7 matches found
Authentication Method Confusion
CodeChecker is vulnerable to Authentication Method Confusion. The vulnerability is due to insufficient account security, where the weakly generated root user account cannot be disabled, allowing attackers to exploit it through an external authentication service...
GHSA-FPM5-2WCJ-VFR7 codechecker authentication method confusion vulnerability allows logging in as the built-in root user from an external service
Summary Authentication method confusion allows logging in as the built-in root user from an external service. The built-in root user is generated in a weak manner, cannot be disabled, and has universal access. Details Until CodeChecker version 6.24.1 there was an auto-generated super-user account...
codechecker authentication method confusion vulnerability allows logging in as the built-in root user from an external service
Summary Authentication method confusion allows logging in as the built-in root user from an external service. The built-in root user is generated in a weak manner, cannot be disabled, and has universal access. Details Until CodeChecker version 6.24.1 there was an auto-generated super-user account...
CVE-2022-25836
Bluetooth® Low Energy Pairing in Bluetooth Core Specification v4.0 through v5.3 may permit an unauthenticated MITM to acquire credentials with two pairing devices via adjacent access when the MITM negotiates Legacy Passkey Pairing with the pairing Initiator and Secure Connections Passkey Pairing...
CVE-2022-25836
Bluetooth® Low Energy Pairing in Bluetooth Core Specification v4.0 through v5.3 may permit an unauthenticated MITM to acquire credentials with two pairing devices via adjacent access when the MITM negotiates Legacy Passkey Pairing with the pairing Initiator and Secure Connections Passkey Pairing...
Xxe
Bluetooth® Low Energy Pairing in Bluetooth Core Specification v4.0 through v5.3 may permit an unauthenticated MITM to acquire credentials with two pairing devices via adjacent access when the MITM negotiates Legacy Passkey Pairing with the pairing Initiator and Secure Connections Passkey Pairing...
CVE-2020-10134 Bluetooth devices supporting LE and specific BR/EDR implementations are vulnerable to method confusion attacks
Pairing in Bluetooth® Core v5.2 and earlier may permit an unauthenticated attacker to acquire credentials with two pairing devices via adjacent access when the unauthenticated user initiates different pairing methods in each peer device and an end-user erroneously completes both pairing procedure...