2 matches found
CVE-2023-49706
Defective request context handling in Self Service in LinOTP 3.x before 3.2.5 allows remote unauthenticated attackers to escalate privileges, thereby allowing them to act as and with the permissions of another user. Attackers must generate repeated API requests to trigger a race condition with...
GHSA-RQG8-XJP2-PG9W LinOTP replay vulnerability with auto resynchronization enabled for TOTP token
LinOTP is prone to a replay attack with activated automatic resynchronization. This vulnerability may allow an attacker to successfully log in with OTP values recorded at a previous point in time. This attack is only possible if automatic resynchronization is enabled for the TOTP token type. The...