3 matches found
CVE-2023-49706
Defective request context handling in Self Service in LinOTP 3.x before 3.2.5 allows remote unauthenticated attackers to escalate privileges, thereby allowing them to act as and with the permissions of another user. Attackers must generate repeated API requests to trigger a race condition with...
CVE-2023-49706
LinOTP Self Service in LinOTP 3.x prior to 3.2.5 is affected by a race-condition in defective request context handling that can be exploited by remote, unauthenticated attackers to escalate privileges and act with another user’s permissions. Attack requires generating repeated API requests to tri...
CVE-2023-49706
Defective request context handling in Self Service in LinOTP 3.x before 3.2.5 allows remote unauthenticated attackers to escalate privileges, thereby allowing them to act as and with the permissions of another user. Attackers must generate repeated API requests to trigger a race condition with...