X-Forwarded-Host header from incoming requests to construct the URL for the password reset...
CVE-2023-47111
ZITADEL provides identity infrastructure. ZITADEL provides administrators the possibility to define a Lockout Policy with a maximum amount of failed password check attempts. On every failed password check, the amount of failed checks is compared against the configured maximum. Exceeding the limit...
CVE-2025-46815 ZITADEL Allows IdP Intent Token Reuse
The identity infrastructure software ZITADEL offers developers the ability to manage user sessions using the Session API. This API enables the use of IdPs for authentication, known as idp intents. Following a successful idp intent, the client receives an id and token on a predefined URI. These id...
CVE-2025-31124
CVE-2025-31124 (Zitadel) describes a user enumeration flaw in the login flow caused by normalization of the username when the “Ignoring unknown usernames” setting is enabled. Although the UI prompts for a password and returns “Username or Password invalid” for non-existent users, the normalizatio...
CVE-2025-31124 Zitadel allows User Enumeration by loginname attribute normalization
Zitadel is open-source identity infrastructure software. ZITADEL administrators can enable a setting called "Ignoring unknown usernames" which helps mitigate attacks that try to guess/enumerate usernames. If enabled, ZITADEL will show the password prompt even if the user doesn't exist and report...
Don't Overlook These 6 Critical Okta Security Configurations
Given Okta's role as a critical part of identity infrastructure, strengthening Okta security is essential. This article covers six key Okta security settings that provide a strong starting point, along with recommendations for implementing continuous monitoring of your Okta security posture. With...
CVE-2024-39683
ZITADEL is an open-source identity infrastructure tool. ZITADEL provides users the ability to list all user sessions of the current user agent browser. Starting in version 2.53.0 and prior to versions 2.53.8, 2.54.5, and 2.55.1, due to a missing check, user sessions without that information e.g...
CVE-2024-39683 ZITADEL Vulnerable to Session Information Leakage
ZITADEL is an open-source identity infrastructure tool. ZITADEL provides users the ability to list all user sessions of the current user agent browser. Starting in version 2.53.0 and prior to versions 2.53.8, 2.54.5, and 2.55.1, due to a missing check, user sessions without that information e.g...
CVE-2024-39683 ZITADEL Vulnerable to Session Information Leakage
ZITADEL is an open-source identity infrastructure tool. ZITADEL provides users the ability to list all user sessions of the current user agent browser. Starting in version 2.53.0 and prior to versions 2.53.8, 2.54.5, and 2.55.1, due to a missing check, user sessions without that information e.g...
Learn How to Build an Incident Response Playbook Against Scattered Spider in Real-Time
In the tumultuous landscape of cybersecurity, the year 2023 left an indelible mark with the brazen exploits of the Scattered Spider threat group. Their attacks targeted the nerve centers of major financial and insurance institutions, culminating in what stands as one of the most impactful...