30 matches found
CVE-2023-49706
Defective request context handling in Self Service in LinOTP 3.x before 3.2.5 allows remote unauthenticated attackers to escalate privileges, thereby allowing them to act as and with the permissions of another user. Attackers must generate repeated API requests to trigger a race condition with...
CVE-2019-12887
KeyIdentity LinOTP before 2.10.5.3 has Incorrect Access Control issue 1 of 2...
EUVD-2019-0076
Malware in sbrugna...
EUVD-2022-33865
Malicious code in bioql PyPI...
CVE-2022-29529
An issue was discovered in MISP before 2.4.158. There is stored XSS via the LinOTP login field...
Authentication Bypass By Capture-replay
LinOTP is vulnerable to Authentication Bypass By Capture-replay. The vulnerability is due to the activation of automatic resynchronization, allowing an attacker to successfully log in with OTP values recorded at a previous point in time...
CVE-2023-49706
Defective request context handling in Self Service in LinOTP 3.x before 3.2.5 allows remote unauthenticated attackers to escalate privileges, thereby allowing them to act as and with the permissions of another user. Attackers must generate repeated API requests to trigger a race condition with...
CVE-2023-49706
Defective request context handling in Self Service in LinOTP 3.x before 3.2.5 allows remote unauthenticated attackers to escalate privileges, thereby allowing them to act as and with the permissions of another user. Attackers must generate repeated API requests to trigger a race condition with...
CVE-2023-49706
Defective request context handling in Self Service in LinOTP 3.x before 3.2.5 allows remote unauthenticated attackers to escalate privileges, thereby allowing them to act as and with the permissions of another user. Attackers must generate repeated API requests to trigger a race condition with...
CVE-2023-49706
Defective request context handling in Self Service in LinOTP 3.x before 3.2.5 allows remote unauthenticated attackers to escalate privileges, thereby allowing them to act as and with the permissions of another user. Attackers must generate repeated API requests to trigger a race condition with...
CVE-2023-49706
Defective request context handling in Self Service in LinOTP 3.x before 3.2.5 allows remote unauthenticated attackers to escalate privileges, thereby allowing them to act as and with the permissions of another user. Attackers must generate repeated API requests to trigger a race condition with...
KeyIdentity LinOTP Security Vulnerability
Keyidentity KeyIdentity LinOTP is Germany Keyidentity is an open source two-factor authentication solution. The solution supports different authentication protocols, token types and user repositories. A security vulnerability exists in KeyIdentity LinOTP version 3.2.5, which stems from a contenti...
CVE-2023-49706
LinOTP Self Service in LinOTP 3.x prior to 3.2.5 is affected by a race-condition in defective request context handling that can be exploited by remote, unauthenticated attackers to escalate privileges and act with another user’s permissions. Attack requires generating repeated API requests to tri...
PT-2023-31305 · Linotp · Linotp
Name of the Vulnerable Software and Affected Versions: LinOTP versions 3.x before 3.2.5 Description: Defective request context handling in Self Service allows remote unauthenticated attackers to escalate privileges, thereby allowing them to act as and with the permissions of another user. Attacke...
LinOTP replay vulnerability with auto resynchronization enabled for TOTP token
LinOTP is prone to a replay attack with activated automatic resynchronization. This vulnerability may allow an attacker to successfully log in with OTP values recorded at a previous point in time. This attack is only possible if automatic resynchronization is enabled for the TOTP token type. The...
GHSA-RQG8-XJP2-PG9W LinOTP replay vulnerability with auto resynchronization enabled for TOTP token
LinOTP is prone to a replay attack with activated automatic resynchronization. This vulnerability may allow an attacker to successfully log in with OTP values recorded at a previous point in time. This attack is only possible if automatic resynchronization is enabled for the TOTP token type. The...
CVE-2022-29529
An issue was discovered in MISP before 2.4.158. There is stored XSS via the LinOTP login field...
CVE-2022-29529
An issue was discovered in MISP before 2.4.158. There is stored XSS via the LinOTP login field...
Cross site scripting
An issue was discovered in MISP before 2.4.158. There is stored XSS via the LinOTP login field...
PT-2022-19679 · Misp · Misp
Name of the Vulnerable Software and Affected Versions: MISP versions prior to 2.4.158 Description: An issue was discovered in MISP, where there is stored XSS via the LinOTP login field. Recommendations: For versions prior to 2.4.158, update to version 2.4.158 or later to resolve the issue. As a...